Executive Summary

Summary
Title seamonkey security update
Informations
Name RHSA-2009:1432 First vendor Publication 2009-09-09
Vendor RedHat Last vendor Modification 2009-09-09
Severity (Vendor) Critical Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Description:

SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor.

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3072, CVE-2009-3075)

A use-after-free flaw was found in SeaMonkey. An attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3077)

Dan Kaminsky discovered flaws in the way browsers such as SeaMonkey handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by SeaMonkey, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse SeaMonkey into accepting it by mistake. (CVE-2009-2408)

Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing a trusted site or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3076)

A flaw was found in the way SeaMonkey displays the address bar when window.open() is called in a certain way. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. (CVE-2009-2654)

Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS (provided by SeaMonkey) now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409)

All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

510197 - CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky) 510251 - CVE-2009-2408 firefox/nss: doesn't handle NULL in Common Name properly 521311 - CVE-2009-2654 firefox: URL bar spoofing vulnerability 521688 - CVE-2009-3072 Firefox 3.5.3 3.0.14 browser engine crashes 521691 - CVE-2009-3075 Firefox 3.5.2 3.0.14 JavaScript engine crashes 521692 - CVE-2009-3076 Firefox 3.0.14 Insufficient warning for PKCS11 module installation and removal 521693 - CVE-2009-3077 Firefox 3.5.3 3.0.14 TreeColumns dangling pointer vulnerability

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2009-1432.html

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-20 Improper Input Validation
25 % CWE-310 Cryptographic Issues
25 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10349
 
Oval ID: oval:org.mitre.oval:def:10349
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3072
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10730
 
Oval ID: oval:org.mitre.oval:def:10730
Title: Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability."
Description: Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability."
Family: unix Class: vulnerability
Reference(s): CVE-2009-3077
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10751
 
Oval ID: oval:org.mitre.oval:def:10751
Title: Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.
Description: Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2408
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10763
 
Oval ID: oval:org.mitre.oval:def:10763
Title: The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
Description: The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2409
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11365
 
Oval ID: oval:org.mitre.oval:def:11365
Title: Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors.
Description: Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3075
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13409
 
Oval ID: oval:org.mitre.oval:def:13409
Title: USN-830-1 -- openssl vulnerability
Description: Dan Kaminsky discovered OpenSSL would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation.
Family: unix Class: patch
Reference(s): USN-830-1
CVE-2009-2409
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 9.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13678
 
Oval ID: oval:org.mitre.oval:def:13678
Title: DSA-1873-1 xulrunner -- programming error
Description: Juan Pablo Lopez Yacubian discovered that incorrect handling of invalid URLs could be used for spoofing the location bar and the SSL certificate status of a web page. Xulrunner is no longer supported for the old stable distribution. For the stable distribution, this problem has been fixed in version 1.9.0.13-0lenny1. For the unstable distribution, this problem has been fixed in version 1.9.0.13-1. We recommend that you upgrade your xulrunner packages.
Family: unix Class: patch
Reference(s): DSA-1873-1
CVE-2009-2654
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13717
 
Oval ID: oval:org.mitre.oval:def:13717
Title: USN-811-1 -- firefox-3.0, xulrunner-1.9 vulnerability
Description: Juan Pablo Lopez Yacubian discovered that Firefox did not properly display invalid URLs. If a user were tricked into accessing a malicious website, an attacker could exploit this to spoof the location bar, such as in a phishing attack. Furthermore, if the malicious website had a valid SSL certificate, Firefox would display the spoofed page as trusted.
Family: unix Class: patch
Reference(s): USN-811-1
CVE-2009-2654
Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 8.04
Ubuntu 9.04
Product(s): firefox-3.0
xulrunner-1.9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13737
 
Oval ID: oval:org.mitre.oval:def:13737
Title: DSA-1874-1 nss -- several
Description: Several vulnerabilities have been discovered in the Network Security Service libraries. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2404 Moxie Marlinspike discovered that a buffer overflow in the regular expression parser could lead to the execution of arbitrary code. CVE-2009-2408 Dan Kaminsky discovered that NULL characters in certificate names could lead to man-in-the-middle attacks by tricking the user into accepting a rogue certificate. CVE-2009-2409 Certificates with MD2 hash signatures are no longer accepted since they’re no longer considered cryptographically secure. The old stable distribution doesn’t contain nss. For the stable distribution, these problems have been fixed in version 3.12.3.1-0lenny1. For the unstable distribution, these problems have been fixed in version 3.12.3.1-1. We recommend that you upgrade your nss packages.
Family: unix Class: patch
Reference(s): DSA-1874-1
CVE-2009-2404
CVE-2009-2408
CVE-2009-2409
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13780
 
Oval ID: oval:org.mitre.oval:def:13780
Title: USN-810-2 -- nspr update
Description: USN-810-1 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Original advisory details: Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service or execute arbitrary code as the user invoking the program. Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site
Family: unix Class: patch
Reference(s): USN-810-2
CVE-2009-2404
CVE-2009-2408
CVE-2009-2409
Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 8.04
Ubuntu 9.04
Product(s): nspr
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13850
 
Oval ID: oval:org.mitre.oval:def:13850
Title: USN-810-1 -- nss vulnerabilities
Description: Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service or execute arbitrary code as the user invoking the program. Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site
Family: unix Class: patch
Reference(s): USN-810-1
CVE-2009-2404
CVE-2009-2408
CVE-2009-2409
Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 8.04
Ubuntu 9.04
Product(s): nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22412
 
Oval ID: oval:org.mitre.oval:def:22412
Title: ELSA-2009:1186: nspr and nss security, bug fix, and enhancement update (Critical)
Description: The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
Family: unix Class: patch
Reference(s): ELSA-2009:1186-01
CVE-2009-2404
CVE-2009-2408
CVE-2009-2409
Version: 17
Platform(s): Oracle Linux 5
Product(s): nspr
nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25180
 
Oval ID: oval:org.mitre.oval:def:25180
Title: Vulnerability in OpenSSL 0.9.8 through 0.9.8k, might allow remote attackers to spoof certificates
Description: The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2409
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28253
 
Oval ID: oval:org.mitre.oval:def:28253
Title: DEPRECATED: ELSA-2010-0054 -- openssl security update (moderate)
Description: [0.9.8e-12.1] - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197) - fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data() is called prematurely by application (#546707)
Family: unix Class: patch
Reference(s): ELSA-2010-0054
CVE-2009-4355
CVE-2009-2409
Version: 4
Platform(s): Oracle Linux 5
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29071
 
Oval ID: oval:org.mitre.oval:def:29071
Title: USN-810-3 -- NSS regression
Description: USN-810-1 fixed vulnerabilities in NSS. Jozsef Kadlecsik noticed that the new libraries on amd64 did not correctly set stack memory flags, and caused applications using NSS (e.g. Firefox) to have an executable stack. This reduced the effectiveness of some defensive security protections. This update fixes the problem.
Family: unix Class: patch
Reference(s): USN-810-3
CVE-2009-2404
CVE-2009-2408
CVE-2009-2409
Version: 3
Platform(s): Ubuntu 9.04
Ubuntu 8.10
Ubuntu 8.04
Product(s): nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29169
 
Oval ID: oval:org.mitre.oval:def:29169
Title: RHSA-2009:1186 -- nspr and nss security, bug fix, and enhancement update (Critical)
Description: Updated nspr and nss packages that fix security issues, bugs, and add an enhancement are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team.
Family: unix Class: patch
Reference(s): RHSA-2009:1186
CVE-2009-2404
CVE-2009-2408
CVE-2009-2409
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Product(s): nspr
nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5606
 
Oval ID: oval:org.mitre.oval:def:5606
Title: Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3 allow dangling pointer vulnerability
Description: Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-3077
Version: 6
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5717
 
Oval ID: oval:org.mitre.oval:def:5717
Title: Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2 allow multiple DOS Vulnerabilities
Description: Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3075
Version: 6
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6140
 
Oval ID: oval:org.mitre.oval:def:6140
Title: Mozilla Firefox before 3.0.14 allow remote arbitrary code execution Vulnerability
Description: Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3076
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6315
 
Oval ID: oval:org.mitre.oval:def:6315
Title: Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3 allow denial of service Vulnerability
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3072
Version: 6
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6631
 
Oval ID: oval:org.mitre.oval:def:6631
Title: Network Security Services Library Supports Certificates With Weak MD2 Hash Signatures
Description: The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2409
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7155
 
Oval ID: oval:org.mitre.oval:def:7155
Title: VMware ESX, Service Console update for OpenSSL, GnuTLS, NSS and NSPR.
Description: The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2409
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8111
 
Oval ID: oval:org.mitre.oval:def:8111
Title: DSA-1874 nss -- several vulnerabilities
Description: Several vulnerabilities have been discovered in the Network Security Service libraries. The Common Vulnerabilities and Exposures project identifies the following problems: Moxie Marlinspike discovered that a buffer overflow in the regular expression parser could lead to the execution of arbitrary code. Dan Kaminsky discovered that NULL characters in certificate names could lead to man-in-the-middle attacks by tricking the user into accepting a rogue certificate. Certificates with MD2 hash signatures are no longer accepted since they're no longer considered cryptographically secure. The old stable distribution (etch) doesn't contain nss.
Family: unix Class: patch
Reference(s): DSA-1874
CVE-2009-2404
CVE-2009-2408
CVE-2009-2409
Version: 3
Platform(s): Debian GNU/Linux 5.0
Product(s): nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8148
 
Oval ID: oval:org.mitre.oval:def:8148
Title: DSA-1873 xulrunner -- programming error
Description: Juan Pablo Lopez Yacubian discovered that incorrect handling of invalid URLs could be used for spoofing the location bar and the SSL certificate status of a web page. Xulrunner is no longer supported for the old stable distribution (etch).
Family: unix Class: patch
Reference(s): DSA-1873
CVE-2009-2654
Version: 3
Platform(s): Debian GNU/Linux 5.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8458
 
Oval ID: oval:org.mitre.oval:def:8458
Title: VMware Network Security Services (NSS) does not properly handle '\0' character
Description: Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2408
Version: 4
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8594
 
Oval ID: oval:org.mitre.oval:def:8594
Title: VMware Network Security Services (NSS) certificate spoofing vulnerability by using MD2 design flaw
Description: The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2409
Version: 4
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9306
 
Oval ID: oval:org.mitre.oval:def:9306
Title: Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module.
Description: Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3076
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9686
 
Oval ID: oval:org.mitre.oval:def:9686
Title: Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page.
Description: Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2654
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 201
Application 31

SAINT Exploits

Description Link
Mozilla Firefox PKCS11 Module Installation Code Execution More info here

OpenVAS Exploits

Date Description
2012-04-16 Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates
File : nvt/gb_VMSA-2010-0009.nasl
2011-11-03 Name : Mandriva Update for kdelibs4 MDVSA-2011:162 (kdelibs4)
File : nvt/gb_mandriva_MDVSA_2011_162.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2009:1430 centos4 i386
File : nvt/gb_CESA-2009_1430_firefox_centos4_i386.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2009:1430 centos5 i386
File : nvt/gb_CESA-2009_1430_firefox_centos5_i386.nasl
2011-08-09 Name : CentOS Update for seamonkey CESA-2009:1431 centos4 i386
File : nvt/gb_CESA-2009_1431_seamonkey_centos4_i386.nasl
2011-08-09 Name : CentOS Update for seamonkey CESA-2009:1432 centos3 i386
File : nvt/gb_CESA-2009_1432_seamonkey_centos3_i386.nasl
2011-08-09 Name : CentOS Update for java CESA-2009:1584 centos5 i386
File : nvt/gb_CESA-2009_1584_java_centos5_i386.nasl
2011-08-09 Name : CentOS Update for openssl CESA-2010:0054 centos5 i386
File : nvt/gb_CESA-2010_0054_openssl_centos5_i386.nasl
2011-08-09 Name : CentOS Update for thunderbird CESA-2010:0153 centos5 i386
File : nvt/gb_CESA-2010_0153_thunderbird_centos5_i386.nasl
2011-08-09 Name : CentOS Update for gnutls CESA-2010:0166 centos5 i386
File : nvt/gb_CESA-2010_0166_gnutls_centos5_i386.nasl
2010-10-19 Name : Mandriva Update for libesmtp MDVSA-2010:195 (libesmtp)
File : nvt/gb_mandriva_MDVSA_2010_195.nasl
2010-05-12 Name : Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006
File : nvt/macosx_upd_10_6_2_secupd_2009-006.nasl
2010-04-30 Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2010:084 (java-1.6.0-openjdk)
File : nvt/gb_mandriva_MDVSA_2010_084.nasl
2010-04-29 Name : Fedora Update for seamonkey FEDORA-2010-7100
File : nvt/gb_fedora_2010_7100_seamonkey_fc11.nasl
2010-04-06 Name : Debian Security Advisory DSA 2025-1 (icedove)
File : nvt/deb_2025_1.nasl
2010-03-31 Name : CentOS Update for openssl CESA-2010:0163 centos3 i386
File : nvt/gb_CESA-2010_0163_openssl_centos3_i386.nasl
2010-03-31 Name : CentOS Update for openssl CESA-2010:0163 centos4 i386
File : nvt/gb_CESA-2010_0163_openssl_centos4_i386.nasl
2010-03-31 Name : RedHat Update for openssl RHSA-2010:0163-01
File : nvt/gb_RHSA-2010_0163-01_openssl.nasl
2010-03-31 Name : RedHat Update for gnutls RHSA-2010:0166-01
File : nvt/gb_RHSA-2010_0166-01_gnutls.nasl
2010-03-30 Name : FreeBSD Ports: seamonkey, linux-seamonkey
File : nvt/freebsd_seamonkey.nasl
2010-03-22 Name : CentOS Update for thunderbird CESA-2010:0154 centos4 i386
File : nvt/gb_CESA-2010_0154_thunderbird_centos4_i386.nasl
2010-03-22 Name : RedHat Update for thunderbird RHSA-2010:0154-02
File : nvt/gb_RHSA-2010_0154-02_thunderbird.nasl
2010-03-22 Name : Ubuntu Update for thunderbird vulnerabilities USN-915-1
File : nvt/gb_ubuntu_USN_915_1.nasl
2010-03-02 Name : Mandriva Update for x11-driver-video-ati MDVA-2010:084 (x11-driver-video-ati)
File : nvt/gb_mandriva_MDVA_2010_084.nasl
2010-01-29 Name : Mandriva Update for openldap MDVSA-2010:026 (openldap)
File : nvt/gb_mandriva_MDVSA_2010_026.nasl
2010-01-29 Name : Mandriva Update for kdelibs4 MDVSA-2010:027 (kdelibs4)
File : nvt/gb_mandriva_MDVSA_2010_027.nasl
2010-01-29 Name : Mandriva Update for kdelibs4 MDVSA-2010:028 (kdelibs4)
File : nvt/gb_mandriva_MDVSA_2010_028.nasl
2010-01-20 Name : RedHat Update for openssl RHSA-2010:0054-01
File : nvt/gb_RHSA-2010_0054-01_openssl.nasl
2010-01-19 Name : Mandriva Update for sendmail MDVSA-2010:003 (sendmail)
File : nvt/gb_mandriva_MDVSA_2010_003.nasl
2009-12-30 Name : FreeBSD Ports: postgresql-client, postgresql-server
File : nvt/freebsd_postgresql-client.nasl
2009-12-30 Name : Mandriva Security Advisory MDVSA-2009:339 (firefox)
File : nvt/mdksa_2009_339.nasl
2009-12-14 Name : Gentoo Security Advisory GLSA 200912-01 (openssl)
File : nvt/glsa_200912_01.nasl
2009-12-14 Name : Mandriva Security Advisory MDVSA-2009:330 (kdelibs)
File : nvt/mdksa_2009_330.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:197-3 (nss)
File : nvt/mdksa_2009_197_3.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:201-1 (fetchmail)
File : nvt/mdksa_2009_201_1.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:203-1 (curl)
File : nvt/mdksa_2009_203_1.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:206-1 (wget)
File : nvt/mdksa_2009_206_1.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:217-3 (mozilla-thunderbird)
File : nvt/mdksa_2009_217_3.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:310 (openssl)
File : nvt/mdksa_2009_310.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:315 (libneon)
File : nvt/mdksa_2009_315.nasl
2009-11-23 Name : Debian Security Advisory DSA 1935-1 (gnutls13 gnutls26)
File : nvt/deb_1935_1.nasl
2009-11-23 Name : CentOS Security Advisory CESA-2009:1584 (java-1.6.0-openjdk)
File : nvt/ovcesa2009_1584.nasl
2009-11-17 Name : RedHat Security Advisory RHSA-2009:1571
File : nvt/RHSA_2009_1571.nasl
2009-11-17 Name : RedHat Security Advisory RHSA-2009:1584
File : nvt/RHSA_2009_1584.nasl
2009-11-17 Name : Fedora Core 11 FEDORA-2009-11486 (java-1.6.0-openjdk)
File : nvt/fcore_2009_11486.nasl
2009-11-17 Name : Fedora Core 12 FEDORA-2009-11489 (java-1.6.0-openjdk)
File : nvt/fcore_2009_11489.nasl
2009-11-17 Name : Fedora Core 10 FEDORA-2009-11490 (java-1.6.0-openjdk)
File : nvt/fcore_2009_11490.nasl
2009-11-11 Name : RedHat Security Advisory RHSA-2009:1560
File : nvt/RHSA_2009_1560.nasl
2009-11-11 Name : SLES10: Security update for neon
File : nvt/sles10_neon.nasl
2009-11-11 Name : SLES11: Security update for libneon
File : nvt/sles11_libneon27.nasl
2009-11-11 Name : SuSE Security Summary SUSE-SR:2009:018
File : nvt/suse_sr_2009_018.nasl
2009-10-27 Name : Mandrake Security Advisory MDVSA-2009:288 (proftpd)
File : nvt/mdksa_2009_288.nasl
2009-10-27 Name : SLES10: Security update for Mozilla Firefox
File : nvt/sles10_firefox35upgrad.nasl
2009-10-27 Name : SLES10: Security update for Mozilla NSS
File : nvt/sles10_mozilla-nspr.nasl
2009-10-27 Name : SLES9: Security update for epiphany
File : nvt/sles9p5060741.nasl
2009-10-27 Name : SuSE Security Advisory SUSE-SA:2009:048 (MozillaFirefox)
File : nvt/suse_sa_2009_048.nasl
2009-10-19 Name : SuSE Security Summary SUSE-SR:2009:016
File : nvt/suse_sr_2009_016.nasl
2009-10-13 Name : Mandrake Security Advisory MDVSA-2009:217-1 (mozilla-thunderbird)
File : nvt/mdksa_2009_217_1.nasl
2009-10-13 Name : Mandrake Security Advisory MDVSA-2009:217-2 (mozilla-thunderbird)
File : nvt/mdksa_2009_217_2.nasl
2009-10-13 Name : Mandrake Security Advisory MDVSA-2009:258 (openssl)
File : nvt/mdksa_2009_258.nasl
2009-10-13 Name : SLES10: Security update for Mozilla Firefox
File : nvt/sles10_MozillaFirefox2.nasl
2009-10-13 Name : SLES10: Security update for mutt
File : nvt/sles10_mutt.nasl
2009-10-13 Name : SLES10: Security update for OpenLDAP2
File : nvt/sles10_openldap2.nasl
2009-10-11 Name : SLES11: Security update for Mozilla Firefox
File : nvt/sles11_MozillaFirefox5.nasl
2009-10-11 Name : SLES11: Security update for Firefox
File : nvt/sles11_MozillaFirefox6.nasl
2009-10-11 Name : SLES11: Security update for Mozilla Firefox
File : nvt/sles11_libfreebl3.nasl
2009-10-11 Name : SLES11: Security update for OpenLDAP2
File : nvt/sles11_libldap-2_4-2.nasl
2009-10-11 Name : SLES11: Security update for Mozilla
File : nvt/sles11_mozilla-xulrunn0.nasl
2009-10-11 Name : SLES11: Security update for mutt
File : nvt/sles11_mutt.nasl
2009-10-10 Name : SLES9: Security update for mutt
File : nvt/sles9p5058752.nasl
2009-10-10 Name : SLES9: Security update for OpenLDAP2
File : nvt/sles9p5058840.nasl
2009-09-28 Name : Mandrake Security Advisory MDVSA-2009:237 (openssl)
File : nvt/mdksa_2009_237.nasl
2009-09-28 Name : Mandrake Security Advisory MDVSA-2009:238 (openssl)
File : nvt/mdksa_2009_238.nasl
2009-09-28 Name : Mandrake Security Advisory MDVSA-2009:239 (openssl)
File : nvt/mdksa_2009_239.nasl
2009-09-21 Name : Debian Security Advisory DSA 1888-1 (openssl, openssl097)
File : nvt/deb_1888_1.nasl
2009-09-21 Name : Mandrake Security Advisory MDVSA-2009:236 (firefox)
File : nvt/mdksa_2009_236.nasl
2009-09-15 Name : RedHat Security Advisory RHSA-2009:1430
File : nvt/RHSA_2009_1430.nasl
2009-09-15 Name : RedHat Security Advisory RHSA-2009:1431
File : nvt/RHSA_2009_1431.nasl
2009-09-15 Name : RedHat Security Advisory RHSA-2009:1432
File : nvt/RHSA_2009_1432.nasl
2009-09-15 Name : Debian Security Advisory DSA 1885-1 (xulrunner)
File : nvt/deb_1885_1.nasl
2009-09-15 Name : Fedora Core 10 FEDORA-2009-9494 (epiphany)
File : nvt/fcore_2009_9494.nasl
2009-09-15 Name : Fedora Core 11 FEDORA-2009-9505 (epiphany-extensions)
File : nvt/fcore_2009_9505.nasl
2009-09-15 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox41.nasl
2009-09-15 Name : Mandrake Security Advisory MDVSA-2009:197-2 (nss)
File : nvt/mdksa_2009_197_2.nasl
2009-09-15 Name : Mandrake Security Advisory MDVSA-2009:225 (qt4)
File : nvt/mdksa_2009_225.nasl
2009-09-15 Name : Mandrake Security Advisory MDVSA-2009:228 (libneon)
File : nvt/mdksa_2009_228.nasl
2009-09-15 Name : CentOS Security Advisory CESA-2009:1430 (seamonkey)
File : nvt/ovcesa2009_1430.nasl
2009-09-15 Name : CentOS Security Advisory CESA-2009:1431 (seamonkey)
File : nvt/ovcesa2009_1431.nasl
2009-09-15 Name : CentOS Security Advisory CESA-2009:1432 (seamonkey)
File : nvt/ovcesa2009_1432.nasl
2009-09-15 Name : Ubuntu USN-821-1 (xulrunner-1.9)
File : nvt/ubuntu_821_1.nasl
2009-09-15 Name : Ubuntu USN-830-1 (openssl)
File : nvt/ubuntu_830_1.nasl
2009-09-11 Name : Mozilla Firefox 'JavaScript' DoS Vulnerabilities - Sep09 (Linux)
File : nvt/secpod_firefox_js_dos_vuln_sep09_lin.nasl
2009-09-11 Name : Mozilla Firefox 'JavaScript' DoS Vulnerabilities - Sep09 (Win)
File : nvt/secpod_firefox_js_dos_vuln_sep09_win.nasl
2009-09-11 Name : Mozilla Firefox Multiple Denial Of Service Vulnerabilities - Sep09 (Linux)
File : nvt/secpod_firefox_mult_dos_vuln_sep09_lin.nasl
2009-09-11 Name : Mozilla Firefox Multiple Denial Of Service Vulnerabilities - Sep09 (Win)
File : nvt/secpod_firefox_mult_dos_vuln_sep09_win.nasl
2009-09-11 Name : Mozilla Firefox Multiple Vulnerabilities - Sep09 (Linux)
File : nvt/secpod_firefox_mult_vuln_sep09_lin.nasl
2009-09-11 Name : Mozilla Firefox Multiple Vulnerabilities - Sep09 (Win)
File : nvt/secpod_firefox_mult_vuln_sep09_win.nasl
2009-09-02 Name : Debian Security Advisory DSA 1873-1 (xulrunner)
File : nvt/deb_1873_1.nasl
2009-09-02 Name : Debian Security Advisory DSA 1874-1 (nss)
File : nvt/deb_1874_1.nasl
2009-09-02 Name : Mandrake Security Advisory MDVSA-2009:203 (curl)
File : nvt/mdksa_2009_203.nasl
2009-09-02 Name : Mandrake Security Advisory MDVSA-2009:206 (wget)
File : nvt/mdksa_2009_206.nasl
2009-09-02 Name : Mandrake Security Advisory MDVSA-2009:216 (mozilla-thunderbird)
File : nvt/mdksa_2009_216.nasl
2009-09-02 Name : Mandrake Security Advisory MDVSA-2009:217 (mozilla-thunderbird)
File : nvt/mdksa_2009_217.nasl
2009-09-02 Name : Mandrake Security Advisory MDVSA-2009:221 (libneon0.27)
File : nvt/mdksa_2009_221.nasl
2009-09-02 Name : Ubuntu USN-809-1 (gnutls26)
File : nvt/ubuntu_809_1.nasl
2009-08-17 Name : RedHat Security Advisory RHSA-2009:1184
File : nvt/RHSA_2009_1184.nasl
2009-08-17 Name : RedHat Security Advisory RHSA-2009:1186
File : nvt/RHSA_2009_1186.nasl
2009-08-17 Name : RedHat Security Advisory RHSA-2009:1190
File : nvt/RHSA_2009_1190.nasl
2009-08-17 Name : RedHat Security Advisory RHSA-2009:1207
File : nvt/RHSA_2009_1207.nasl
2009-08-17 Name : Fedora Core 11 FEDORA-2009-8279 (xulrunner)
File : nvt/fcore_2009_8279.nasl
2009-08-17 Name : Fedora Core 10 FEDORA-2009-8288 (perl-Gtk2-MozEmbed)
File : nvt/fcore_2009_8288.nasl
2009-08-17 Name : FreeBSD Ports: fetchmail
File : nvt/freebsd_fetchmail12.nasl
2009-08-17 Name : FreeBSD Ports: firefox, linux-firefox-devel
File : nvt/freebsd_firefox40.nasl
2009-08-17 Name : Mandrake Security Advisory MDVSA-2009:197 (nss)
File : nvt/mdksa_2009_197.nasl
2009-08-17 Name : Mandrake Security Advisory MDVSA-2009:198 (firefox)
File : nvt/mdksa_2009_198.nasl
2009-08-17 Name : Mandrake Security Advisory MDVSA-2009:201 (fetchmail)
File : nvt/mdksa_2009_201.nasl
2009-08-17 Name : Ubuntu USN-810-1 (nss)
File : nvt/ubuntu_810_1.nasl
2009-08-17 Name : Ubuntu USN-810-2 (fixed)
File : nvt/ubuntu_810_2.nasl
2009-08-17 Name : Ubuntu USN-811-1 (xulrunner-1.9)
File : nvt/ubuntu_811_1.nasl
2009-08-07 Name : Mozilla Firefox Multiple Memory Corruption Vulnerabilities Aug-09 (Linux)
File : nvt/gb_firefox_mult_mem_crptn_vuln_aug09_lin.nasl
2009-08-07 Name : Mozilla Firefox Multiple Memory Corruption Vulnerabilities Aug-09 (Win)
File : nvt/gb_firefox_mult_mem_crptn_vuln_aug09_win.nasl
2009-08-05 Name : Firefox SSL Server Spoofing Vulnerability (Win)
File : nvt/gb_firefox_ssl_spoof_vuln_win.nasl
2009-08-05 Name : OpenSSL/GnuTLS SSL Server Spoofing Vulnerability (Win)
File : nvt/gb_openssl_n_gnutls_ssl_spoof_vuln_win.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
57978 Mozilla Firefox XUL Document TreeColumn Rendering Arbitrary Code Execution

57977 Mozilla Firefox PKCS11 Module Installation Warning Dialogue Weakness

57976 Mozilla Firefox JavaScript Engine Multiple Unspecified Memory Corruption

Firefox contains a flaw related to the JavaScript engine that may allow an attacker to execute arbitrary code via memory corruption. No further details have been provided.
57972 Mozilla Firefox Browser Engine Multiple Unspecified Memory Corruption (2009-3...

56752 Network Security Services (NSS) Library X.509 Certificate MD2 Hash Collision ...

56723 Mozilla Multiple Products Certificate Authority (CA) Common Name Null Byte Ha...

56717 Mozilla Firefox window.open() Invalid URL Document Content / SSL Status Spoofing

Snort® IPS/IDS

Date Description
2018-07-10 Mozilla multiple products JavaScript string replace buffer overflow attempt
RuleID : 46913 - Revision : 1 - Type : BROWSER-FIREFOX
2018-07-10 Mozilla multiple products JavaScript string replace buffer overflow attempt
RuleID : 46912 - Revision : 1 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla multiple products JavaScript string replace buffer overflow attempt
RuleID : 17166 - Revision : 10 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox PKCS11 module installation code execution attempt
RuleID : 16142 - Revision : 9 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox location spoofing attempt via invalid window.open characters
RuleID : 15873 - Revision : 12 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

Date Description
2016-03-08 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0001_remote.nasl - Type : ACT_GATHER_INFO
2016-03-08 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2010-0009_remote.nasl - Type : ACT_GATHER_INFO
2016-03-08 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0015_remote.nasl - Type : ACT_GATHER_INFO
2016-03-08 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0019_remote.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_php_20140401.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_php_20140522.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_ruby_20130924.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0007.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0008.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15663.nasl - Type : ACT_GATHER_INFO
2014-01-22 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-014.nasl - Type : ACT_GATHER_INFO
2013-11-14 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-241.nasl - Type : ACT_GATHER_INFO
2013-10-01 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-220.nasl - Type : ACT_GATHER_INFO
2013-10-01 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-224.nasl - Type : ACT_GATHER_INFO
2013-08-28 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-221.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1184.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1430.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1431.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1432.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1584.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0054.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0154.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0163.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0166.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1584.nasl - Type : ACT_GATHER_INFO
2013-03-09 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-810-3.nasl - Type : ACT_GATHER_INFO
2013-01-25 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaThunderbird-090915.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote AIX host is missing a security patch.
File : aix_IZ70637.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote AIX host is missing a security patch.
File : aix_IZ72510.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote AIX host is missing a security patch.
File : aix_IZ72515.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote AIX host is missing a security patch.
File : aix_IZ72528.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote AIX host is missing a security patch.
File : aix_IZ72834.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote AIX host is missing a security patch.
File : aix_IZ72835.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote AIX host is missing a security patch.
File : aix_IZ72836.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote AIX host is missing a security patch.
File : aix_IZ72837.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1190.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1207.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO
2013-01-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090731_nspr_and_nss_for_SL_4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090731_nspr_and_nss_for_SL_5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090909_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090909_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091109_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100119_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20100317_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100325_gnutls_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100325_openssl_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-01-04 Name : The remote server is affected by multiple vulnerabilities.
File : openssl_0_9_8l.nasl - Type : ACT_GATHER_INFO
2011-11-02 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-162.nasl - Type : ACT_GATHER_INFO
2011-04-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1662.nasl - Type : ACT_GATHER_INFO
2011-03-17 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-xulrunner190-090922.nasl - Type : ACT_GATHER_INFO
2010-12-08 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2010-0019.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_firefox35upgrade-6563.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_neon-6549.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_openldap2-6598.nasl - Type : ACT_GATHER_INFO
2010-10-06 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-195.nasl - Type : ACT_GATHER_INFO
2010-10-04 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2010-0015.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-239.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-338.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-027.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-028.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-7100.nasl - Type : ACT_GATHER_INFO
2010-06-01 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2010-0009.nasl - Type : ACT_GATHER_INFO
2010-05-20 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12616.nasl - Type : ACT_GATHER_INFO
2010-05-20 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_seamonkey-100430.nasl - Type : ACT_GATHER_INFO
2010-05-20 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_seamonkey-100430.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0163.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0166.nasl - Type : ACT_GATHER_INFO
2010-04-29 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-084.nasl - Type : ACT_GATHER_INFO
2010-04-14 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-071.nasl - Type : ACT_GATHER_INFO
2010-04-01 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2025.nasl - Type : ACT_GATHER_INFO
2010-03-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO
2010-03-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0166.nasl - Type : ACT_GATHER_INFO
2010-03-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0163.nasl - Type : ACT_GATHER_INFO
2010-03-22 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_56cfe192329f11dfabb2000f20797ede.nasl - Type : ACT_GATHER_INFO
2010-03-19 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO
2010-03-19 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_20024.nasl - Type : ACT_GATHER_INFO
2010-03-19 Name : A web browser on the remote host is affected by multiple vulnerabilities.
File : seamonkey_1119.nasl - Type : ACT_GATHER_INFO
2010-03-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-915-1.nasl - Type : ACT_GATHER_INFO
2010-03-01 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-6562.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1873.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1874.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1885.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1888.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1935.nasl - Type : ACT_GATHER_INFO
2010-01-27 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-026.nasl - Type : ACT_GATHER_INFO
2010-01-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0054.nasl - Type : ACT_GATHER_INFO
2010-01-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0054.nasl - Type : ACT_GATHER_INFO
2010-01-13 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-003.nasl - Type : ACT_GATHER_INFO
2010-01-08 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0001.nasl - Type : ACT_GATHER_INFO
2009-12-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-339.nasl - Type : ACT_GATHER_INFO
2009-12-17 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_e7bc5600eaa011debd9c00215c6a37bb.nasl - Type : ACT_GATHER_INFO
2009-12-07 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-315.nasl - Type : ACT_GATHER_INFO
2009-12-04 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-310.nasl - Type : ACT_GATHER_INFO
2009-12-02 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200912-01.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_6_0-openjdk-091125.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-openjdk-091125.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_java-1_6_0-openjdk-091127.nasl - Type : ACT_GATHER_INFO
2009-11-18 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200911-02.nasl - Type : ACT_GATHER_INFO
2009-11-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1584.nasl - Type : ACT_GATHER_INFO
2009-11-16 Name : The remote Fedora host is missing a security update.
File : fedora_2009-11486.nasl - Type : ACT_GATHER_INFO
2009-11-16 Name : The remote Fedora host is missing a security update.
File : fedora_2009-11489.nasl - Type : ACT_GATHER_INFO
2009-11-16 Name : The remote Fedora host is missing a security update.
File : fedora_2009-11490.nasl - Type : ACT_GATHER_INFO
2009-11-16 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-859-1.nasl - Type : ACT_GATHER_INFO
2009-11-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1571.nasl - Type : ACT_GATHER_INFO
2009-11-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1560.nasl - Type : ACT_GATHER_INFO
2009-11-09 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_2.nasl - Type : ACT_GATHER_INFO
2009-11-09 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2009-006.nasl - Type : ACT_GATHER_INFO
2009-10-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libneon-devel-091012.nasl - Type : ACT_GATHER_INFO
2009-10-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libneon-devel-091012.nasl - Type : ACT_GATHER_INFO
2009-10-30 Name : The remote openSUSE host is missing a security update.
File : suse_libneon-devel-6550.nasl - Type : ACT_GATHER_INFO
2009-10-30 Name : The remote openSUSE host is missing a security update.
File : suse_seamonkey-6538.nasl - Type : ACT_GATHER_INFO
2009-10-29 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libneon-devel-091012.nasl - Type : ACT_GATHER_INFO
2009-10-29 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_neon-6548.nasl - Type : ACT_GATHER_INFO
2009-10-26 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-288.nasl - Type : ACT_GATHER_INFO
2009-10-22 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12521.nasl - Type : ACT_GATHER_INFO
2009-10-22 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_seamonkey-091007.nasl - Type : ACT_GATHER_INFO
2009-10-22 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_seamonkey-091007.nasl - Type : ACT_GATHER_INFO
2009-10-20 Name : The remote SuSE system is missing the security patch firefox35upgrade-6562
File : suse_firefox35upgrade-6562.nasl - Type : ACT_GATHER_INFO
2009-10-20 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-nspr-6541.nasl - Type : ACT_GATHER_INFO
2009-10-08 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-258.nasl - Type : ACT_GATHER_INFO
2009-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_MozillaFirefox-6495.nasl - Type : ACT_GATHER_INFO
2009-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_MozillaThunderbird-6493.nasl - Type : ACT_GATHER_INFO
2009-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_libfreebl3-6494.nasl - Type : ACT_GATHER_INFO
2009-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_libldap-2_4-2-6488.nasl - Type : ACT_GATHER_INFO
2009-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_mutt-6487.nasl - Type : ACT_GATHER_INFO
2009-10-01 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-090924.nasl - Type : ACT_GATHER_INFO
2009-10-01 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-xulrunner190-090917.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12505.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12506.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-090812.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libfreebl3-090812.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libldap-2_4-2-090915.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_mutt-090909.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-6433.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mutt-6484.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_openldap2-6485.nasl - Type : ACT_GATHER_INFO
2009-09-22 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-238.nasl - Type : ACT_GATHER_INFO
2009-09-22 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaFirefox-090916.nasl - Type : ACT_GATHER_INFO
2009-09-22 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libldap-2_4-2-090909.nasl - Type : ACT_GATHER_INFO
2009-09-22 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_mutt-090909.nasl - Type : ACT_GATHER_INFO
2009-09-22 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-090916.nasl - Type : ACT_GATHER_INFO
2009-09-22 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libldap-2_4-2-090909.nasl - Type : ACT_GATHER_INFO
2009-09-22 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_mutt-090909.nasl - Type : ACT_GATHER_INFO
2009-09-21 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-236.nasl - Type : ACT_GATHER_INFO
2009-09-18 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaThunderbird-090914.nasl - Type : ACT_GATHER_INFO
2009-09-18 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaThunderbird-090914.nasl - Type : ACT_GATHER_INFO
2009-09-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-830-1.nasl - Type : ACT_GATHER_INFO
2009-09-14 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-9494.nasl - Type : ACT_GATHER_INFO
2009-09-14 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-9505.nasl - Type : ACT_GATHER_INFO
2009-09-11 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1430.nasl - Type : ACT_GATHER_INFO
2009-09-11 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1431.nasl - Type : ACT_GATHER_INFO
2009-09-11 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1432.nasl - Type : ACT_GATHER_INFO
2009-09-11 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_922d23989e2d11dea9980030843d3802.nasl - Type : ACT_GATHER_INFO
2009-09-11 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-821-1.nasl - Type : ACT_GATHER_INFO
2009-09-10 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_3014.nasl - Type : ACT_GATHER_INFO
2009-09-10 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_353.nasl - Type : ACT_GATHER_INFO
2009-09-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1430.nasl - Type : ACT_GATHER_INFO
2009-09-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1431.nasl - Type : ACT_GATHER_INFO
2009-09-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1432.nasl - Type : ACT_GATHER_INFO
2009-09-09 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-225.nasl - Type : ACT_GATHER_INFO
2009-09-04 Name : A web browser on the remote host is affected by multiple vulnerabilities.
File : seamonkey_1118.nasl - Type : ACT_GATHER_INFO
2009-08-25 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-221.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-217.nasl - Type : ACT_GATHER_INFO
2009-08-21 Name : The remote Windows host contains a mail client that is affected by a security...
File : mozilla_thunderbird_20023.nasl - Type : ACT_GATHER_INFO
2009-08-20 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2009-206.nasl - Type : ACT_GATHER_INFO
2009-08-20 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaFirefox-090812.nasl - Type : ACT_GATHER_INFO
2009-08-20 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libfreebl3-090812.nasl - Type : ACT_GATHER_INFO
2009-08-20 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-090812.nasl - Type : ACT_GATHER_INFO
2009-08-20 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libfreebl3-090812.nasl - Type : ACT_GATHER_INFO
2009-08-20 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-809-1.nasl - Type : ACT_GATHER_INFO
2009-08-17 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-203.nasl - Type : ACT_GATHER_INFO
2009-08-13 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-201.nasl - Type : ACT_GATHER_INFO
2009-08-10 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-197.nasl - Type : ACT_GATHER_INFO
2009-08-10 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-198.nasl - Type : ACT_GATHER_INFO
2009-08-05 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-8279.nasl - Type : ACT_GATHER_INFO
2009-08-05 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-8288.nasl - Type : ACT_GATHER_INFO
2009-08-05 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_49e8f2ee814711dea9940030843d3802.nasl - Type : ACT_GATHER_INFO
2009-08-05 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-810-1.nasl - Type : ACT_GATHER_INFO
2009-08-05 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-810-2.nasl - Type : ACT_GATHER_INFO
2009-08-05 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-811-1.nasl - Type : ACT_GATHER_INFO
2009-08-04 Name : The remote Windows host contains a web browser that is affected by multiple f...
File : mozilla_firefox_3013.nasl - Type : ACT_GATHER_INFO
2009-08-04 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_352.nasl - Type : ACT_GATHER_INFO
2009-07-31 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1184.nasl - Type : ACT_GATHER_INFO
2009-07-31 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1186.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:52:52
  • Multiple Updates