Executive Summary
Summary | |
---|---|
Title | firefox security and bug fix update |
Informations | |||
---|---|---|---|
Name | RHSA-2011:0885 | First vendor Publication | 2011-06-21 |
Vendor | RedHat | Last vendor Modification | 2011-06-21 |
Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated firefox packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled malformed JPEG images. A website containing a malicious JPEG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2377) Multiple dangling pointer flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0083, CVE-2011-0085, CVE-2011-2363) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376) An integer overflow flaw was found in the way Firefox handled JavaScript Array objects. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox. (CVE-2011-2371) A use-after-free flaw was found in the way Firefox handled malformed JavaScript. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox. (CVE-2011-2373) It was found that Firefox could treat two separate cookies as interchangeable if both were for the same domain name but one of those domain names had a trailing "." character. This violates the same-origin policy and could possibly lead to data being leaked to the wrong domain. (CVE-2011-2362) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.18. You can find a link to the Mozilla advisories in the References section of this erratum. This update also fixes the following bug: * With previous versions of Firefox on Red Hat Enterprise Linux 5, the "background-repeat" CSS (Cascading Style Sheets) property did not work (such images were not displayed and repeated as expected). (BZ#698313) All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.18, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 698313 - "background-repeat" css property isn't rendered well in Firefox 3.6.x 714576 - CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376 Mozilla Miscellaneous memory safety hazards (MFSA 2011-19) 714577 - CVE-2011-2373 Mozilla Use-after-free vulnerability when viewing XUL document with script disabled (MFSA 2011-20) 714580 - CVE-2011-2371 Mozilla Integer overflow and arbitrary code execution (MFSA 2011-22) 714581 - CVE-2011-0083 CVE-2011-0085 CVE-2011-2363 Mozilla Multiple dangling pointer vulnerabilities (MFSA 2011-23) 714583 - CVE-2011-2362 Mozilla Cookie isolation error (MFSA 2011-24) 714929 - CVE-2011-2377 Mozilla Crash caused by corrupted JPEG image (MFSA 2011-21) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2011-0885.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-399 | Resource Management Errors |
12 % | CWE-264 | Permissions, Privileges, and Access Controls |
12 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
12 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
12 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12781 | |||
Oval ID: | oval:org.mitre.oval:def:12781 | ||
Title: | DSA-2269-1 iceape -- several | ||
Description: | Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-0083 / CVE-2011-2363 "regenrecht" discovered two use-after-frees in SVG processing, which could lead to the execution of arbitrary code. CVE-2011-0085 "regenrecht" discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. CVE-2011-2362 David Chan discovered that cookies were insufficiently isolated. CVE-2011-2371 Chris Rohlf and Yan Ivnitskiy discovered an integer overflow in the Javascript engine, which could lead to the execution of arbitrary code. CVE-2011-2373 Martin Barbella discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. CVE-2011-2374 Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman and Christian Biesinger discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2011-2376 Luke Wagner and Gary Kwong discovered memory corruption bugs, which may lead to the execution of arbitrary code. The oldstable distribution is not affected. The iceape package only provides the XPCOM code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2269-1 CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceape |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13034 | |||
Oval ID: | oval:org.mitre.oval:def:13034 | ||
Title: | DSA-2268-1 iceweasel -- several | ||
Description: | Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox: CVE-2011-0083 / CVE-2011-2363 "regenrecht" discovered two use-after-frees in SVG processing, which could lead to the execution of arbitrary code. CVE-2011-0085 "regenrecht" discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. CVE-2011-2362 David Chan discovered that cookies were insufficiently isolated. CVE-2011-2371 Chris Rohlf and Yan Ivnitskiy discovered an integer overflow in the Javascript engine, which could lead to the execution of arbitrary code. CVE-2011-2373 Martin Barbella discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. CVE-2011-2374 Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman and Christian Biesinger discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2011-2376 Luke Wagner and Gary Kwong discovered memory corruption bugs, which may lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2268-1 CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceweasel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13318 | |||
Oval ID: | oval:org.mitre.oval:def:13318 | ||
Title: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2365. | ||
Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2365. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2364 | Version: | 17 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13543 | |||
Oval ID: | oval:org.mitre.oval:def:13543 | ||
Title: | Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback. | ||
Description: | Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0083 | Version: | 20 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13635 | |||
Oval ID: | oval:org.mitre.oval:def:13635 | ||
Title: | USN-1150-1 -- thunderbird vulnerabilities | ||
Description: | thunderbird: Mozilla Open Source mail and newsgroup client Multiple vulnerabilities were fixed in Thunderbird. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1150-1 CVE-2011-2364 CVE-2011-2365 CVE-2011-2374 CVE-2011-2376 CVE-2011-2373 CVE-2011-2377 CVE-2011-2371 CVE-2011-0083 CVE-2011-0085 CVE-2011-2363 CVE-2011-2362 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13693 | |||
Oval ID: | oval:org.mitre.oval:def:13693 | ||
Title: | Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers. | ||
Description: | Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2362 | Version: | 20 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13872 | |||
Oval ID: | oval:org.mitre.oval:def:13872 | ||
Title: | Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image. | ||
Description: | Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2377 | Version: | 20 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13980 | |||
Oval ID: | oval:org.mitre.oval:def:13980 | ||
Title: | USN-1149-2 -- firefox regression | ||
Description: | firefox: safe and easy web browser from Mozilla Details: USN-1149-1 fixed vulnerabilities in Firefox. Unfortunately, a regression was introduced that prevented cookies from being stored properly when the hostname was a single character. This update fixes the problem. We apologize for the inconvenience. Original advisory In rare instances, Firefox could have trouble accessing some websites. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1149-2 CVE-2011-2364 CVE-2011-2365 CVE-2011-2374 CVE-2011-2376 CVE-2011-2373 CVE-2011-2377 CVE-2011-2371 CVE-2011-0083 CVE-2011-0085 CVE-2011-2363 CVE-2011-2362 | Version: | 5 |
Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13987 | |||
Oval ID: | oval:org.mitre.oval:def:13987 | ||
Title: | Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object. | ||
Description: | Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2371 | Version: | 20 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14046 | |||
Oval ID: | oval:org.mitre.oval:def:14046 | ||
Title: | Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback. | ||
Description: | Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2363 | Version: | 20 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14071 | |||
Oval ID: | oval:org.mitre.oval:def:14071 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2375 | Version: | 17 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14123 | |||
Oval ID: | oval:org.mitre.oval:def:14123 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2374 | Version: | 17 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14152 | |||
Oval ID: | oval:org.mitre.oval:def:14152 | ||
Title: | USN-1149-1 -- firefox, xulrunner-1.9.2 vulnerabilities | ||
Description: | firefox: safe and easy web browser from Mozilla - xulrunner-1.9.2: XUL + XPCOM application runner Multiple Vulnerabilities were fixed in Firefox and Xulrunner | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1149-1 CVE-2011-2364 CVE-2011-2365 CVE-2011-2374 CVE-2011-2376 CVE-2011-2373 CVE-2011-2377 CVE-2011-2371 CVE-2011-0083 CVE-2011-0085 CVE-2011-2363 CVE-2011-2362 | Version: | 5 |
Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | firefox xulrunner-1.9.2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14178 | |||
Oval ID: | oval:org.mitre.oval:def:14178 | ||
Title: | Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document. | ||
Description: | Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2373 | Version: | 20 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14184 | |||
Oval ID: | oval:org.mitre.oval:def:14184 | ||
Title: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2364. | ||
Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2364. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2365 | Version: | 17 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14396 | |||
Oval ID: | oval:org.mitre.oval:def:14396 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2376 | Version: | 17 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14401 | |||
Oval ID: | oval:org.mitre.oval:def:14401 | ||
Title: | CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374. | ||
Description: | CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2605 | Version: | 17 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14432 | |||
Oval ID: | oval:org.mitre.oval:def:14432 | ||
Title: | Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater. | ||
Description: | Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0085 | Version: | 20 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20220 | |||
Oval ID: | oval:org.mitre.oval:def:20220 | ||
Title: | DSA-2273-3 icedove - multiple issues | ||
Description: | Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2273-3 CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | icedove |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21435 | |||
Oval ID: | oval:org.mitre.oval:def:21435 | ||
Title: | RHSA-2011:0885: firefox security and bug fix update (Critical) | ||
Description: | CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0885-01 CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2375 CVE-2011-2376 CVE-2011-2377 CVE-2011-2605 CESA-2011:0885-CentOS 5 | Version: | 174 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21772 | |||
Oval ID: | oval:org.mitre.oval:def:21772 | ||
Title: | RHSA-2011:0886: thunderbird security update (Critical) | ||
Description: | CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0886-01 CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2374 CVE-2011-2375 CVE-2011-2376 CVE-2011-2377 CVE-2011-2605 | Version: | 146 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22026 | |||
Oval ID: | oval:org.mitre.oval:def:22026 | ||
Title: | RHSA-2011:0887: thunderbird security update (Critical) | ||
Description: | CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0887-01 CESA-2011:0887 CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2375 CVE-2011-2376 CVE-2011-2377 CVE-2011-2605 | Version: | 172 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23271 | |||
Oval ID: | oval:org.mitre.oval:def:23271 | ||
Title: | ELSA-2011:0887: thunderbird security update (Critical) | ||
Description: | CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0887-01 CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2375 CVE-2011-2376 CVE-2011-2377 CVE-2011-2605 | Version: | 57 |
Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23411 | |||
Oval ID: | oval:org.mitre.oval:def:23411 | ||
Title: | ELSA-2011:0885: firefox security and bug fix update (Critical) | ||
Description: | CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0885-01 CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2375 CVE-2011-2376 CVE-2011-2377 CVE-2011-2605 | Version: | 57 |
Platform(s): | Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23741 | |||
Oval ID: | oval:org.mitre.oval:def:23741 | ||
Title: | ELSA-2011:0886: thunderbird security update (Critical) | ||
Description: | CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0886-01 CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2374 CVE-2011-2375 CVE-2011-2376 CVE-2011-2377 CVE-2011-2605 | Version: | 49 |
Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28020 | |||
Oval ID: | oval:org.mitre.oval:def:28020 | ||
Title: | DEPRECATED: ELSA-2011-0886 -- thunderbird security update (critical) | ||
Description: | [3.1.11-1.0.1.el6_1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [3.1.11-2] - Update to 3.1.11 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0886 CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2374 CVE-2011-2375 CVE-2011-2376 CVE-2011-2377 CVE-2011-2605 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28788 | |||
Oval ID: | oval:org.mitre.oval:def:28788 | ||
Title: | DSA-2273-1 -- icedove -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2273-1 CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 | Version: | 3 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | icedove |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2012-02-27 | Mozilla Firefox Firefox 4.0.1 Array.reduceRight() Exploit |
2011-10-12 | Mozilla Firefox Array.reduceRight() Integer Overflow Exploit |
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for firefox CESA-2011:0885 centos4 x86_64 File : nvt/gb_CESA-2011_0885_firefox_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for firefox CESA-2011:0885 centos5 x86_64 File : nvt/gb_CESA-2011_0885_firefox_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for thunderbird CESA-2011:0887 centos4 x86_64 File : nvt/gb_CESA-2011_0887_thunderbird_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for thunderbird CESA-2011:0887 centos5 x86_64 File : nvt/gb_CESA-2011_0887_thunderbird_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for seamonkey CESA-2011:0888 centos4 x86_64 File : nvt/gb_CESA-2011_0888_seamonkey_centos4_x86_64.nasl |
2012-06-06 | Name : RedHat Update for thunderbird RHSA-2011:0886-01 File : nvt/gb_RHSA-2011_0886-01_thunderbird.nasl |
2011-08-18 | Name : SuSE Update for MozillaFirefox,MozillaThunderbird SUSE-SA:2011:028 File : nvt/gb_suse_2011_028.nasl |
2011-08-18 | Name : CentOS Update for firefox CESA-2011:0885 centos4 i386 File : nvt/gb_CESA-2011_0885_firefox_centos4_i386.nasl |
2011-08-18 | Name : CentOS Update for thunderbird CESA-2011:0887 centos4 i386 File : nvt/gb_CESA-2011_0887_thunderbird_centos4_i386.nasl |
2011-08-18 | Name : CentOS Update for seamonkey CESA-2011:0888 centos4 i386 File : nvt/gb_CESA-2011_0888_seamonkey_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2011:0885 centos5 i386 File : nvt/gb_CESA-2011_0885_firefox_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for thunderbird CESA-2011:0887 centos5 i386 File : nvt/gb_CESA-2011_0887_thunderbird_centos5_i386.nasl |
2011-08-03 | Name : Debian Security Advisory DSA 2269-1 (iceape) File : nvt/deb_2269_1.nasl |
2011-08-03 | Name : Debian Security Advisory DSA 2268-1 (iceweasel) File : nvt/deb_2268_1.nasl |
2011-08-03 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox57.nasl |
2011-08-03 | Name : Debian Security Advisory DSA 2273-1 (icedove) File : nvt/deb_2273_1.nasl |
2011-07-18 | Name : Ubuntu Update for thunderbird USN-1150-1 File : nvt/gb_ubuntu_USN_1150_1.nasl |
2011-07-08 | Name : Ubuntu Update for firefox USN-1149-2 File : nvt/gb_ubuntu_USN_1149_2.nasl |
2011-07-07 | Name : Mozilla Products Multiple Denial of Service Vulnerabilities July-11 (Windows) File : nvt/gb_mozilla_prdts_mult_dos_vuln_win_jul11.nasl |
2011-07-07 | Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 01 File : nvt/gb_mozilla_prdts_mult_vuln_win01_jul11.nasl |
2011-07-07 | Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 02 File : nvt/gb_mozilla_prdts_mult_vuln_win02_jul11.nasl |
2011-07-07 | Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 03 File : nvt/gb_mozilla_prdts_mult_vuln_win03_jul11.nasl |
2011-07-07 | Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 04 File : nvt/gb_mozilla_prdts_mult_vuln_win04_jul11.nasl |
2011-07-07 | Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_win_jul11.nasl |
2011-06-24 | Name : Ubuntu Update for mozvoikko USN-1157-2 File : nvt/gb_ubuntu_USN_1157_2.nasl |
2011-06-24 | Name : Ubuntu Update for firefox USN-1157-1 File : nvt/gb_ubuntu_USN_1157_1.nasl |
2011-06-24 | Name : Ubuntu Update for firefox USN-1157-3 File : nvt/gb_ubuntu_USN_1157_3.nasl |
2011-06-24 | Name : Ubuntu Update for firefox USN-1149-1 File : nvt/gb_ubuntu_USN_1149_1.nasl |
2011-06-24 | Name : Mandriva Update for mozilla MDVSA-2011:111 (mozilla) File : nvt/gb_mandriva_MDVSA_2011_111.nasl |
2011-06-24 | Name : RedHat Update for seamonkey RHSA-2011:0888-01 File : nvt/gb_RHSA-2011_0888-01_seamonkey.nasl |
2011-06-24 | Name : RedHat Update for thunderbird RHSA-2011:0887-01 File : nvt/gb_RHSA-2011_0887-01_thunderbird.nasl |
2011-06-24 | Name : RedHat Update for firefox RHSA-2011:0885-01 File : nvt/gb_RHSA-2011_0885-01_firefox.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
74319 | Mozilla Multiple Products netwerk/cookie/nsCookieService.cpp nsCookieService:... |
73188 | Mozilla Multiple Products Trailing Dot Cookie Cross-domain Information Disclo... |
73187 | Mozilla Multiple Products nsXULCommandDispatcher.cpp Use-after-free Remote Co... |
73186 | Mozilla Multiple Products nsSVGPointList::AppendElement() Use-after-free Remo... |
73185 | Mozilla Multiple Products nsSVGPathSegList::ReplaceItem() Use-after-free Remo... |
73184 | Mozilla Multiple Products Array.reduceRight() Method Overflow |
73183 | Mozilla Multiple Products multipart/x-mixed-replace Image Handling Memory Cor... |
73182 | Mozilla Multiple Products XUL Document Handling Use-after-free Arbitrary Code... |
73181 | Mozilla Multiple Products Unspecified DoS (2011-2365) |
73180 | Mozilla Multiple Products Unspecified DoS (2011-2364) |
73179 | Mozilla Multiple Products Multiple Unspecified Memory Corruption (2011-2376) |
73178 | Mozilla Multiple Products Multiple Unspecified Memory Corruption (2011-2375) |
73177 | Mozilla Multiple Products Multiple Unspecified Memory Corruption (2011-2374) |
Snort® IPS/IDS
Date | Description |
---|---|
2014-03-08 | Mozilla Array.reduceRight integer overflow attempt RuleID : 29625 - Revision : 2 - Type : BROWSER-FIREFOX |
2014-03-08 | Mozilla Array.reduceRight integer overflow attempt RuleID : 29624 - Revision : 2 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Array.reduceRight integer overflow RuleID : 24188 - Revision : 4 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Array.reduceRight integer overflow RuleID : 24187 - Revision : 4 - Type : BROWSER-FIREFOX |
2014-01-10 | Phoenix exploit kit post-compromise behavior RuleID : 21860 - Revision : 5 - Type : MALWARE-CNC |
2014-01-10 | Phoenix exploit kit landing page RuleID : 21640 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Mozilla Array.reduceRight integer overflow RuleID : 19714 - Revision : 5 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Array.reduceRight integer overflow RuleID : 19713 - Revision : 8 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_mozilla-js192-110622.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaFirefox-110622.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-110627.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaThunderbird-110628.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-0886.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0888.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-0887.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0885.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20110621_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20110621_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110621_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110621_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7596.nasl - Type : ACT_GATHER_INFO |
2011-08-17 | Name : The remote Windows host contains a web browser that may be affected by multip... File : seamonkey_22.nasl - Type : ACT_GATHER_INFO |
2011-08-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0888.nasl - Type : ACT_GATHER_INFO |
2011-07-18 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1150-1.nasl - Type : ACT_GATHER_INFO |
2011-07-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2273.nasl - Type : ACT_GATHER_INFO |
2011-07-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2269.nasl - Type : ACT_GATHER_INFO |
2011-07-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2268.nasl - Type : ACT_GATHER_INFO |
2011-07-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7597.nasl - Type : ACT_GATHER_INFO |
2011-07-01 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-110628.nasl - Type : ACT_GATHER_INFO |
2011-06-30 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1149-2.nasl - Type : ACT_GATHER_INFO |
2011-06-24 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_3_6_18.nasl - Type : ACT_GATHER_INFO |
2011-06-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1157-3.nasl - Type : ACT_GATHER_INFO |
2011-06-24 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_5_0.nasl - Type : ACT_GATHER_INFO |
2011-06-23 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1157-1.nasl - Type : ACT_GATHER_INFO |
2011-06-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1157-2.nasl - Type : ACT_GATHER_INFO |
2011-06-23 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2011-0887.nasl - Type : ACT_GATHER_INFO |
2011-06-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1149-1.nasl - Type : ACT_GATHER_INFO |
2011-06-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-111.nasl - Type : ACT_GATHER_INFO |
2011-06-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0885.nasl - Type : ACT_GATHER_INFO |
2011-06-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0888.nasl - Type : ACT_GATHER_INFO |
2011-06-22 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2011-0887.nasl - Type : ACT_GATHER_INFO |
2011-06-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0886.nasl - Type : ACT_GATHER_INFO |
2011-06-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0885.nasl - Type : ACT_GATHER_INFO |
2011-06-21 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_3111.nasl - Type : ACT_GATHER_INFO |
2011-06-21 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_50.nasl - Type : ACT_GATHER_INFO |
2011-06-21 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3618.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:54:49 |
|