Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Sun Alert 256408 Multiple Security Vulnerabilities in Firefox Versions Before 2.0.0.19 May Allow Execution of Arbitrary Code or Access to Unauthorized Data
Informations
Name SUN-256408 First vendor Publication 2009-04-07
Vendor Sun Last vendor Modification 2009-04-07
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Firefox 2.0 Solaris 10 Operating System OpenSolaris

Multiple security vulnerabilities in firefox(1) versions prior to 2.0.0.19 shipped with Solaris 10 may allow an unprivileged remote user to execute arbitrary code on the system where firefox(1) is being run, gain unauthorized access to sensitive data, perform Cross-Site Scripting (XSS) attacks to bypass access controls, read or modify data in other web sites, or inject code into web pages to obtain sensitive data from the user or information stored in cookies

Certain vulnerabilities may also allow a user to crash the firefox(1) application which is a type of Denial of Service (DoS).

The following URL provides additional details about the vulnerabilities addressed in Firefox versions prior to 2.0.0.19:

http://www.mozilla.org/security/known-vulnerabilities/firefox20.html

The following CVEs correspond to the Mozilla Foundation Security Advisories referenced in the above URL for Firefox versions 2.0.0.15 through 2.0.0.19:

CVE-2008-2800  CVE-2008-2801  CVE-2008-2802  CVE-2008-2803  CVE-2008-2805
CVE-2008-2807  CVE-2008-2808  CVE-2008-2809  CVE-2008-2811  CVE-2008-2785 
CVE-2008-2933  CVE-2008-2934  CVE-2008-0016  CVE-2008-3835  CVE-2008-3836 
CVE-2008-3837  CVE-2008-4058  CVE-2008-4059  CVE-2008-4060  CVE-2008-4061 
CVE-2008-4062  CVE-2008-4063  CVE-2008-4064  CVE-2008-4065  CVE-2008-4066 
CVE-2008-4067  CVE-2008-4068  CVE-2008-4069  CVE-2008-4070  CVE-2008-4582 
CVE-2008-5012  CVE-2008-5013  CVE-2008-5014  CVE-2008-5015  CVE-2008-5016 
CVE-2008-5017  CVE-2008-5018  CVE-2008-5019  CVE-2008-0017  CVE-2008-5021 
CVE-2008-5022  CVE-2008-5023  CVE-2008-5024  CVE-2008-5500  CVE-2008-5501 
CVE-2008-5502  CVE-2008-5503  CVE-2008-5504  CVE-2008-5505  CVE-2008-5506 
CVE-2008-5507  CVE-2008-5508  CVE-2008-5510  CVE-2008-5511  CVE-2008-5512 
CVE-2008-5513


State: Resolved
First released: 07-Apr-2009

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_256408_multiple_security

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-26 Leveraging Race Conditions
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-172 Time and State Attacks

CWE : Common Weakness Enumeration

% Id Name
24 % CWE-264 Permissions, Privileges, and Access Controls
18 % CWE-399 Resource Management Errors
14 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
12 % CWE-20 Improper Input Validation
8 % CWE-200 Information Exposure
6 % CWE-189 Numeric Errors (CWE/SANS Top 25)
6 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
4 % CWE-287 Improper Authentication
4 % CWE-94 Failure to Control Generation of Code ('Code Injection')
4 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)
2 % CWE-91 XML Injection (aka Blind XPath Injection)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10001
 
Oval ID: oval:org.mitre.oval:def:10001
Title: The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) via vectors that trigger memory corruption, related to the GetXMLEntity and FastAppendChar functions.
Description: The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) via vectors that trigger memory corruption, related to the GetXMLEntity and FastAppendChar functions.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5502
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10143
 
Oval ID: oval:org.mitre.oval:def:10143
Title: Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range.
Description: Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range.
Family: unix Class: vulnerability
Reference(s): CVE-2008-2805
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10205
 
Oval ID: oval:org.mitre.oval:def:10205
Title: Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
Description: Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
Family: unix Class: vulnerability
Reference(s): CVE-2008-2809
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10206
 
Oval ID: oval:org.mitre.oval:def:10206
Title: Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp.
Description: Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4062
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10257
 
Oval ID: oval:org.mitre.oval:def:10257
Title: The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service via vectors that trigger an assertion failure.
Description: The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service via vectors that trigger an assertion failure.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5501
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10389
 
Oval ID: oval:org.mitre.oval:def:10389
Title: Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data.
Description: Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5513
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10443
 
Oval ID: oval:org.mitre.oval:def:10443
Title: Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies.
Description: Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5505
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10512
 
Oval ID: oval:org.mitre.oval:def:10512
Title: Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure."
Description: Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure."
Family: unix Class: vulnerability
Reference(s): CVE-2008-5506
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10747
 
Oval ID: oval:org.mitre.oval:def:10747
Title: The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons.
Description: The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons.
Family: unix Class: vulnerability
Reference(s): CVE-2008-2803
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10750
 
Oval ID: oval:org.mitre.oval:def:10750
Title: Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon.
Description: Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5012
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10770
 
Oval ID: oval:org.mitre.oval:def:10770
Title: Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI.
Description: Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4067
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10781
 
Oval ID: oval:org.mitre.oval:def:10781
Title: Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome privileges via vectors related to the feed preview, a different vulnerability than CVE-2008-3836.
Description: Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome privileges via vectors related to the feed preview, a different vulnerability than CVE-2008-3836.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5504
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10794
 
Oval ID: oval:org.mitre.oval:def:10794
Title: Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine.
Description: Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4061
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10933
 
Oval ID: oval:org.mitre.oval:def:10933
Title: Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages."
Description: Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages."
Family: unix Class: vulnerability
Reference(s): CVE-2008-4070
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10943
 
Oval ID: oval:org.mitre.oval:def:10943
Title: The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors.
Description: The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5019
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11000
 
Oval ID: oval:org.mitre.oval:def:11000
Title: The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file.
Description: The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4069
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11005
 
Oval ID: oval:org.mitre.oval:def:11005
Title: The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.
Description: The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2008-0017
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11040
 
Oval ID: oval:org.mitre.oval:def:11040
Title: Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks.
Description: Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5508
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11053
 
Oval ID: oval:org.mitre.oval:def:11053
Title: The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow.
Description: The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5500
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11063
 
Oval ID: oval:org.mitre.oval:def:11063
Title: Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system.
Description: Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5015
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11121
 
Oval ID: oval:org.mitre.oval:def:11121
Title: Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level."
Description: Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level."
Family: unix Class: vulnerability
Reference(s): CVE-2008-2802
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11151
 
Oval ID: oval:org.mitre.oval:def:11151
Title: Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames.
Description: Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4063
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11186
 
Oval ID: oval:org.mitre.oval:def:11186
Title: The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.
Description: The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5022
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11356
 
Oval ID: oval:org.mitre.oval:def:11356
Title: The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences.
Description: The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5016
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11383
 
Oval ID: oval:org.mitre.oval:def:11383
Title: Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug."
Description: Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug."
Family: unix Class: vulnerability
Reference(s): CVE-2008-4065
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11423
 
Oval ID: oval:org.mitre.oval:def:11423
Title: The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings.
Description: The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5503
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11436
 
Oval ID: oval:org.mitre.oval:def:11436
Title: Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors.
Description: Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5017
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11471
 
Oval ID: oval:org.mitre.oval:def:11471
Title: Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI.
Description: Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4068
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11579
 
Oval ID: oval:org.mitre.oval:def:11579
Title: Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.
Description: Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.
Family: unix Class: vulnerability
Reference(s): CVE-2008-0016
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11607
 
Oval ID: oval:org.mitre.oval:def:11607
Title: Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT.
Description: Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4060
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11618
 
Oval ID: oval:org.mitre.oval:def:11618
Title: Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267.
Description: Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267.
Family: unix Class: vulnerability
Reference(s): CVE-2008-2933
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11743
 
Oval ID: oval:org.mitre.oval:def:11743
Title: Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert messagebox in the cairo_surface_set_device_offset function, (2) integer overflows when handling animated PNG data in the info_callback function in nsPNGDecoder.cpp, and (3) an integer overflow when handling SVG data in the nsSVGFEGaussianBlurElement::SetupPredivide function in nsSVGFilters.cpp.
Description: Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert messagebox in the cairo_surface_set_device_offset function, (2) integer overflows when handling animated PNG data in the info_callback function in nsPNGDecoder.cpp, and (3) an integer overflow when handling SVG data in the nsSVGFEGaussianBlurElement::SetupPredivide function in nsSVGFilters.cpp.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4064
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11810
 
Oval ID: oval:org.mitre.oval:def:11810
Title: Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.
Description: Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.
Family: unix Class: vulnerability
Reference(s): CVE-2008-2801
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11881
 
Oval ID: oval:org.mitre.oval:def:11881
Title: Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document."
Description: Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document."
Family: unix Class: vulnerability
Reference(s): CVE-2008-5511
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12973
 
Oval ID: oval:org.mitre.oval:def:12973
Title: DSA-1696-1 icedove -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0016 Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. CVE-2008-1380 It was discovered that crashes in the Javascript engine could potentially lead to the execution of arbitrary code. CVE-2008-3835 "moz_bug_r_a4" discovered that the same-origin check in nsXMLDocument::OnChannelRedirect could be bypassed. CVE-2008-4058 "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. CVE-2008-4059 "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. CVE-2008-4060 Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability in XSLT handling. CVE-2008-4061 Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. CVE-2008-4062 Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2008-4065 Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string. CVE-2008-4067 It was discovered that a directory traversal allows attackers to read arbitrary files via a certain characters. CVE-2008-4068 It was discovered that a directory traversal allows attackers to bypass security restrictions and obtain sensitive information. CVE-2008-4070 It was discovered that a buffer overflow could be triggered via a long header in a news article, which could lead to arbitrary code execution. CVE-2008-4582 Liu Die Yu and Boris Zbarsky discovered an information leak through local shortcut files. CVE-2008-5012 Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. CVE-2008-5014 Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. CVE-2008-5017 It was discovered that crashes in the layout engine could lead to arbitrary code execution. CVE-2008-5018 It was discovered that crashes in the Javascript engine could lead to arbitrary code execution. CVE-2008-5021 It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. CVE-2008-5022 "moz_bug_r_a4" discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners could be bypassed. CVE-2008-5024 Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. CVE-2008-5500 Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. CVE-2008-5503 Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. CVE-2008-5506 Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. CVE-2008-5507 Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. CVE-2008-5508 Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. CVE-2008-5511 It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." CVE-2008-5512 It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. For the stable distribution these problems have been fixed in version 1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1. Packages for s390 will be provided later. For the upcoming stable distribution these problems will be fixed soon. For the unstable distribution these problems have been fixed in version 2.0.0.19-1. We recommend that you upgrade your icedove packages.
Family: unix Class: patch
Reference(s): DSA-1696-1
CVE-2008-0016
CVE-2008-1380
CVE-2008-3835
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4065
CVE-2008-4067
CVE-2008-4068
CVE-2008-4070
CVE-2008-4582
CVE-2008-5012
CVE-2008-5014
CVE-2008-5017
CVE-2008-5018
CVE-2008-5021
CVE-2008-5022
CVE-2008-5024
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): icedove
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13213
 
Oval ID: oval:org.mitre.oval:def:13213
Title: USN-701-2 -- mozilla-thunderbird vulnerabilities
Description: Several flaws were discovered in the browser engine. If a user had Javascript enabled, these problems could allow an attacker to crash Thunderbird and possibly execute arbitrary code with user privileges. Boris Zbarsky discovered that the same-origin check in Thunderbird could be bypassed by utilizing XBL-bindings. If a user had Javascript enabled, an attacker could exploit this to read data from other domains. Marius Schilder discovered that Thunderbird did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. When Javascript is enabled, it�s possible that sensitive information could be revealed in the XMLHttpRequest response. Chris Evans discovered that Thunderbird did not properly protect a user�s data when accessing a same-domain Javascript URL that is redirected to an unparsable Javascript off-site resource. If a user were tricked into opening a malicious website and had Javascript enabled, an attacker may be able to steal a limited amount of private data. Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Thunderbird did not properly parse URLs when processing certain control characters. Several flaws were discovered in the Javascript engine. If a user were tricked into opening a malicious website and had Javascript enabled, an attacker could exploit this to execute arbitrary Javascript code within the context of another website or with chrome privileges
Family: unix Class: patch
Reference(s): USN-701-2
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
Version: 5
Platform(s): Ubuntu 6.06
Product(s): mozilla-thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13233
 
Oval ID: oval:org.mitre.oval:def:13233
Title: USN-701-1 -- thunderbird vulnerabilities
Description: Several flaws were discovered in the browser engine. If a user had Javascript enabled, these problems could allow an attacker to crash Thunderbird and possibly execute arbitrary code with user privileges. Boris Zbarsky discovered that the same-origin check in Thunderbird could be bypassed by utilizing XBL-bindings. If a user had Javascript enabled, an attacker could exploit this to read data from other domains. Marius Schilder discovered that Thunderbird did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. When Javascript is enabled, it�s possible that sensitive information could be revealed in the XMLHttpRequest response. Chris Evans discovered that Thunderbird did not properly protect a user�s data when accessing a same-domain Javascript URL that is redirected to an unparsable Javascript off-site resource. If a user were tricked into opening a malicious website and had Javascript enabled, an attacker may be able to steal a limited amount of private data. Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Thunderbird did not properly parse URLs when processing certain control characters. Kojima Hajime discovered that Thunderbird did not properly handle an escaped null character. An attacker may be able to exploit this flaw to bypass script sanitization. Several flaws were discovered in the Javascript engine. If a user were tricked into opening a malicious website and had Javascript enabled, an attacker could exploit this to execute arbitrary Javascript code within the context of another website or with chrome privileges
Family: unix Class: patch
Reference(s): USN-701-1
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5510
CVE-2008-5511
CVE-2008-5512
Version: 5
Platform(s): Ubuntu 7.10
Ubuntu 8.10
Ubuntu 8.04
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13245
 
Oval ID: oval:org.mitre.oval:def:13245
Title: DSA-1697-1 iceape -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in Iceape an unbranded version of the Seamonkey internet suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0016 Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. CVE-2008-0304 It was discovered that a buffer overflow in MIME decoding can lead to the execution of arbitrary code. CVE-2008-2785 It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code. CVE-2008-2798 Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2008-2799 Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2008-2800 "moz_bug_r_a4" discovered several cross-site scripting vulnerabilities. CVE-2008-2801 Collin Jackson and Adam Barth discovered that Javascript code could be executed in the context or signed JAR archives. CVE-2008-2802 "moz_bug_r_a4" discovered that XUL documements can escalate privileges by accessing the pre-compiled "fastload" file. CVE-2008-2803 "moz_bug_r_a4" discovered that missing input sanitising in the mozIJSSubScriptLoader.loadSubScript function could lead to the execution of arbitrary code. Iceape itself is not affected, but some addons are. CVE-2008-2805 Claudio Santambrogio discovered that missing access validation in DOM parsing allows malicious web sites to force the browser to upload local files to the server, which could lead to information disclosure. CVE-2008-2807 Daniel Glazman discovered that a programming error in the code for parsing .properties files could lead to memory content being exposed to addons, which could lead to information disclosure. CVE-2008-2808 Masahiro Yamada discovered that file URLS in directory listings were insufficiently escaped. CVE-2008-2809 John G. Myers, Frank Benkstein and Nils Toedtmann discovered that alternate names on self-signed certificates were handled insufficiently, which could lead to spoofings of secure connections. CVE-2008-2810 It was discovered that URL shortcut files could be used to bypass the same-origin restrictions. This issue does not affect current Iceape, but might occur with additional extensions installed. CVE-2008-2811 Greg McManus discovered a crash in the block reflow code, which might allow the execution of arbitrary code. CVE-2008-2933 Billy Rios discovered that passing an URL containing a pipe symbol to Iceape can lead to Chrome privilege escalation. CVE-2008-3835 "moz_bug_r_a4" discovered that the same-origin check in nsXMLDocument::OnChannelRedirect could be bypassed. CVE-2008-3836 "moz_bug_r_a4" discovered that several vulnerabilities in feedWriter could lead to Chrome privilege escalation. CVE-2008-3837 Paul Nickerson discovered that an attacker could move windows during a mouse click, resulting in unwanted action triggered by drag-and-drop. CVE-2008-4058 "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. CVE-2008-4059 "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. CVE-2008-4060 Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability in XSLT handling. CVE-2008-4061 Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. CVE-2008-4062 Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2008-4065 Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string. CVE-2008-4067 Boris Zbarsky discovered that resource: URls allow directory traversal when using URL-encoded slashes. CVE-2008-4068 Georgi Guninski discovered that resource: URLs could bypass local access restrictions. CVE-2008-4069 Billy Hoffman discovered that the XBM decoder could reveal uninitialised memory. CVE-2008-4070 It was discovered that a buffer overflow could be triggered via a long header in a news article, which could lead to arbitrary code execution. CVE-2008-5012 Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. CVE-2008-5013 It was discovered that insufficient checks in the Flash plugin glue code could lead to arbitrary code execution. CVE-2008-5014 Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. CVE-2008-5017 It was discovered that crashes in the layout engine could lead to arbitrary code execution. CVE-2008-0017 Justin Schuh discovered that a buffer overflow in http-index-format parser could lead to arbitrary code execution. CVE-2008-5021 It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. CVE-2008-5022 "moz_bug_r_a4" discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners could be bypassed. CVE-2008-5024 Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. CVE-2008-4582 Liu Die Yu discovered an information leak through local shortcut files. CVE-2008-5500 Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. CVE-2008-5503 Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. CVE-2008-5506 Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. CVE-2008-5507 Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. CVE-2008-5508 Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. CVE-2008-5511 It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." CVE-2008-5512 It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. For the stable distribution these problems have been fixed in version 1.0.13~pre080614i-0etch1. For the upcoming stable distribution distribution these problems will be fixed soon. For the unstable distribution these problems have been fixed in version 1.1.14-1. We recommend that you upgrade your iceape packages.
Family: unix Class: patch
Reference(s): DSA-1697-1
CVE-2008-0016
CVE-2008-0304
CVE-2008-2785
CVE-2008-2798
CVE-2008-2799
CVE-2008-2800
CVE-2008-2801
CVE-2008-2802
CVE-2008-2803
CVE-2008-2805
CVE-2008-2807
CVE-2008-2808
CVE-2008-2809
CVE-2008-2810
CVE-2008-2811
CVE-2008-2933
CVE-2008-3835
CVE-2008-3836
CVE-2008-3837
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4065
CVE-2008-4067
CVE-2008-4068
CVE-2008-4069
CVE-2008-4070
CVE-2008-4582
CVE-2008-5012
CVE-2008-5013
CVE-2008-5014
CVE-2008-5017
CVE-2008-0017
CVE-2008-5021
CVE-2008-5024
CVE-2008-5022
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): iceape
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13605
 
Oval ID: oval:org.mitre.oval:def:13605
Title: DSA-1707-1 iceweasel -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-5500 Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. CVE-2008-5503 Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. CVE-2008-5504 It was discovered that attackers could run arbitrary JavaScript with chrome privileges via vectors related to the feed preview. CVE-2008-5506 Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. CVE-2008-5507 Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. CVE-2008-5508 Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. CVE-2008-5510 Kojima Hajime and Jun Muto discovered that escaped null characters were ignored by the CSS parser and could lead to the bypass of protection mechanisms CVE-2008-5511 It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." CVE-2008-5512 It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. CVE-2008-5513 moz_bug_r_a4 discovered that the session-restore feature does not properly sanitise input leading to arbitrary injections. This issue could be used to perform an XSS attack or run arbitrary JavaScript with chrome privileges. For the stable distribution these problems have been fixed in version 2.0.0.19-0etch1. For the testing distribution and the unstable distribution these problems have been fixed in version 3.0.5-1. Please note iceweasel in Lenny links dynamically against xulrunner. We recommend that you upgrade your iceweasel package.
Family: unix Class: patch
Reference(s): DSA-1707-1
CVE-2008-5500
CVE-2008-5503
CVE-2008-5504
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5510
CVE-2008-5511
CVE-2008-5512
CVE-2008-5513
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): iceweasel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13754
 
Oval ID: oval:org.mitre.oval:def:13754
Title: DSA-1704-2 netatalk -- arbitrary code execution
Description: The update in DSA 1704-1 was incomplete as it missed to escape a few important characters which enabled an attacker to overwrite arbitrary files. It was discovered that netatalk, an implementation of the AppleTalk suite, is affected by a command injection vulnerability when processing PostScript streams via papd. This is leading to arbitrary remote code execution. Note that this only affects installations that are configured to use a pipe command in combination with wildcard symbols substituted with values of the printed job. For the stable distribution this problem has been fixed in version 2.0.3-4+etch2. For the unstable distribution this problem has been fixed in version 2.0.4~beta2-1.1. We recommend that you upgrade your netatalk package.
Family: unix Class: patch
Reference(s): DSA-1704-2
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): netatalk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16973
 
Oval ID: oval:org.mitre.oval:def:16973
Title: USN-690-3 -- firefox vulnerabilities
Description: Several flaws were discovered in the browser engine.
Family: unix Class: patch
Reference(s): USN-690-3
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5511
CVE-2008-5512
Version: 7
Platform(s): Ubuntu 6.06
Product(s): firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17292
 
Oval ID: oval:org.mitre.oval:def:17292
Title: USN-626-1 -- firefox-3.0, xulrunner-1.9 vulnerabilities
Description: A flaw was discovered in the browser engine.
Family: unix Class: patch
Reference(s): USN-626-1
CVE-2008-2785
CVE-2008-2933
CVE-2008-2934
Version: 7
Platform(s): Ubuntu 8.04
Product(s): firefox-3.0
xulrunner-1.9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17505
 
Oval ID: oval:org.mitre.oval:def:17505
Title: USN-619-1 -- firefox vulnerabilities
Description: Various flaws were discovered in the browser engine.
Family: unix Class: patch
Reference(s): USN-619-1
CVE-2008-2798
CVE-2008-2799
CVE-2008-2800
CVE-2008-2801
CVE-2008-2802
CVE-2008-2803
CVE-2008-2805
CVE-2008-2806
CVE-2008-2807
CVE-2008-2808
CVE-2008-2809
CVE-2008-2810
CVE-2008-2811
Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 7.04
Ubuntu 7.10
Product(s): firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17610
 
Oval ID: oval:org.mitre.oval:def:17610
Title: USN-647-1 -- mozilla-thunderbird, thunderbird vulnerabilities
Description: It was discovered that the same-origin check in Thunderbird could be bypassed.
Family: unix Class: patch
Reference(s): USN-647-1
CVE-2008-3835
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4063
CVE-2008-4064
CVE-2008-4065
CVE-2008-4066
CVE-2008-4067
CVE-2008-4068
CVE-2008-4070
Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04
Product(s): mozilla-thunderbird
thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17616
 
Oval ID: oval:org.mitre.oval:def:17616
Title: USN-667-1 -- firefox, firefox-3.0, xulrunner-1.9 vulnerabilities
Description: Liu Die Yu discovered an information disclosure vulnerability in Firefox when using saved .url shortcut files.
Family: unix Class: patch
Reference(s): USN-667-1
CVE-2008-4582
CVE-2008-5012
CVE-2008-5013
CVE-2008-5014
CVE-2008-5015
CVE-2008-5016
CVE-2008-5017
CVE-2008-5018
CVE-2008-5019
CVE-2008-0017
CVE-2008-5021
CVE-2008-5022
CVE-2008-5023
CVE-2008-5024
Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 7.10
Ubuntu 8.04
Ubuntu 8.10
Product(s): firefox
firefox-3.0
xulrunner-1.9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17626
 
Oval ID: oval:org.mitre.oval:def:17626
Title: USN-645-1 -- firefox, firefox-3.0, xulrunner-1.9 vulnerabilities
Description: Justin Schuh, Tom Cross and Peter Williams discovered errors in the Firefox URL parsing routines.
Family: unix Class: patch
Reference(s): USN-645-1
CVE-2008-0016
CVE-2008-3835
CVE-2008-3836
CVE-2008-3837
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4063
CVE-2008-4064
CVE-2008-4065
CVE-2008-4066
CVE-2008-4067
CVE-2008-4068
CVE-2008-4069
Version: 7
Platform(s): Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04
Product(s): firefox
firefox-3.0
xulrunner-1.9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17644
 
Oval ID: oval:org.mitre.oval:def:17644
Title: USN-626-2 -- devhelp, epiphany-browser, midbrowser, yelp update
Description: USN-626-1 fixed vulnerabilities in xulrunner-1.9.
Family: unix Class: patch
Reference(s): USN-626-2
CVE-2008-2785
CVE-2008-2933
Version: 7
Platform(s): Ubuntu 8.04
Product(s): devhelp
epiphany-browser
midbrowser
yelp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17661
 
Oval ID: oval:org.mitre.oval:def:17661
Title: USN-645-3 -- firefox-3.0, xulrunner-1.9 regression
Description: USN-645-1 fixed vulnerabilities in Firefox and xulrunner.
Family: unix Class: patch
Reference(s): USN-645-3
CVE-2008-0016
CVE-2008-3835
CVE-2008-3836
CVE-2008-3837
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4063
CVE-2008-4064
CVE-2008-4065
CVE-2008-4066
CVE-2008-4067
CVE-2008-4068
CVE-2008-4069
Version: 7
Platform(s): Ubuntu 8.04
Product(s): firefox-3.0
xulrunner-1.9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17662
 
Oval ID: oval:org.mitre.oval:def:17662
Title: USN-690-1 -- firefox-3.0, xulrunner-1.9 vulnerabilities
Description: Several flaws were discovered in the browser engine.
Family: unix Class: patch
Reference(s): USN-690-1
CVE-2008-5500
CVE-2008-5501
CVE-2008-5502
CVE-2008-5505
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5510
CVE-2008-5511
CVE-2008-5512
CVE-2008-5513
Version: 7
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Product(s): firefox-3.0
xulrunner-1.9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17681
 
Oval ID: oval:org.mitre.oval:def:17681
Title: USN-623-1 -- firefox vulnerabilities
Description: A flaw was discovered in the browser engine.
Family: unix Class: patch
Reference(s): USN-623-1
CVE-2008-2785
CVE-2008-2933
Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 7.04
Ubuntu 7.10
Product(s): firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17769
 
Oval ID: oval:org.mitre.oval:def:17769
Title: USN-645-2 -- firefox vulnerabilities
Description: USN-645-1 fixed vulnerabilities in Firefox and xulrunner for Ubuntu 7.04, 7.10 and 8.04 LTS.
Family: unix Class: patch
Reference(s): USN-645-2
CVE-2008-0016
CVE-2008-3835
CVE-2008-3836
CVE-2008-3837
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4063
CVE-2008-4064
CVE-2008-4065
CVE-2008-4066
CVE-2008-4067
CVE-2008-4068
CVE-2008-4069
Version: 7
Platform(s): Ubuntu 6.06
Product(s): firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17791
 
Oval ID: oval:org.mitre.oval:def:17791
Title: DSA-1704-1 xulrunner - several vulnerabilities
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications.
Family: unix Class: patch
Reference(s): DSA-1704-1
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
Version: 7
Platform(s): Debian GNU/Linux 4.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17848
 
Oval ID: oval:org.mitre.oval:def:17848
Title: USN-668-1 -- mozilla-thunderbird, thunderbird vulnerabilities
Description: Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the same-origin check in Thunderbird could be bypassed.
Family: unix Class: patch
Reference(s): USN-668-1
CVE-2008-5012
CVE-2008-5014
CVE-2008-5016
CVE-2008-5017
CVE-2008-5018
CVE-2008-5021
CVE-2008-5022
CVE-2008-5024
Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 7.10
Ubuntu 8.04
Ubuntu 8.10
Product(s): mozilla-thunderbird
thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17937
 
Oval ID: oval:org.mitre.oval:def:17937
Title: USN-690-2 -- firefox vulnerabilities
Description: Several flaws were discovered in the browser engine.
Family: unix Class: patch
Reference(s): USN-690-2
CVE-2008-5500
CVE-2008-5503
CVE-2008-5504
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5510
CVE-2008-5511
CVE-2008-5512
CVE-2008-5513
Version: 7
Platform(s): Ubuntu 7.10
Product(s): firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18500
 
Oval ID: oval:org.mitre.oval:def:18500
Title: DSA-1615-1 xulrunner - several vulnerabilities
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications.
Family: unix Class: patch
Reference(s): DSA-1615-1
CVE-2008-2785
CVE-2008-2798
CVE-2008-2799
CVE-2008-2800
CVE-2008-2801
CVE-2008-2802
CVE-2008-2803
CVE-2008-2805
CVE-2008-2807
CVE-2008-2808
CVE-2008-2809
CVE-2008-2811
CVE-2008-2933
Version: 7
Platform(s): Debian GNU/Linux 4.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18570
 
Oval ID: oval:org.mitre.oval:def:18570
Title: DSA-1621-1 icedove - several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client.
Family: unix Class: patch
Reference(s): DSA-1621-1
CVE-2008-0304
CVE-2008-2785
CVE-2008-2798
CVE-2008-2799
CVE-2008-2802
CVE-2008-2803
CVE-2008-2807
CVE-2008-2809
CVE-2008-2811
Version: 7
Platform(s): Debian GNU/Linux 4.0
Product(s): icedove
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19874
 
Oval ID: oval:org.mitre.oval:def:19874
Title: DSA-1669-1 xulrunner - several vulnerabilities
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications.
Family: unix Class: patch
Reference(s): DSA-1669-1
CVE-2008-0016
CVE-2008-3835
CVE-2008-3836
CVE-2008-3837
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4065
CVE-2008-4066
CVE-2008-4067
CVE-2008-4068
CVE-2008-4069
CVE-2008-4582
CVE-2008-5012
CVE-2008-5013
CVE-2008-5014
CVE-2008-5017
CVE-2008-5018
CVE-2008-0017
CVE-2008-5021
CVE-2008-5022
CVE-2008-5023
CVE-2008-5024
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19875
 
Oval ID: oval:org.mitre.oval:def:19875
Title: DSA-1614-1 iceweasel - several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser.
Family: unix Class: patch
Reference(s): DSA-1614-1
CVE-2008-2785
CVE-2008-2933
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): iceweasel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19884
 
Oval ID: oval:org.mitre.oval:def:19884
Title: DSA-1649-1 iceweasel - several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser.
Family: unix Class: patch
Reference(s): DSA-1649-1
CVE-2008-0016
CVE-2008-3835
CVE-2008-3836
CVE-2008-3837
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4065
CVE-2008-4066
CVE-2008-4067
CVE-2008-4068
CVE-2008-4069
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): iceweasel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20161
 
Oval ID: oval:org.mitre.oval:def:20161
Title: DSA-1671-1 iceweasel - several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Iceweasel webbrowser, an unbranded version of the Firefox browser.
Family: unix Class: patch
Reference(s): DSA-1671-1
CVE-2008-0017
CVE-2008-4582
CVE-2008-5012
CVE-2008-5013
CVE-2008-5014
CVE-2008-5017
CVE-2008-5018
CVE-2008-5021
CVE-2008-5022
CVE-2008-5023
CVE-2008-5024
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): iceweasel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20284
 
Oval ID: oval:org.mitre.oval:def:20284
Title: DSA-1607-1 iceweasel - several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser.
Family: unix Class: patch
Reference(s): DSA-1607-1
CVE-2008-2798
CVE-2008-2799
CVE-2008-2800
CVE-2008-2801
CVE-2008-2802
CVE-2008-2803
CVE-2008-2805
CVE-2008-2807
CVE-2008-2808
CVE-2008-2809
CVE-2008-2811
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): iceweasel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22266
 
Oval ID: oval:org.mitre.oval:def:22266
Title: ELSA-2008:0616: thunderbird security update (Moderate)
Description: The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines.
Family: unix Class: patch
Reference(s): ELSA-2008:0616-01
CVE-2008-2785
CVE-2008-2798
CVE-2008-2799
CVE-2008-2800
CVE-2008-2801
CVE-2008-2802
CVE-2008-2803
CVE-2008-2805
CVE-2008-2807
CVE-2008-2808
CVE-2008-2809
CVE-2008-2810
CVE-2008-2811
Version: 57
Platform(s): Oracle Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22483
 
Oval ID: oval:org.mitre.oval:def:22483
Title: ELSA-2008:0879: firefox security update (Critical)
Description: Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI.
Family: unix Class: patch
Reference(s): ELSA-2008:0879-01
CVE-2008-3837
CVE-2008-4058
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4063
CVE-2008-4064
CVE-2008-4065
CVE-2008-4067
CVE-2008-4068
Version: 45
Platform(s): Oracle Linux 5
Product(s): firefox
devhelp
nss
xulrunner
yelp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22544
 
Oval ID: oval:org.mitre.oval:def:22544
Title: ELSA-2009:0002: thunderbird security update (Moderate)
Description: Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data.
Family: unix Class: patch
Reference(s): ELSA-2009:0002-01
CVE-2008-5500
CVE-2008-5501
CVE-2008-5502
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
CVE-2008-5513
Version: 45
Platform(s): Oracle Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22654
 
Oval ID: oval:org.mitre.oval:def:22654
Title: ELSA-2008:0569: firefox security update (Critical)
Description: The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines.
Family: unix Class: patch
Reference(s): ELSA-2008:0569-01
CVE-2008-2798
CVE-2008-2799
CVE-2008-2800
CVE-2008-2801
CVE-2008-2802
CVE-2008-2803
CVE-2008-2805
CVE-2008-2807
CVE-2008-2808
CVE-2008-2809
CVE-2008-2810
CVE-2008-2811
Version: 53
Platform(s): Oracle Linux 5
Product(s): devhelp
firefox
xulrunner
yelp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22664
 
Oval ID: oval:org.mitre.oval:def:22664
Title: ELSA-2008:0908: thunderbird security update (Moderate)
Description: Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages."
Family: unix Class: patch
Reference(s): ELSA-2008:0908-01
CVE-2008-0016
CVE-2008-3835
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4065
CVE-2008-4066
CVE-2008-4067
CVE-2008-4068
CVE-2008-4070
Version: 53
Platform(s): Oracle Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22738
 
Oval ID: oval:org.mitre.oval:def:22738
Title: ELSA-2008:1036: firefox security update (Critical)
Description: Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data.
Family: unix Class: patch
Reference(s): ELSA-2008:1036-01
CVE-2008-5500
CVE-2008-5501
CVE-2008-5502
CVE-2008-5505
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5510
CVE-2008-5511
CVE-2008-5512
CVE-2008-5513
Version: 49
Platform(s): Oracle Linux 5
Product(s): firefox
nspr
nss
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28693
 
Oval ID: oval:org.mitre.oval:def:28693
Title: RHSA-2008:0908 -- thunderbird security update (Moderate)
Description: Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062)
Family: unix Class: patch
Reference(s): RHSA-2008:0908
CESA-2008:0908-CentOS 5
CVE-2008-0016
CVE-2008-3835
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4065
CVE-2008-4066
CVE-2008-4067
CVE-2008-4068
CVE-2008-4070
Version: 3
Platform(s): Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28716
 
Oval ID: oval:org.mitre.oval:def:28716
Title: RHSA-2008:0616 -- thunderbird security update (Moderate)
Description: Updated thunderbird packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Multiple flaws were found in the processing of malformed JavaScript content. An HTML mail containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)
Family: unix Class: patch
Reference(s): RHSA-2008:0616
CESA-2008:0616-CentOS 5
CVE-2008-2785
CVE-2008-2798
CVE-2008-2799
CVE-2008-2800
CVE-2008-2801
CVE-2008-2802
CVE-2008-2803
CVE-2008-2805
CVE-2008-2807
CVE-2008-2808
CVE-2008-2809
CVE-2008-2810
CVE-2008-2811
Version: 3
Platform(s): Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29008
 
Oval ID: oval:org.mitre.oval:def:29008
Title: RHSA-2008:0879 -- firefox security update (Critical)
Description: All firefox users should upgrade to this updated package, which contains backported patches that correct these issues.
Family: unix Class: patch
Reference(s): RHSA-2008:0879
CESA-2008:0879-CentOS 5
CVE-2008-3837
CVE-2008-4058
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4063
CVE-2008-4064
CVE-2008-4065
CVE-2008-4067
CVE-2008-4068
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
CentOS Linux 5
Product(s): firefox
devhelp
nss
xulrunner
yelp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29028
 
Oval ID: oval:org.mitre.oval:def:29028
Title: RHSA-2008:0569 -- firefox security update (Critical)
Description: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Multiple flaws were found in the processing of malformed JavaScript content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)
Family: unix Class: patch
Reference(s): RHSA-2008:0569
CESA-2008:0569-CentOS 5
CVE-2008-2798
CVE-2008-2799
CVE-2008-2800
CVE-2008-2801
CVE-2008-2802
CVE-2008-2803
CVE-2008-2805
CVE-2008-2807
CVE-2008-2808
CVE-2008-2809
CVE-2008-2810
CVE-2008-2811
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): devhelp
firefox
xulrunner
yelp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29201
 
Oval ID: oval:org.mitre.oval:def:29201
Title: RHSA-2009:0002 -- thunderbird security update (Moderate)
Description: Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513)
Family: unix Class: patch
Reference(s): RHSA-2009:0002
CESA-2009:0002-CentOS 5
CVE-2008-5500
CVE-2008-5501
CVE-2008-5502
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
CVE-2008-5513
Version: 3
Platform(s): Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29215
 
Oval ID: oval:org.mitre.oval:def:29215
Title: RHSA-2008:1036 -- firefox security update (Critical)
Description: Note: after the errata packages are installed, Firefox must be restarted for the update to take effect. All firefox users should upgrade to these updated packages, which contain backported patches that correct these issues.
Family: unix Class: patch
Reference(s): RHSA-2008:1036
CESA-2008:1036-CentOS 5
CVE-2008-5500
CVE-2008-5501
CVE-2008-5502
CVE-2008-5505
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5510
CVE-2008-5511
CVE-2008-5512
CVE-2008-5513
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
CentOS Linux 5
Product(s): firefox
nspr
nss
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29237
 
Oval ID: oval:org.mitre.oval:def:29237
Title: RHSA-2008:0978 -- firefox security update (Critical)
Description: All firefox users should upgrade to these updated packages, which contain backported patches that correct these issues.
Family: unix Class: patch
Reference(s): RHSA-2008:0978
CESA-2008:0978-CentOS 5
CVE-2008-0017
CVE-2008-5014
CVE-2008-5015
CVE-2008-5016
CVE-2008-5017
CVE-2008-5018
CVE-2008-5019
CVE-2008-5021
CVE-2008-5022
CVE-2008-5023
CVE-2008-5024
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
CentOS Linux 5
Product(s): firefox
nss
devhelp
xulrunner
yelp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7461
 
Oval ID: oval:org.mitre.oval:def:7461
Title: DSA-1614 iceweasel -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code. Billy Rios discovered that passing an URL containing a pipe symbol to Iceweasel can lead to Chrome privilege escalation.
Family: unix Class: patch
Reference(s): DSA-1614
CVE-2008-2785
CVE-2008-2933
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): iceweasel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7564
 
Oval ID: oval:org.mitre.oval:def:7564
Title: DSA-1621 icedove -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that a buffer overflow in MIME decoding can lead to the execution of arbitrary code. It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code. Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. "moz_bug_r_a4" discovered that XUL documents can escalate privileges by accessing the pre-compiled "fastload" file. "moz_bug_r_a4" discovered that missing input sanitising in the mozIJSSubScriptLoader.loadSubScript() function could lead to the execution of arbitrary code. Iceweasel itself is not affected, but some addons are. Daniel Glazman discovered that a programming error in the code for parsing .properties files could lead to memory content being exposed to addons, which could lead to information disclosure. John G. Myers, Frank Benkstein and Nils Toedtmann discovered that alternate names on self-signed certificates were handled insufficiently, which could lead to spoofings secure connections. Greg McManus discovered discovered a crash in the block reflow code, which might allow the execution of arbitrary code. For the stable distribution (etch), these problems have been fixed in version 1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1. Packages for s390 are not yet available and will be provided later. For the unstable distribution (sid), these problems have been fixed in version 2.0.0.16-1. We recommend that you upgrade your icedove package.
Family: unix Class: patch
Reference(s): DSA-1621
CVE-2008-0304
CVE-2008-2785
CVE-2008-2798
CVE-2008-2799
CVE-2008-2802
CVE-2008-2803
CVE-2008-2807
CVE-2008-2809
CVE-2008-2811
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): icedove
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7636
 
Oval ID: oval:org.mitre.oval:def:7636
Title: DSA-1704 xulrunner -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. (MFSA 2008-60) Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. (MFSA 2008-61) Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. (MFSA 2008-64) Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. (MFSA 2008-65) Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. (MFSA 2008-66) It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." (MFSA 2008-68) It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. (MFSA 2008-68)
Family: unix Class: patch
Reference(s): DSA-1704
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7657
 
Oval ID: oval:org.mitre.oval:def:7657
Title: DSA-1649 iceweasel -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. moz_bug_r_a4 discovered that the same-origin check in nsXMLDocument::OnChannelRedirect() could by bypassed. moz_bug_r_a4 discovered that several vulnerabilities in feedWriter could lead to Chrome privilege escalation. Paul Nickerson discovered that an attacker could move windows during a mouse click, resulting in unwanted action triggered by drag-and-drop. moz_bug_r_a4 discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. moz_bug_r_a4 discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. Olli Pettay and moz_bug_r_a4 discovered a Chrome privilege escalation vulnerability in XSLT handling. Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string. Gareth Heyes discovered that some Unicode surrogate characters are ignored by the HTML parser. Boris Zbarsky discovered that resource: URLs allow directory traversal when using URL-encoded slashes. Georgi Guninski discovered that resource: URLs could bypass local access restrictions. Billy Hoffman discovered that the XBM decoder could reveal uninitialised memory.
Family: unix Class: patch
Reference(s): DSA-1649
CVE-2008-0016
CVE-2008-3835
CVE-2008-3836
CVE-2008-3837
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4065
CVE-2008-4066
CVE-2008-4067
CVE-2008-4068
CVE-2008-4069
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): iceweasel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7740
 
Oval ID: oval:org.mitre.oval:def:7740
Title: DSA-1669 xulrunner -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. "moz_bug_r_a4" discovered that the same-origin check in nsXMLDocument::OnChannelRedirect() could by bypassed. "moz_bug_r_a4" discovered that several vulnerabilities in feedWriter could lead to Chrome privilege escalation. Paul Nickerson discovered that an attacker could move windows during a mouse click, resulting in unwanted action triggered by drag-and-drop. "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability in XSLT handling. Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string. Gareth Heyes discovered that some Unicode surrogate characters are ignored by the HTML parser. Boris Zbarsky discovered that resource: URls allow directory traversal when using URL-encoded slashes. Georgi Guninski discovered that resource: URLs could bypass local access restrictions. Billy Hoffman discovered that the XBM decoder could reveal uninitialised memory. Liu Die Yu discovered an information leak through local shortcut files. Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. It was discovered that insufficient checks in the Flash plugin glue code could lead to arbitrary code execution. Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. It was discovered that crashes in the layout engine could lead to arbitrary code execution. It was discovered that crashes in the Javascript engine could lead to arbitrary code execution. Justin Schuh discovered that a buffer overflow in http-index-format parser could lead to arbitrary code execution. It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. "moz_bug_r_a4" discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners() could be bypassed. Collin Jackson discovered that the -moz-binding property bypasses security checks on codebase principals. Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents.
Family: unix Class: patch
Reference(s): DSA-1669
CVE-2008-0016
CVE-2008-3835
CVE-2008-3836
CVE-2008-3837
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4065
CVE-2008-4066
CVE-2008-4067
CVE-2008-4068
CVE-2008-4069
CVE-2008-4582
CVE-2008-5012
CVE-2008-5013
CVE-2008-5014
CVE-2008-5017
CVE-2008-5018
CVE-2008-0017
CVE-2008-5021
CVE-2008-5022
CVE-2008-5023
CVE-2008-5024
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7805
 
Oval ID: oval:org.mitre.oval:def:7805
Title: DSA-1707 iceweasel -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. (MFSA 2008-60) Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. (MFSA 2008-61) It was discovered that attackers could run arbitrary JavaScript with chrome privileges via vectors related to the feed preview. (MFSA 2008-62) Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. (MFSA 2008-64) Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. (MFSA 2008-65) Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. (MFSA 2008-66) Kojima Hajime and Jun Muto discovered that escaped null characters were ignored by the CSS parser and could lead to the bypass of protection mechanisms (MFSA 2008-67) It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." (MFSA 2008-68) It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. (MFSA 2008-68) moz_bug_r_a4 discovered that the session-restore feature does not properly sanitise input leading to arbitrary injections. This issue could be used to perform an XSS attack or run arbitrary JavaScript with chrome privileges. (MFSA 2008-69)
Family: unix Class: patch
Reference(s): DSA-1707
CVE-2008-5500
CVE-2008-5503
CVE-2008-5504
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5510
CVE-2008-5511
CVE-2008-5512
CVE-2008-5513
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): iceweasel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7950
 
Oval ID: oval:org.mitre.oval:def:7950
Title: DSA-1697 iceape -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in Iceape an unbranded version of the Seamonkey internet suite. The Common Vulnerabilities and Exposures project identifies the following problems: Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. (MFSA 2008-37) It was discovered that a buffer overflow in MIME decoding can lead to the execution of arbitrary code. (MFSA 2008-26) It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code. (MFSA 2008-34) Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. (MFSA 2008-21) Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. (MFSA 2008-21) "moz_bug_r_a4" discovered several cross-site scripting vulnerabilities. (MFSA 2008-22) Collin Jackson and Adam Barth discovered that Javascript code could be executed in the context or signed JAR archives. (MFSA 2008-23) "moz_bug_r_a4" discovered that XUL documements can escalate privileges by accessing the pre-compiled "fastload" file. (MFSA 2008-24) "moz_bug_r_a4" discovered that missing input sanitising in the mozIJSSubScriptLoader.loadSubScript() function could lead to the execution of arbitrary code. Iceape itself is not affected, but some addons are. (MFSA 2008-25) Claudio Santambrogio discovered that missing access validation in DOM parsing allows malicious web sites to force the browser to upload local files to the server, which could lead to information disclosure. (MFSA 2008-27) Daniel Glazman discovered that a programming error in the code for parsing .properties files could lead to memory content being exposed to addons, which could lead to information disclosure. (MFSA 2008-29) Masahiro Yamada discovered that file URLs in directory listings were insufficiently escaped. (MFSA 2008-30) John G. Myers, Frank Benkstein and Nils Toedtmann discovered that alternate names on self-signed certificates were handled insufficiently, which could lead to spoofings of secure connections. (MFSA 2008-31) It was discovered that URL shortcut files could be used to bypass the same-origin restrictions. This issue does not affect current Iceape, but might occur with additional extensions installed. (MFSA 2008-32) Greg McManus discovered a crash in the block reflow code, which might allow the execution of arbitrary code. (MFSA 2008-33) Billy Rios discovered that passing an URL containing a pipe symbol to Iceape can lead to Chrome privilege escalation. (MFSA 2008-35) "moz_bug_r_a4" discovered that the same-origin check in nsXMLDocument::OnChannelRedirect() could be bypassed. (MFSA 2008-38) "moz_bug_r_a4" discovered that several vulnerabilities in feedWriter could lead to Chrome privilege escalation. (MFSA 2008-39) Paul Nickerson discovered that an attacker could move windows during a mouse click, resulting in unwanted action triggered by drag-and-drop. (MFSA 2008-40) "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41) "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41) Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability in XSLT handling. (MFSA 2008-41) Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. (MFSA 2008-42) Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. (MFSA 2008-42) Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string. (MFSA 2008-43) Boris Zbarsky discovered that resource: URLs allow directory traversal when using URL-encoded slashes. (MFSA 2008-44) Georgi Guninski discovered that resource: URLs could bypass local access restrictions. (MFSA 2008-44) Billy Hoffman discovered that the XBM decoder could reveal uninitialised memory. (MFSA 2008-45) It was discovered that a buffer overflow could be triggered via a long header in a news article, which could lead to arbitrary code execution. (MFSA 2008-46) Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. (MFSA 2008-48) It was discovered that insufficient checks in the Flash plugin glue code could lead to arbitrary code execution. (MFSA 2008-49) Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. (MFSA 2008-50) It was discovered that crashes in the layout engine could lead to arbitrary code execution. (MFSA 2008-52) Justin Schuh discovered that a buffer overflow in http-index-format parser could lead to arbitrary code execution. (MFSA 2008-54) It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. (MFSA 2008-55) "moz_bug_r_a4" discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners() could be bypassed. (MFSA 2008-56) Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. (MFSA 2008-58) Liu Die Yu discovered an information leak through local shortcut files. (MFSA 2008-59) Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. (MFSA 2008-60) Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. (MFSA 2008-61) Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. (MFSA 2008-64) Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. (MFSA 2008-65) Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. (MFSA 2008-66) It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." (MFSA 2008-68) It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. (MFSA 2008-68)
Family: unix Class: patch
Reference(s): DSA-1697
CVE-2008-0016
CVE-2008-0304
CVE-2008-2785
CVE-2008-2798
CVE-2008-2799
CVE-2008-2800
CVE-2008-2801
CVE-2008-2802
CVE-2008-2803
CVE-2008-2805
CVE-2008-2807
CVE-2008-2808
CVE-2008-2809
CVE-2008-2810
CVE-2008-2811
CVE-2008-2933
CVE-2008-3835
CVE-2008-3836
CVE-2008-3837
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4065
CVE-2008-4067
CVE-2008-4068
CVE-2008-4069
CVE-2008-4070
CVE-2008-4582
CVE-2008-5012
CVE-2008-5013
CVE-2008-5014
CVE-2008-5017
CVE-2008-0017
CVE-2008-5021
CVE-2008-5024
CVE-2008-5022
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): iceape
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8021
 
Oval ID: oval:org.mitre.oval:def:8021
Title: DSA-1696 icedove -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. (MFSA 2008-37) It was discovered that crashes in the Javascript engine could potentially lead to the execution of arbitrary code. (MFSA 2008-20) "moz_bug_r_a4" discovered that the same-origin check in nsXMLDocument::OnChannelRedirect() could be bypassed. (MFSA 2008-38) "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41) "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41) Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability in XSLT handling. (MFSA 2008-41) Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. (MFSA 2008-42) Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. (MFSA 2008-42) Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string. (MFSA 2008-43) It was discovered that a directory traversal allows attackers to read arbitrary files via a certain character. (MFSA 2008-44) It was discovered that a directory traversal allows attackers to bypass security restrictions and obtain sensitive information. (MFSA 2008-44) It was discovered that a buffer overflow could be triggered via a long header in a news article, which could lead to arbitrary code execution. (MFSA 2008-46) Liu Die Yu and Boris Zbarsky discovered an information leak through local shortcut files. (MFSA 2008-47, MFSA 2008-59) Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. (MFSA 2008-48) Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. (MFSA 2008-50) It was discovered that crashes in the layout engine could lead to arbitrary code execution. (MFSA 2008-52) It was discovered that crashes in the Javascript engine could lead to arbitrary code execution. (MFSA 2008-52) It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. (MFSA 2008-55) "moz_bug_r_a4" discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners() could be bypassed. (MFSA 2008-56) Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. (MFSA 2008-58) Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. (MFSA 2008-60) Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. (MFSA 2008-61) Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. (MFSA 2008-64) Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. (MFSA 2008-65) Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. (MFSA 2008-66) It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." (MFSA 2008-68) It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. (MFSA 2008-68)
Family: unix Class: patch
Reference(s): DSA-1696
CVE-2008-0016
CVE-2008-1380
CVE-2008-3835
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4065
CVE-2008-4067
CVE-2008-4068
CVE-2008-4070
CVE-2008-4582
CVE-2008-5012
CVE-2008-5014
CVE-2008-5017
CVE-2008-5018
CVE-2008-5021
CVE-2008-5022
CVE-2008-5024
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): icedove
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8044
 
Oval ID: oval:org.mitre.oval:def:8044
Title: DSA-1615 xulrunner -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code. Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. moz_bug_r_a4 discovered several cross-site scripting vulnerabilities. Collin Jackson and Adam Barth discovered that Javascript code could be executed in the context of signed JAR archives. moz_bug_r_a4 discovered that XUL documents can escalate privileges by accessing the pre-compiled fastload file. moz_bug_r_a4 discovered that missing input sanitising in the mozIJSSubScriptLoader.loadSubScript() function could lead to the execution of arbitrary code. Iceweasel itself is not affected, but some addons are. Claudio Santambrogio discovered that missing access validation in DOM parsing allows malicious web sites to force the browser to upload local files to the server, which could lead to information disclosure. Daniel Glazman discovered that a programming error in the code for parsing .properties files could lead to memory content being exposed to addons, which could lead to information disclosure. Masahiro Yamada discovered that file URLs in directory listings were insufficiently escaped. John G. Myers, Frank Benkstein and Nils Toedtmann discovered that alternate names on self-signed certificates were handled insufficiently, which could lead to spoofing of secure connections. Greg McManus discovered a crash in the block reflow code, which might allow the execution of arbitrary code. Billy Rios discovered that passing an URL containing a pipe symbol to Iceweasel can lead to Chrome privilege escalation.
Family: unix Class: patch
Reference(s): DSA-1615
CVE-2008-2785
CVE-2008-2798
CVE-2008-2799
CVE-2008-2800
CVE-2008-2801
CVE-2008-2802
CVE-2008-2803
CVE-2008-2805
CVE-2008-2807
CVE-2008-2808
CVE-2008-2809
CVE-2008-2811
CVE-2008-2933
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8140
 
Oval ID: oval:org.mitre.oval:def:8140
Title: DSA-1671 iceweasel -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Iceweasel webbrowser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: Justin Schuh discovered that a buffer overflow in the http-index-format parser could lead to arbitrary code execution. Liu Die Yu discovered an information leak through local shortcut files. Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. It was discovered that insufficient checks in the Flash plugin glue code could lead to arbitrary code execution. Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. It was discovered that crashes in the layout engine could lead to arbitrary code execution. It was discovered that crashes in the Javascript engine could lead to arbitrary code execution. It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. moz_bug_r_a4 discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners() could be bypassed. Collin Jackson discovered that the -moz-binding property bypasses security checks on codebase principals. Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents.
Family: unix Class: patch
Reference(s): DSA-1671
CVE-2008-0017
CVE-2008-4582
CVE-2008-5012
CVE-2008-5013
CVE-2008-5014
CVE-2008-5017
CVE-2008-5018
CVE-2008-5021
CVE-2008-5022
CVE-2008-5023
CVE-2008-5024
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): iceweasel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8196
 
Oval ID: oval:org.mitre.oval:def:8196
Title: DSA-1607 iceweasel -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. "moz_bug_r_a4" discovered several cross-site scripting vulnerabilities. Collin Jackson and Adam Barth discovered that Javascript code could be executed in the context of signed JAR archives. "moz_bug_r_a4" discovered that XUL documents can escalate privileges by accessing the pre-compiled "fastload" file. "moz_bug_r_a4" discovered that missing input sanitising in the mozIJSSubScriptLoader.loadSubScript() function could lead to the execution of arbitrary code. Iceweasel itself is not affected, but some addons are. Claudio Santambrogio discovered that missing access validation in DOM parsing allows malicious web sites to force the browser to upload local files to the server, which could lead to information disclosure. Daniel Glazman discovered that a programming error in the code for parsing .properties files could lead to memory content being exposed to addons, which could lead to information disclosure. Masahiro Yamada discovered that file URLS in directory listings were insufficiently escaped. John G. Myers, Frank Benkstein and Nils Toedtmann discovered that alternate names on self-signed certificates were handled insufficiently, which could lead to spoofings secure connections. Greg McManus discovered a crash in the block reflow code, which might allow the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1607
CVE-2008-2798
CVE-2008-2799
CVE-2008-2800
CVE-2008-2801
CVE-2008-2802
CVE-2008-2803
CVE-2008-2805
CVE-2008-2807
CVE-2008-2808
CVE-2008-2809
CVE-2008-2811
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): iceweasel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8880
 
Oval ID: oval:org.mitre.oval:def:8880
Title: Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "javascript" sequence, aka "HTML escaped low surrogates bug."
Description: Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav&#56325ascript" sequence, aka "HTML escaped low surrogates bug."
Family: unix Class: vulnerability
Reference(s): CVE-2008-4066
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9063
 
Oval ID: oval:org.mitre.oval:def:9063
Title: Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.
Description: Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5024
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9157
 
Oval ID: oval:org.mitre.oval:def:9157
Title: jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.
Description: jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5014
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9376
 
Oval ID: oval:org.mitre.oval:def:9376
Title: Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.
Description: Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5507
Version: 6
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9386
 
Oval ID: oval:org.mitre.oval:def:9386
Title: Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors involving (1) an event handler attached to an outer window, (2) a SCRIPT element in an unloaded document, or (3) the onreadystatechange handler in conjunction with an XMLHttpRequest.
Description: Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors involving (1) an event handler attached to an outer window, (2) a SCRIPT element in an unloaded document, or (3) the onreadystatechange handler in conjunction with an XMLHttpRequest.
Family: unix Class: vulnerability
Reference(s): CVE-2008-2800
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9432
 
Oval ID: oval:org.mitre.oval:def:9432
Title: Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties file.
Description: Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties file.
Family: unix Class: vulnerability
Reference(s): CVE-2008-2807
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9529
 
Oval ID: oval:org.mitre.oval:def:9529
Title: The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.
Description: The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4059
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9642
 
Oval ID: oval:org.mitre.oval:def:9642
Title: nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.
Description: nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5021
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9643
 
Oval ID: oval:org.mitre.oval:def:9643
Title: The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.
Description: The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2008-3835
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9660
 
Oval ID: oval:org.mitre.oval:def:9660
Title: Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address.
Description: Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5013
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9662
 
Oval ID: oval:org.mitre.oval:def:9662
Title: The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines.
Description: The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5510
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9668
 
Oval ID: oval:org.mitre.oval:def:9668
Title: Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.
Description: Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.
Family: unix Class: vulnerability
Reference(s): CVE-2008-2808
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9679
 
Oval ID: oval:org.mitre.oval:def:9679
Title: The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS.
Description: The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4058
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9814
 
Oval ID: oval:org.mitre.oval:def:9814
Title: Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers."
Description: Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers."
Family: unix Class: vulnerability
Reference(s): CVE-2008-5512
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9865
 
Oval ID: oval:org.mitre.oval:def:9865
Title: The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines.
Description: The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines.
Family: unix Class: vulnerability
Reference(s): CVE-2008-2811
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9872
 
Oval ID: oval:org.mitre.oval:def:9872
Title: The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class.
Description: The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5018
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9900
 
Oval ID: oval:org.mitre.oval:def:9900
Title: Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349.
Description: Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349.
Family: unix Class: vulnerability
Reference(s): CVE-2008-2785
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9908
 
Oval ID: oval:org.mitre.oval:def:9908
Title: Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.
Description: Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5023
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9950
 
Oval ID: oval:org.mitre.oval:def:9950
Title: Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823.
Description: Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823.
Family: unix Class: vulnerability
Reference(s): CVE-2008-3837
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 157
Application 35
Application 83
Application 1
Os 7
Os 2

SAINT Exploits

Description Link
Mozilla Firefox UTF-8 URL buffer overflow More info here

ExploitDB Exploits

id Description
2009-09-14 Mozilla Firefox 2.0.0.16 UTF-8 URL Remote Buffer Overflow Exploit

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for thunderbird CESA-2009:0002 centos4 i386
File : nvt/gb_CESA-2009_0002_thunderbird_centos4_i386.nasl
2011-08-09 Name : CentOS Update for thunderbird CESA-2009:0002 centos5 i386
File : nvt/gb_CESA-2009_0002_thunderbird_centos5_i386.nasl
2009-10-13 Name : SLES10: Security update for MozillaFirefox
File : nvt/sles10_MozillaFirefox.nasl
2009-10-13 Name : SLES10: Security update for MozillaFirefox
File : nvt/sles10_MozillaFirefox0.nasl
2009-10-13 Name : SLES10: Security update for MozillaFirefox
File : nvt/sles10_MozillaFirefox1.nasl
2009-10-13 Name : SLES10: Security update for MozillaFirefox
File : nvt/sles10_MozillaFirefox4.nasl
2009-10-13 Name : SLES10: Security update for MozillaFirefox
File : nvt/sles10_MozillaFirefox5.nasl
2009-10-13 Name : SLES10: Security update for MozillaFirefox
File : nvt/sles10_MozillaFirefox6.nasl
2009-10-13 Name : SLES10: Security update for Epiphany
File : nvt/sles10_epiphany.nasl
2009-10-13 Name : SLES10: Security update for Mozilla
File : nvt/sles10_gecko-sdk.nasl
2009-10-13 Name : SLES10: Security update for gecko-sdk and mozilla-xulrunner
File : nvt/sles10_gecko-sdk0.nasl
2009-10-10 Name : SLES9: Security update for Epiphany and Mozilla
File : nvt/sles9p5036604.nasl
2009-10-10 Name : SLES9: Security update for Epiphany
File : nvt/sles9p5040940.nasl
2009-06-05 Name : Ubuntu USN-707-1 (cupsys)
File : nvt/ubuntu_707_1.nasl
2009-06-03 Name : Solaris Update for Mozilla 1.7 125539-06
File : nvt/gb_solaris_125539_06.nasl
2009-06-03 Name : Solaris Update for Mozilla Firefox Web browser 125540-06
File : nvt/gb_solaris_125540_06.nasl
2009-06-03 Name : Solaris Update for Mozilla 1.7 125541-04
File : nvt/gb_solaris_125541_04.nasl
2009-06-03 Name : Solaris Update for Mozilla Thunderbird email client 125542-04
File : nvt/gb_solaris_125542_04.nasl
2009-04-09 Name : Mandriva Update for mozilla-firefox MDVSA-2008:136 (mozilla-firefox)
File : nvt/gb_mandriva_MDVSA_2008_136.nasl
2009-04-09 Name : Mandriva Update for mozilla-firefox MDVSA-2008:148 (mozilla-firefox)
File : nvt/gb_mandriva_MDVSA_2008_148.nasl
2009-04-09 Name : Mandriva Update for mozilla-thunderbird MDVSA-2008:155 (mozilla-thunderbird)
File : nvt/gb_mandriva_MDVSA_2008_155.nasl
2009-04-09 Name : Mandriva Update for mozilla-thunderbird MDVSA-2008:155-1 (mozilla-thunderbird)
File : nvt/gb_mandriva_MDVSA_2008_155_1.nasl
2009-04-09 Name : Mandriva Update for mozilla-firefox MDVSA-2008:205 (mozilla-firefox)
File : nvt/gb_mandriva_MDVSA_2008_205.nasl
2009-04-09 Name : Mandriva Update for mozilla-thunderbird MDVSA-2008:206 (mozilla-thunderbird)
File : nvt/gb_mandriva_MDVSA_2008_206.nasl
2009-04-09 Name : Mandriva Update for mozilla-firefox MDVSA-2008:228 (mozilla-firefox)
File : nvt/gb_mandriva_MDVSA_2008_228.nasl
2009-04-09 Name : Mandriva Update for firefox MDVSA-2008:230 (firefox)
File : nvt/gb_mandriva_MDVSA_2008_230.nasl
2009-04-09 Name : Mandriva Update for mozilla-thunderbird MDVSA-2008:235 (mozilla-thunderbird)
File : nvt/gb_mandriva_MDVSA_2008_235.nasl
2009-04-09 Name : Mandriva Update for mozilla-firefox MDVSA-2008:244 (mozilla-firefox)
File : nvt/gb_mandriva_MDVSA_2008_244.nasl
2009-04-09 Name : Mandriva Update for firefox MDVSA-2008:245 (firefox)
File : nvt/gb_mandriva_MDVSA_2008_245.nasl
2009-03-23 Name : Ubuntu Update for firefox vulnerabilities USN-619-1
File : nvt/gb_ubuntu_USN_619_1.nasl
2009-03-23 Name : Ubuntu Update for firefox vulnerabilities USN-623-1
File : nvt/gb_ubuntu_USN_623_1.nasl
2009-03-23 Name : Ubuntu Update for firefox-3.0, xulrunner-1.9 vulnerabilities USN-626-1
File : nvt/gb_ubuntu_USN_626_1.nasl
2009-03-23 Name : Ubuntu Update for devhelp, epiphany-browser, midbrowser, yelp update USN-626-2
File : nvt/gb_ubuntu_USN_626_2.nasl
2009-03-23 Name : Ubuntu Update for mozilla-thunderbird, thunderbird vulnerabilities USN-629-1
File : nvt/gb_ubuntu_USN_629_1.nasl
2009-03-23 Name : Ubuntu Update for firefox, firefox-3.0, xulrunner-1.9 vulnerabilities USN-645-1
File : nvt/gb_ubuntu_USN_645_1.nasl
2009-03-23 Name : Ubuntu Update for firefox vulnerabilities USN-645-2
File : nvt/gb_ubuntu_USN_645_2.nasl
2009-03-23 Name : Ubuntu Update for firefox-3.0, xulrunner-1.9 regression USN-645-3
File : nvt/gb_ubuntu_USN_645_3.nasl
2009-03-23 Name : Ubuntu Update for mozilla-thunderbird, thunderbird vulnerabilities USN-647-1
File : nvt/gb_ubuntu_USN_647_1.nasl
2009-03-23 Name : Ubuntu Update for firefox, firefox-3.0, xulrunner-1.9 vulnerabilities USN-667-1
File : nvt/gb_ubuntu_USN_667_1.nasl
2009-03-23 Name : Ubuntu Update for mozilla-thunderbird, thunderbird vulnerabilities USN-668-1
File : nvt/gb_ubuntu_USN_668_1.nasl
2009-03-23 Name : Ubuntu Update for firefox-3.0, xulrunner-1.9 vulnerabilities USN-690-1
File : nvt/gb_ubuntu_USN_690_1.nasl
2009-03-23 Name : Ubuntu Update for firefox vulnerabilities USN-690-2
File : nvt/gb_ubuntu_USN_690_2.nasl
2009-03-23 Name : Ubuntu Update for firefox vulnerabilities USN-690-3
File : nvt/gb_ubuntu_USN_690_3.nasl
2009-03-06 Name : RedHat Update for seamonkey RHSA-2008:0547-01
File : nvt/gb_RHSA-2008_0547-01_seamonkey.nasl
2009-03-06 Name : RedHat Update for firefox RHSA-2008:0549-01
File : nvt/gb_RHSA-2008_0549-01_firefox.nasl
2009-03-06 Name : RedHat Update for firefox RHSA-2008:0569-01
File : nvt/gb_RHSA-2008_0569-01_firefox.nasl
2009-03-06 Name : RedHat Update for firefox RHSA-2008:0597-01
File : nvt/gb_RHSA-2008_0597-01_firefox.nasl
2009-03-06 Name : RedHat Update for firefox RHSA-2008:0598-02
File : nvt/gb_RHSA-2008_0598-02_firefox.nasl
2009-03-06 Name : RedHat Update for seamonkey RHSA-2008:0599-01
File : nvt/gb_RHSA-2008_0599-01_seamonkey.nasl
2009-03-06 Name : RedHat Update for thunderbird RHSA-2008:0616-01
File : nvt/gb_RHSA-2008_0616-01_thunderbird.nasl
2009-03-06 Name : RedHat Update for firefox RHSA-2008:0879-01
File : nvt/gb_RHSA-2008_0879-01_firefox.nasl
2009-03-06 Name : RedHat Update for seamonkey RHSA-2008:0882-01
File : nvt/gb_RHSA-2008_0882-01_seamonkey.nasl
2009-03-06 Name : RedHat Update for thunderbird RHSA-2008:0908-01
File : nvt/gb_RHSA-2008_0908-01_thunderbird.nasl
2009-03-06 Name : RedHat Update for thunderbird RHSA-2008:0976-01
File : nvt/gb_RHSA-2008_0976-01_thunderbird.nasl
2009-03-06 Name : RedHat Update for seamonkey RHSA-2008:0977-01
File : nvt/gb_RHSA-2008_0977-01_seamonkey.nasl
2009-03-06 Name : RedHat Update for firefox RHSA-2008:0978-01
File : nvt/gb_RHSA-2008_0978-01_firefox.nasl
2009-03-06 Name : RedHat Update for firefox RHSA-2008:1036-01
File : nvt/gb_RHSA-2008_1036-01_firefox.nasl
2009-03-06 Name : RedHat Update for seamonkey RHSA-2008:1037-01
File : nvt/gb_RHSA-2008_1037-01_seamonkey.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:0547-01 centos2 i386
File : nvt/gb_CESA-2008_0547-01_seamonkey_centos2_i386.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:0547 centos3 i386
File : nvt/gb_CESA-2008_0547_seamonkey_centos3_i386.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:0547 centos3 x86_64
File : nvt/gb_CESA-2008_0547_seamonkey_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:0547 centos4 i386
File : nvt/gb_CESA-2008_0547_seamonkey_centos4_i386.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:0547 centos4 x86_64
File : nvt/gb_CESA-2008_0547_seamonkey_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for firefox CESA-2008:0549 centos3 i386
File : nvt/gb_CESA-2008_0549_firefox_centos3_i386.nasl
2009-02-27 Name : CentOS Update for firefox CESA-2008:0549 centos3 x86_64
File : nvt/gb_CESA-2008_0549_firefox_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for firefox CESA-2008:0549 centos4 i386
File : nvt/gb_CESA-2008_0549_firefox_centos4_i386.nasl
2009-02-27 Name : CentOS Update for firefox CESA-2008:0549 centos4 x86_64
File : nvt/gb_CESA-2008_0549_firefox_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for firefox CESA-2008:0598 centos3 i386
File : nvt/gb_CESA-2008_0598_firefox_centos3_i386.nasl
2009-02-27 Name : CentOS Update for firefox CESA-2008:0598 centos3 x86_64
File : nvt/gb_CESA-2008_0598_firefox_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:0599-01 centos2 i386
File : nvt/gb_CESA-2008_0599-01_seamonkey_centos2_i386.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:0599 centos3 i386
File : nvt/gb_CESA-2008_0599_seamonkey_centos3_i386.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:0599 centos3 x86_64
File : nvt/gb_CESA-2008_0599_seamonkey_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:0882-01 centos2 i386
File : nvt/gb_CESA-2008_0882-01_seamonkey_centos2_i386.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:0882 centos3 i386
File : nvt/gb_CESA-2008_0882_seamonkey_centos3_i386.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:0882 centos3 x86_64
File : nvt/gb_CESA-2008_0882_seamonkey_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for thunderbird CESA-2008:0908 centos4 i386
File : nvt/gb_CESA-2008_0908_thunderbird_centos4_i386.nasl
2009-02-27 Name : CentOS Update for thunderbird CESA-2008:0908 centos4 x86_64
File : nvt/gb_CESA-2008_0908_thunderbird_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for thunderbird CESA-2008:0976 centos4 i386
File : nvt/gb_CESA-2008_0976_thunderbird_centos4_i386.nasl
2009-02-27 Name : CentOS Update for thunderbird CESA-2008:0976 centos4 x86_64
File : nvt/gb_CESA-2008_0976_thunderbird_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:0977-01 centos2 i386
File : nvt/gb_CESA-2008_0977-01_seamonkey_centos2_i386.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:0977 centos3 i386
File : nvt/gb_CESA-2008_0977_seamonkey_centos3_i386.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:0977 centos3 x86_64
File : nvt/gb_CESA-2008_0977_seamonkey_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:0977 centos4 i386
File : nvt/gb_CESA-2008_0977_seamonkey_centos4_i386.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:0977 centos4 x86_64
File : nvt/gb_CESA-2008_0977_seamonkey_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for firefox CESA-2008:0978 centos4 i386
File : nvt/gb_CESA-2008_0978_firefox_centos4_i386.nasl
2009-02-27 Name : CentOS Update for firefox CESA-2008:0978 centos4 x86_64
File : nvt/gb_CESA-2008_0978_firefox_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:1037-01 centos2 i386
File : nvt/gb_CESA-2008_1037-01_seamonkey_centos2_i386.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:1037 centos3 i386
File : nvt/gb_CESA-2008_1037_seamonkey_centos3_i386.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:1037 centos3 x86_64
File : nvt/gb_CESA-2008_1037_seamonkey_centos3_x86_64.nasl
2009-02-17 Name : Fedora Update for Miro FEDORA-2008-6127
File : nvt/gb_fedora_2008_6127_Miro_fc8.nasl
2009-02-17 Name : Fedora Update for blam FEDORA-2008-6127
File : nvt/gb_fedora_2008_6127_blam_fc8.nasl
2009-02-17 Name : Fedora Update for chmsee FEDORA-2008-6127
File : nvt/gb_fedora_2008_6127_chmsee_fc8.nasl
2009-02-17 Name : Fedora Update for devhelp FEDORA-2008-6127
File : nvt/gb_fedora_2008_6127_devhelp_fc8.nasl
2009-02-17 Name : Fedora Update for epiphany-extensions FEDORA-2008-6127
File : nvt/gb_fedora_2008_6127_epiphany-extensions_fc8.nasl
2009-02-17 Name : Fedora Update for epiphany FEDORA-2008-6127
File : nvt/gb_fedora_2008_6127_epiphany_fc8.nasl
2009-02-17 Name : Fedora Update for firefox FEDORA-2008-6127
File : nvt/gb_fedora_2008_6127_firefox_fc8.nasl
2009-02-17 Name : Fedora Update for galeon FEDORA-2008-6127
File : nvt/gb_fedora_2008_6127_galeon_fc8.nasl
2009-02-17 Name : Fedora Update for gnome-python2-extras FEDORA-2008-6127
File : nvt/gb_fedora_2008_6127_gnome-python2-extras_fc8.nasl
2009-02-17 Name : Fedora Update for gnome-web-photo FEDORA-2008-6127
File : nvt/gb_fedora_2008_6127_gnome-web-photo_fc8.nasl
2009-02-17 Name : Fedora Update for gtkmozembedmm FEDORA-2008-6127
File : nvt/gb_fedora_2008_6127_gtkmozembedmm_fc8.nasl
2009-02-17 Name : Fedora Update for kazehakase FEDORA-2008-6127
File : nvt/gb_fedora_2008_6127_kazehakase_fc8.nasl
2009-02-17 Name : Fedora Update for liferea FEDORA-2008-6127
File : nvt/gb_fedora_2008_6127_liferea_fc8.nasl
2009-02-17 Name : Fedora Update for openvrml FEDORA-2008-6127
File : nvt/gb_fedora_2008_6127_openvrml_fc8.nasl
2009-02-17 Name : Fedora Update for ruby-gnome2 FEDORA-2008-6127
File : nvt/gb_fedora_2008_6127_ruby-gnome2_fc8.nasl
2009-02-17 Name : Fedora Update for yelp FEDORA-2008-6127
File : nvt/gb_fedora_2008_6127_yelp_fc8.nasl
2009-02-17 Name : Fedora Update for seamonkey FEDORA-2008-6193
File : nvt/gb_fedora_2008_6193_seamonkey_fc9.nasl
2009-02-17 Name : Fedora Update for seamonkey FEDORA-2008-6196
File : nvt/gb_fedora_2008_6196_seamonkey_fc8.nasl
2009-02-17 Name : Fedora Update for Miro FEDORA-2008-6491
File : nvt/gb_fedora_2008_6491_Miro_fc8.nasl
2009-02-17 Name : Fedora Update for blam FEDORA-2008-6491
File : nvt/gb_fedora_2008_6491_blam_fc8.nasl
2009-02-17 Name : Fedora Update for cairo-dock FEDORA-2008-6491
File : nvt/gb_fedora_2008_6491_cairo-dock_fc8.nasl
2009-02-17 Name : Fedora Update for chmsee FEDORA-2008-6491
File : nvt/gb_fedora_2008_6491_chmsee_fc8.nasl
2009-02-17 Name : Fedora Update for devhelp FEDORA-2008-6491
File : nvt/gb_fedora_2008_6491_devhelp_fc8.nasl
2009-02-17 Name : Fedora Update for epiphany-extensions FEDORA-2008-6491
File : nvt/gb_fedora_2008_6491_epiphany-extensions_fc8.nasl
2009-02-17 Name : Fedora Update for epiphany FEDORA-2008-6491
File : nvt/gb_fedora_2008_6491_epiphany_fc8.nasl
2009-02-17 Name : Fedora Update for firefox FEDORA-2008-6491
File : nvt/gb_fedora_2008_6491_firefox_fc8.nasl
2009-02-17 Name : Fedora Update for galeon FEDORA-2008-6491
File : nvt/gb_fedora_2008_6491_galeon_fc8.nasl
2009-02-17 Name : Fedora Update for gnome-python2-extras FEDORA-2008-6491
File : nvt/gb_fedora_2008_6491_gnome-python2-extras_fc8.nasl
2009-02-17 Name : Fedora Update for gnome-web-photo FEDORA-2008-6491
File : nvt/gb_fedora_2008_6491_gnome-web-photo_fc8.nasl
2009-02-17 Name : Fedora Update for gtkmozembedmm FEDORA-2008-6491
File : nvt/gb_fedora_2008_6491_gtkmozembedmm_fc8.nasl
2009-02-17 Name : Fedora Update for kazehakase FEDORA-2008-6491
File : nvt/gb_fedora_2008_6491_kazehakase_fc8.nasl
2009-02-17 Name : Fedora Update for liferea FEDORA-2008-6491
File : nvt/gb_fedora_2008_6491_liferea_fc8.nasl
2009-02-17 Name : Fedora Update for openvrml FEDORA-2008-6491
File : nvt/gb_fedora_2008_6491_openvrml_fc8.nasl
2009-02-17 Name : Fedora Update for ruby-gnome2 FEDORA-2008-6491
File : nvt/gb_fedora_2008_6491_ruby-gnome2_fc8.nasl
2009-02-17 Name : Fedora Update for yelp FEDORA-2008-6491
File : nvt/gb_fedora_2008_6491_yelp_fc8.nasl
2009-02-17 Name : Fedora Update for seamonkey FEDORA-2008-6517
File : nvt/gb_fedora_2008_6517_seamonkey_fc8.nasl
2009-02-17 Name : Fedora Update for devhelp FEDORA-2008-6518
File : nvt/gb_fedora_2008_6518_devhelp_fc9.nasl
2009-02-17 Name : Fedora Update for epiphany-extensions FEDORA-2008-6518
File : nvt/gb_fedora_2008_6518_epiphany-extensions_fc9.nasl
2009-02-17 Name : Fedora Update for epiphany FEDORA-2008-6518
File : nvt/gb_fedora_2008_6518_epiphany_fc9.nasl
2009-02-17 Name : Fedora Update for firefox FEDORA-2008-6518
File : nvt/gb_fedora_2008_6518_firefox_fc9.nasl
2009-02-17 Name : Fedora Update for xulrunner FEDORA-2008-6518
File : nvt/gb_fedora_2008_6518_xulrunner_fc9.nasl
2009-02-17 Name : Fedora Update for yelp FEDORA-2008-6518
File : nvt/gb_fedora_2008_6518_yelp_fc9.nasl
2009-02-17 Name : Fedora Update for seamonkey FEDORA-2008-6519
File : nvt/gb_fedora_2008_6519_seamonkey_fc9.nasl
2009-02-17 Name : Fedora Update for thunderbird FEDORA-2008-6706
File : nvt/gb_fedora_2008_6706_thunderbird_fc8.nasl
2009-02-17 Name : Fedora Update for thunderbird FEDORA-2008-6737
File : nvt/gb_fedora_2008_6737_thunderbird_fc9.nasl
2009-02-17 Name : Fedora Update for Miro FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_Miro_fc8.nasl
2009-02-17 Name : Fedora Update for blam FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_blam_fc8.nasl
2009-02-17 Name : Fedora Update for cairo-dock FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_cairo-dock_fc8.nasl
2009-02-17 Name : Fedora Update for chmsee FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_chmsee_fc8.nasl
2009-02-17 Name : Fedora Update for devhelp FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_devhelp_fc8.nasl
2009-02-17 Name : Fedora Update for epiphany-extensions FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_epiphany-extensions_fc8.nasl
2009-02-17 Name : Fedora Update for epiphany FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_epiphany_fc8.nasl
2009-02-17 Name : Fedora Update for evolution-rss FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_evolution-rss_fc8.nasl
2009-02-17 Name : Fedora Update for firefox FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_firefox_fc8.nasl
2009-02-17 Name : Fedora Update for galeon FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_galeon_fc8.nasl
2009-02-17 Name : Fedora Update for gnome-python2-extras FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_gnome-python2-extras_fc8.nasl
2009-02-17 Name : Fedora Update for gnome-web-photo FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_gnome-web-photo_fc8.nasl
2009-02-17 Name : Fedora Update for gtkmozembedmm FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_gtkmozembedmm_fc8.nasl
2009-02-17 Name : Fedora Update for kazehakase FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_kazehakase_fc8.nasl
2009-02-17 Name : Fedora Update for liferea FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_liferea_fc8.nasl
2009-02-17 Name : Fedora Update for openvrml FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_openvrml_fc8.nasl
2009-02-17 Name : Fedora Update for ruby-gnome2 FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_ruby-gnome2_fc8.nasl
2009-02-17 Name : Fedora Update for yelp FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_yelp_fc8.nasl
2009-02-17 Name : Fedora Update for seamonkey FEDORA-2008-8401
File : nvt/gb_fedora_2008_8401_seamonkey_fc8.nasl
2009-02-17 Name : Fedora Update for Miro FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_Miro_fc9.nasl
2009-02-17 Name : Fedora Update for blam FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_blam_fc9.nasl
2009-02-17 Name : Fedora Update for cairo-dock FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_cairo-dock_fc9.nasl
2009-02-17 Name : Fedora Update for chmsee FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_chmsee_fc9.nasl
2009-02-17 Name : Fedora Update for devhelp FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_devhelp_fc9.nasl
2009-02-17 Name : Fedora Update for epiphany-extensions FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_epiphany-extensions_fc9.nasl
2009-02-17 Name : Fedora Update for epiphany FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_epiphany_fc9.nasl
2009-02-17 Name : Fedora Update for evolution-rss FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_evolution-rss_fc9.nasl
2009-02-17 Name : Fedora Update for firefox FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_firefox_fc9.nasl
2009-02-17 Name : Fedora Update for galeon FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_galeon_fc9.nasl
2009-02-17 Name : Fedora Update for gnome-python2-extras FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_gnome-python2-extras_fc9.nasl
2009-02-17 Name : Fedora Update for gnome-web-photo FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_gnome-web-photo_fc9.nasl
2009-02-17 Name : Fedora Update for google-gadgets FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_google-gadgets_fc9.nasl
2009-02-17 Name : Fedora Update for gtkmozembedmm FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_gtkmozembedmm_fc9.nasl
2009-02-17 Name : Fedora Update for kazehakase FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_kazehakase_fc9.nasl
2009-02-17 Name : Fedora Update for mozvoikko FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_mozvoikko_fc9.nasl
2009-02-17 Name : Fedora Update for mugshot FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_mugshot_fc9.nasl
2009-02-17 Name : Fedora Update for ruby-gnome2 FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_ruby-gnome2_fc9.nasl
2009-02-17 Name : Fedora Update for totem FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_totem_fc9.nasl
2009-02-17 Name : Fedora Update for xulrunner FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_xulrunner_fc9.nasl
2009-02-17 Name : Fedora Update for yelp FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_yelp_fc9.nasl
2009-02-17 Name : Fedora Update for seamonkey FEDORA-2008-8429
File : nvt/gb_fedora_2008_8429_seamonkey_fc9.nasl
2009-02-17 Name : Fedora Update for Miro FEDORA-2008-9667
File : nvt/gb_fedora_2008_9667_Miro_fc8.nasl
2009-02-17 Name : Fedora Update for blam FEDORA-2008-9667
File : nvt/gb_fedora_2008_9667_blam_fc8.nasl
2009-02-17 Name : Fedora Update for cairo-dock FEDORA-2008-9667
File : nvt/gb_fedora_2008_9667_cairo-dock_fc8.nasl
2009-02-17 Name : Fedora Update for chmsee FEDORA-2008-9667
File : nvt/gb_fedora_2008_9667_chmsee_fc8.nasl
2009-02-17 Name : Fedora Update for devhelp FEDORA-2008-9667
File : nvt/gb_fedora_2008_9667_devhelp_fc8.nasl
2009-02-17 Name : Fedora Update for epiphany-extensions FEDORA-2008-9667
File : nvt/gb_fedora_2008_9667_epiphany-extensions_fc8.nasl
2009-02-17 Name : Fedora Update for epiphany FEDORA-2008-9667
File : nvt/gb_fedora_2008_9667_epiphany_fc8.nasl
2009-02-17 Name : Fedora Update for evolution-rss FEDORA-2008-9667
File : nvt/gb_fedora_2008_9667_evolution-rss_fc8.nasl
2009-02-17 Name : Fedora Update for firefox FEDORA-2008-9667
File : nvt/gb_fedora_2008_9667_firefox_fc8.nasl
2009-02-17 Name : Fedora Update for galeon FEDORA-2008-9667
File : nvt/gb_fedora_2008_9667_galeon_fc8.nasl
2009-02-17 Name : Fedora Update for gnome-python2-extras FEDORA-2008-9667
File : nvt/gb_fedora_2008_9667_gnome-python2-extras_fc8.nasl
2009-02-17 Name : Fedora Update for gnome-web-photo FEDORA-2008-9667
File : nvt/gb_fedora_2008_9667_gnome-web-photo_fc8.nasl
2009-02-17 Name : Fedora Update for kazehakase FEDORA-2008-9667
File : nvt/gb_fedora_2008_9667_kazehakase_fc8.nasl
2009-02-17 Name : Fedora Update for liferea FEDORA-2008-9667
File : nvt/gb_fedora_2008_9667_liferea_fc8.nasl
2009-02-17 Name : Fedora Update for openvrml FEDORA-2008-9667
File : nvt/gb_fedora_2008_9667_openvrml_fc8.nasl
2009-02-17 Name : Fedora Update for ruby-gnome2 FEDORA-2008-9667
File : nvt/gb_fedora_2008_9667_ruby-gnome2_fc8.nasl
2009-02-17 Name : Fedora Update for seamonkey FEDORA-2008-9667
File : nvt/gb_fedora_2008_9667_seamonkey_fc8.nasl
2009-02-17 Name : Fedora Update for yelp FEDORA-2008-9667
File : nvt/gb_fedora_2008_9667_yelp_fc8.nasl
2009-02-17 Name : Fedora Update for Miro FEDORA-2008-9669
File : nvt/gb_fedora_2008_9669_Miro_fc9.nasl
2009-02-17 Name : Fedora Update for cairo-dock FEDORA-2008-9669
File : nvt/gb_fedora_2008_9669_cairo-dock_fc9.nasl
2009-02-17 Name : Fedora Update for chmsee FEDORA-2008-9669
File : nvt/gb_fedora_2008_9669_chmsee_fc9.nasl
2009-02-17 Name : Fedora Update for devhelp FEDORA-2008-9669
File : nvt/gb_fedora_2008_9669_devhelp_fc9.nasl
2009-02-17 Name : Fedora Update for epiphany-extensions FEDORA-2008-9669
File : nvt/gb_fedora_2008_9669_epiphany-extensions_fc9.nasl
2009-02-17 Name : Fedora Update for epiphany FEDORA-2008-9669
File : nvt/gb_fedora_2008_9669_epiphany_fc9.nasl
2009-02-17 Name : Fedora Update for evolution-rss FEDORA-2008-9669
File : nvt/gb_fedora_2008_9669_evolution-rss_fc9.nasl
2009-02-17 Name : Fedora Update for firefox FEDORA-2008-9669
File : nvt/gb_fedora_2008_9669_firefox_fc9.nasl
2009-02-17 Name : Fedora Update for galeon FEDORA-2008-9669
File : nvt/gb_fedora_2008_9669_galeon_fc9.nasl
2009-02-17 Name : Fedora Update for gnome-python2-extras FEDORA-2008-9669
File : nvt/gb_fedora_2008_9669_gnome-python2-extras_fc9.nasl
2009-02-17 Name : Fedora Update for gnome-web-photo FEDORA-2008-9669
File : nvt/gb_fedora_2008_9669_gnome-web-photo_fc9.nasl
2009-02-17 Name : Fedora Update for google-gadgets FEDORA-2008-9669
File : nvt/gb_fedora_2008_9669_google-gadgets_fc9.nasl
2009-02-17 Name : Fedora Update for gtkmozembedmm FEDORA-2008-9669
File : nvt/gb_fedora_2008_9669_gtkmozembedmm_fc9.nasl
2009-02-17 Name : Fedora Update for kazehakase FEDORA-2008-9669
File : nvt/gb_fedora_2008_9669_kazehakase_fc9.nasl
2009-02-17 Name : Fedora Update for mozvoikko FEDORA-2008-9669
File : nvt/gb_fedora_2008_9669_mozvoikko_fc9.nasl
2009-02-17 Name : Fedora Update for mugshot FEDORA-2008-9669
File : nvt/gb_fedora_2008_9669_mugshot_fc9.nasl
2009-02-17 Name : Fedora Update for ruby-gnome2 FEDORA-2008-9669
File : nvt/gb_fedora_2008_9669_ruby-gnome2_fc9.nasl
2009-02-17 Name : Fedora Update for seamonkey FEDORA-2008-9669
File : nvt/gb_fedora_2008_9669_seamonkey_fc9.nasl
2009-02-17 Name : Fedora Update for totem FEDORA-2008-9669
File : nvt/gb_fedora_2008_9669_totem_fc9.nasl
2009-02-17 Name : Fedora Update for xulrunner FEDORA-2008-9669
File : nvt/gb_fedora_2008_9669_xulrunner_fc9.nasl
2009-02-17 Name : Fedora Update for yelp FEDORA-2008-9669
File : nvt/gb_fedora_2008_9669_yelp_fc9.nasl
2009-02-17 Name : Fedora Update for thunderbird FEDORA-2008-9807
File : nvt/gb_fedora_2008_9807_thunderbird_fc8.nasl
2009-02-17 Name : Fedora Update for thunderbird FEDORA-2008-9859
File : nvt/gb_fedora_2008_9859_thunderbird_fc9.nasl
2009-02-17 Name : Fedora Update for thunderbird FEDORA-2008-9901
File : nvt/gb_fedora_2008_9901_thunderbird_fc10.nasl
2009-02-13 Name : Fedora Update for seamonkey FEDORA-2008-11490
File : nvt/gb_fedora_2008_11490_seamonkey_fc10.nasl
2009-02-13 Name : Fedora Update for Miro FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_Miro_fc10.nasl
2009-02-13 Name : Fedora Update for blam FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_blam_fc10.nasl
2009-02-13 Name : Fedora Update for devhelp FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_devhelp_fc10.nasl
2009-02-13 Name : Fedora Update for epiphany-extensions FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_epiphany-extensions_fc10.nasl
2009-02-13 Name : Fedora Update for epiphany FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_epiphany_fc10.nasl
2009-02-13 Name : Fedora Update for evolution-rss FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_evolution-rss_fc10.nasl
2009-02-13 Name : Fedora Update for firefox FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_firefox_fc10.nasl
2009-02-13 Name : Fedora Update for galeon FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_galeon_fc10.nasl
2009-02-13 Name : Fedora Update for gecko-sharp2 FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_gecko-sharp2_fc10.nasl
2009-02-13 Name : Fedora Update for gnome-python2-extras FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_gnome-python2-extras_fc10.nasl
2009-02-13 Name : Fedora Update for gnome-web-photo FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_gnome-web-photo_fc10.nasl
2009-02-13 Name : Fedora Update for google-gadgets FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_google-gadgets_fc10.nasl
2009-02-13 Name : Fedora Update for kazehakase FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_kazehakase_fc10.nasl
2009-02-13 Name : Fedora Update for mozvoikko FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_mozvoikko_fc10.nasl
2009-02-13 Name : Fedora Update for mugshot FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_mugshot_fc10.nasl
2009-02-13 Name : Fedora Update for pcmanx-gtk2 FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_pcmanx-gtk2_fc10.nasl
2009-02-13 Name : Fedora Update for ruby-gnome2 FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_ruby-gnome2_fc10.nasl
2009-02-13 Name : Fedora Update for xulrunner FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_xulrunner_fc10.nasl
2009-02-13 Name : Fedora Update for yelp FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_yelp_fc10.nasl
2009-02-13 Name : Fedora Update for seamonkey FEDORA-2008-11534
File : nvt/gb_fedora_2008_11534_seamonkey_fc8.nasl
2009-02-13 Name : Fedora Update for Miro FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_Miro_fc8.nasl
2009-02-13 Name : Fedora Update for blam FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_blam_fc8.nasl
2009-02-13 Name : Fedora Update for cairo-dock FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_cairo-dock_fc8.nasl
2009-02-13 Name : Fedora Update for chmsee FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_chmsee_fc8.nasl
2009-02-13 Name : Fedora Update for devhelp FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_devhelp_fc8.nasl
2009-02-13 Name : Fedora Update for epiphany-extensions FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_epiphany-extensions_fc8.nasl
2009-02-13 Name : Fedora Update for epiphany FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_epiphany_fc8.nasl
2009-02-13 Name : Fedora Update for evolution-rss FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_evolution-rss_fc8.nasl
2009-02-13 Name : Fedora Update for firefox FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_firefox_fc8.nasl
2009-02-13 Name : Fedora Update for galeon FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_galeon_fc8.nasl
2009-02-13 Name : Fedora Update for gnome-python2-extras FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_gnome-python2-extras_fc8.nasl
2009-02-13 Name : Fedora Update for gnome-web-photo FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_gnome-web-photo_fc8.nasl
2009-02-13 Name : Fedora Update for kazehakase FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_kazehakase_fc8.nasl
2009-02-13 Name : Fedora Update for liferea FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_liferea_fc8.nasl
2009-02-13 Name : Fedora Update for openvrml FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_openvrml_fc8.nasl
2009-02-13 Name : Fedora Update for ruby-gnome2 FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_ruby-gnome2_fc8.nasl
2009-02-13 Name : Fedora Update for yelp FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_yelp_fc8.nasl
2009-02-13 Name : Fedora Update for seamonkey FEDORA-2008-11586
File : nvt/gb_fedora_2008_11586_seamonkey_fc9.nasl
2009-02-13 Name : Fedora Update for Miro FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_Miro_fc9.nasl
2009-02-13 Name : Fedora Update for blam FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_blam_fc9.nasl
2009-02-13 Name : Fedora Update for cairo-dock FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_cairo-dock_fc9.nasl
2009-02-13 Name : Fedora Update for chmsee FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_chmsee_fc9.nasl
2009-02-13 Name : Fedora Update for devhelp FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_devhelp_fc9.nasl
2009-02-13 Name : Fedora Update for epiphany-extensions FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_epiphany-extensions_fc9.nasl
2009-02-13 Name : Fedora Update for epiphany FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_epiphany_fc9.nasl
2009-02-13 Name : Fedora Update for evolution-rss FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_evolution-rss_fc9.nasl
2009-02-13 Name : Fedora Update for firefox FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_firefox_fc9.nasl
2009-02-13 Name : Fedora Update for galeon FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_galeon_fc9.nasl
2009-02-13 Name : Fedora Update for gnome-python2-extras FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_gnome-python2-extras_fc9.nasl
2009-02-13 Name : Fedora Update for gnome-web-photo FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_gnome-web-photo_fc9.nasl
2009-02-13 Name : Fedora Update for google-gadgets FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_google-gadgets_fc9.nasl
2009-02-13 Name : Fedora Update for gtkmozembedmm FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_gtkmozembedmm_fc9.nasl
2009-02-13 Name : Fedora Update for kazehakase FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_kazehakase_fc9.nasl
2009-02-13 Name : Fedora Update for mozvoikko FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_mozvoikko_fc9.nasl
2009-02-13 Name : Fedora Update for mugshot FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_mugshot_fc9.nasl
2009-02-13 Name : Fedora Update for ruby-gnome2 FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_ruby-gnome2_fc9.nasl
2009-02-13 Name : Fedora Update for totem FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_totem_fc9.nasl
2009-02-13 Name : Fedora Update for xulrunner FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_xulrunner_fc9.nasl
2009-02-13 Name : Fedora Update for yelp FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_yelp_fc9.nasl
2009-02-13 Name : Ubuntu USN-717-3 (firefox)
File : nvt/ubuntu_717_3.nasl
2009-01-23 Name : SuSE Update for MozillaFirefox SUSE-SA:2008:034
File : nvt/gb_suse_2008_034.nasl
2009-01-23 Name : SuSE Update for MozillaFirefox,MozillaThunderbird,seamonkey,mozilla SUSE-SA:...
File : nvt/gb_suse_2008_050.nasl
2009-01-23 Name : SuSE Update for MozillaFirefox,MozillaThunderbird,seamonkey SUSE-SA:2008:055
File : nvt/gb_suse_2008_055.nasl
2009-01-23 Name : SuSE Update for MozillaFirefox,seamonkey SUSE-SA:2008:058
File : nvt/gb_suse_2008_058.nasl
2009-01-20 Name : Debian Security Advisory DSA 1704-1 (xulrunner)
File : nvt/deb_1704_1.nasl
2009-01-20 Name : Debian Security Advisory DSA 1707-1 (iceweasel)
File : nvt/deb_1707_1.nasl
2009-01-20 Name : Mandrake Security Advisory MDVSA-2009:012 (mozilla-thunderbird)
File : nvt/mdksa_2009_012.nasl
2009-01-20 Name : SuSE Security Advisory SUSE-SA:2009:002 (MozillaFirefox,MozillaThunderbird,mo...
File : nvt/suse_sa_2009_002.nasl
2009-01-20 Name : Ubuntu USN-708-1 (hplip)
File : nvt/ubuntu_708_1.nasl
2009-01-13 Name : Debian Security Advisory DSA 1696-1 (icedove)
File : nvt/deb_1696_1.nasl
2009-01-13 Name : Debian Security Advisory DSA 1697-1 (iceape)
File : nvt/deb_1697_1.nasl
2009-01-13 Name : CentOS Security Advisory CESA-2009:0002 (thunderbird)
File : nvt/ovcesa2009_0002.nasl
2009-01-13 Name : Ubuntu USN-701-1 (thunderbird)
File : nvt/ubuntu_701_1.nasl
2009-01-13 Name : Ubuntu USN-701-2 (mozilla-thunderbird)
File : nvt/ubuntu_701_2.nasl
2009-01-07 Name : RedHat Security Advisory RHSA-2009:0002
File : nvt/RHSA_2009_0002.nasl
2008-12-23 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox36.nasl
2008-12-23 Name : Mozilla Firefox Multiple Vulnerabilities December-08 (Linux)
File : nvt/gb_firefox_mult_vuln_dec08_lin.nasl
2008-12-23 Name : Mozilla Firefox Multiple Vulnerabilities December-08 (Win)
File : nvt/gb_firefox_mult_vuln_dec08_win.nasl
2008-12-23 Name : Mozilla Seamonkey Multiple Vulnerabilities December-08 (Linux)
File : nvt/gb_seamonkey_mult_vuln_dec08_lin.nasl
2008-12-23 Name : Mozilla Seamonkey Multiple Vulnerabilities December-08 (Win)
File : nvt/gb_seamonkey_mult_vuln_dec08_win.nasl
2008-12-23 Name : Mozilla Thunderbird Multiple Vulnerabilities December-08 (Linux)
File : nvt/gb_thunderbird_mult_vuln_dec08_lin.nasl
2008-12-23 Name : Mozilla Thunderbird Multiple Vulnerabilities December-08 (Win)
File : nvt/gb_thunderbird_mult_vuln_dec08_win.nasl
2008-12-03 Name : Debian Security Advisory DSA 1671-1 (iceweasel)
File : nvt/deb_1671_1.nasl
2008-11-24 Name : Debian Security Advisory DSA 1669-1 (xulrunner)
File : nvt/deb_1669_1.nasl
2008-11-21 Name : Mozilla Firefox Multiple Vulnerabilities November-08 (Linux)
File : nvt/gb_firefox_mult_vuln_nov08_lin.nasl
2008-11-21 Name : Mozilla Firefox Multiple Vulnerabilities November-08 (Win)
File : nvt/gb_firefox_mult_vuln_nov08_win.nasl
2008-11-21 Name : Mozilla Seamonkey Multiple Vulnerabilities November-08 (Linux)
File : nvt/gb_seamonkey_mult_vuln_nov08_lin.nasl
2008-11-21 Name : Mozilla Seamonkey Multiple Vulnerabilities November-08 (Win)
File : nvt/gb_seamonkey_mult_vuln_nov08_win.nasl
2008-11-21 Name : Mozilla Thunderbird Multiple Vulnerabilities November-08 (Linux)
File : nvt/gb_thunderbird_mult_vuln_nov08_lin.nasl
2008-11-21 Name : Mozilla Thunderbird Multiple Vulnerabilities November-08 (Win)
File : nvt/gb_thunderbird_mult_vuln_nov08_win.nasl
2008-11-19 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox35.nasl
2008-11-01 Name : Debian Security Advisory DSA 1649-1 (iceweasel)
File : nvt/deb_1649_1.nasl
2008-10-17 Name : Firefox .url Shortcut File Information Disclosure Vulnerability
File : nvt/gb_firefox_url_file_info_dis_vuln.nasl
2008-10-07 Name : Mozilla Firefox Multiple Vulnerability July-08 (Linux)
File : nvt/gb_firefox_mult_vuln_july08_lin.nasl
2008-10-07 Name : Mozilla Seamonkey Multiple Vulnerability July-08 (Linux)
File : nvt/gb_seamonkey_mult_vuln_july08_lin.nasl
2008-10-07 Name : Mozilla Thunderbird Multiple Vulnerability July-08 (Linux)
File : nvt/gb_thunderbird_mult_vuln_july08_lin.nasl
2008-10-06 Name : Mozilla Firefox Multiple Vulnerability July-08 (Win)
File : nvt/gb_firefox_mult_vuln_july08_win.nasl
2008-10-06 Name : Mozilla Seamonkey Multiple Vulnerability July-08 (Win)
File : nvt/gb_seamonkey_mult_vuln_july08_win.nasl
2008-10-06 Name : Mozilla Thunderbird Multiple Vulnerability July-08 (Win)
File : nvt/gb_thunderbird_mult_vuln_july08_win.nasl
2008-09-24 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox34.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200808-03 (mozilla ...)
File : nvt/glsa_200808_03.nasl
2008-08-15 Name : Debian Security Advisory DSA 1614-1 (iceweasel)
File : nvt/deb_1614_1.nasl
2008-08-15 Name : Debian Security Advisory DSA 1615-1 (xulrunner)
File : nvt/deb_1615_1.nasl
2008-08-15 Name : Debian Security Advisory DSA 1621-1 (icedove)
File : nvt/deb_1621_1.nasl
2008-07-15 Name : Debian Security Advisory DSA 1607-1 (iceweasel)
File : nvt/deb_1607_1.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-191-03 seamonkey
File : nvt/esoft_slk_ssa_2008_191_03.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-198-01 mozilla-firefox
File : nvt/esoft_slk_ssa_2008_198_01.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-198-02 seamonkey
File : nvt/esoft_slk_ssa_2008_198_02.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-210-05 mozilla-thunderbird
File : nvt/esoft_slk_ssa_2008_210_05.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-269-01 mozilla-firefox
File : nvt/esoft_slk_ssa_2008_269_01.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-269-02 seamonkey
File : nvt/esoft_slk_ssa_2008_269_02.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-270-01 mozilla-thunderbird
File : nvt/esoft_slk_ssa_2008_270_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
56782 Mozilla Firefox feedWriter Feed Preview Multiple Function Remote Script Execu...

51297 Mozilla Firefox session-restore Data Restoration Same-origin Policy Bypass

51296 Mozilla Multiple Products XPCNativeWrappers Pollution JavaScript Privilege Es...

51295 Mozilla Multiple Products XBL Binding Unloaded Document XSS

51294 Mozilla Multiple Products CSS Parser Escaped Null Character Protection Mechan...

51293 Mozilla Multiple Products Whitespace / Control Character URL Handling Phishin...

51292 Mozilla Multiple Products window.onerror DOM API Same-origin Policy Bypass In...

51291 Mozilla Multiple Products XMLHttpRequest 302 Redirect Same-origin Policy Bypa...

51290 Mozilla Firefox XUL Persist Attribute User Privacy Restriction Bypass

51289 Mozilla Firefox Feed Preview JavaScript Privilege Escalation

51288 Mozilla Multiple Product loadBindingDocument Function XBL Binding Same-domain...

51287 Mozilla Multiple Products Layout Engine FastAppendChar Function Memory Corrup...

51286 Mozilla Multiple Products Layout Engine Assertion Failure Remote DoS

51285 Mozilla Multiple Products Layout Engine nsEscapeHTML2 Overflow

51284 Mozilla Multiple Products Layout Engine PresShell::InitialReflow XUL iframe O...

50210 Mozilla Multiple Products Layout Engine Multiple Function DoS

50182 Mozilla Multiple Products Codebase Principals Protection Mechanism Bypass Sig...

50181 Mozilla Multiple Products nsXMLHttpRequest::NotifyEventListeners Method Same-...

50179 Mozilla Multiple Products nsFrameManager File Input Element Modification Blur...

50178 Mozilla Multiple Products Session Restore Feature Same-origin Policy Bypass C...

50177 Mozilla Multiple Products JavaScript Engine Date Class Unspecified Remote DoS

50176 Mozilla Multiple Products Browser Engine xpcom/io/nsEscape.cpp Unspecified Ov...

50142 Mozilla Firefox file: URI Chrome Privileges Same Tab Access Local System Save...

50141 Mozilla Multiple Products jslock.cpp OBJ_IS_NATIVE Function Non-Native Object...

50140 Mozilla Multiple Products Flash Module SWF File Dynamic Unloading Arbitrary R...

50139 Mozilla Multiple Products Canvas Element Handling Same-policy Origin Bypass

49995 Mozilla Multiple Products EX4 Document Handling Remote XML Injection

49925 Mozilla Multiple Products http-index-format MIME Type Parser Crafted Index Re...

49073 Mozilla Multiple Products HTML Element .url Shortcut File Arbitrary Cache Dis...

48780 Mozilla Multiple Products URL Parsing Implementation Crafted UTF-8 URL Arbitr...

48779 Mozilla Multiple Products XBM Decoder Image File Handling Arbitrary Memory Di...

48773 Mozilla Multiple Product nsXMLDocument::OnChannelRedirect Function Same Origi...

48772 Mozilla Multiple Products News Article Header Handling Overflow

48771 Mozilla Firefox HTML Escaped Low Surrogates XSS

48770 Mozilla Firefox XPConnect Component SCRIPT Element Privileged Code Execution

48769 Mozilla Multiple Products resource URI Traversal Access Restriction Bypass

48768 Mozilla Multiple Products window.moveBy Crafted onmousedown drag-and-drop Act...

48767 Mozilla Firefox nsSVGFilters.cpp nsSVGFEGaussianBlurElement::SetupPredivide F...

48766 Mozilla Firefox nsPNGDecoder.cpp info_callback Function Animated PNG Data Han...

48765 Mozilla Firefox cairo_surface_set_device_offset Function alert messagebox Han...

48764 Mozilla Firefox nsFrameList::SortByContentOrder Function Memory Corruption

48763 Mozilla Firefox indic IME Extension Memory Corruption

48762 Mozilla Firefox nsContentList::Item Function this Variable Memory Corruption

48761 Mozilla Multiple Products on Linux URL-encoded resource URI Traversal Arbitra...

48760 Mozilla Multiple Products Stripped BOM Character XSS

48759 Mozilla Multiple Products MathML Component rowspan Attribute Handling Memory ...

48751 Mozilla Multiple Products nsJSNPRuntime.cpp nsNPObjWrapper::GetNewOrUsed Func...

48750 Mozilla Multiple Products nsEscape.cpp nsEscapeCount Function Memory Corruption

48749 Mozilla Multiple Products jsxml.c Namespace / Qname Characteristic Handling M...

48748 Mozilla Multiple Products XSLT Arbitrary Script Execution

48747 Mozilla Multiple Products document.loadBindingDocument() Arbitrary Script Exe...

48746 Mozilla Multiple Products XPCNativeWrappers Pollution Arbitrary Code Execution

47466 Mozilla Firefox on Mac OS X GIF File Handling Arbitrary Code Execution

47465 Mozilla Firefox Command-line URI Handling Pipe Character Arbitrary File Access

46688 Mozilla Multiple Browser XMLHttpRequest / onreadystatechange Handler XSS

46687 Mozilla Multiple Browser Unloaded Document script Element XSS

46686 Mozilla Multiple Browser nsXMLHttpRequest::OnChannelRedirect() Function Same-...

46685 Mozilla Multiple Browser Outer Window Event Handler XUL Element XSS

46684 Mozilla Multiple Browser Signed JAR JavaScript Injection

46683 Mozilla Multiple Product Non-priviliged XUL Documents chrome: Privilege Escal...

46682 Mozilla Multiple Product mozIJSSubScriptLoader.LoadScript() Arbitrary Code Ex...

46681 Mozilla Multiple Browser originalTarget / DOM Range Arbitrary File Upload

46679 Mozilla Multiple Browser Add-on .properties File Arbitrary Memory Disclosure

46678 Mozilla Multiple Browser Directory Listing File Name XSS

46677 Mozilla Multiple Product Peer-trusted Certificate Alternate Name Spoofing

46675 Mozilla Multiple Product Engine Block Reflow Code Arbitrary Code Execution

46421 Mozilla Firefox CSSValue Array Memory Corruption

Snort® IPS/IDS

Date Description
2017-08-29 Mozilla Firefox BOM character cross site scripting attempt
RuleID : 43749 - Revision : 2 - Type : BROWSER-FIREFOX
2017-08-29 Mozilla Firefox BOM character cross site scripting attempt
RuleID : 43748 - Revision : 2 - Type : BROWSER-FIREFOX
2017-08-23 Mozilla products obfuscated cross site scripting attempt
RuleID : 43673 - Revision : 3 - Type : BROWSER-FIREFOX
2017-08-23 Mozilla products obfuscated cross site scripting attempt
RuleID : 43672 - Revision : 3 - Type : BROWSER-FIREFOX
2016-10-25 Mozilla Firefox file type memory corruption attempt
RuleID : 40280 - Revision : 1 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla multiple products CSSValue array memory corruption attempt
RuleID : 17630 - Revision : 8 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox file type memory corruption attempt
RuleID : 17603 - Revision : 10 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox file type memory corruption attempt
RuleID : 17601 - Revision : 15 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow
RuleID : 17519 - Revision : 9 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox Animated PNG Processing integer overflow attempt
RuleID : 17379 - Revision : 14 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox Animated PNG Processing integer overflow attempt
RuleID : 17378 - Revision : 15 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla CSS value counter overflow attempt
RuleID : 16292 - Revision : 8 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox animated PNG processing integer overflow
RuleID : 15191 - Revision : 11 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0547.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2008-0549.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0569.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0597.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2008-0598.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0599.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2008-0616.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0879.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0882.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2008-0908.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2008-0976.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0977.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0978.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-1036.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-1037.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2009-0002.nasl - Type : ACT_GATHER_INFO
2013-03-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-645-2.nasl - Type : ACT_GATHER_INFO
2013-03-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-690-3.nasl - Type : ACT_GATHER_INFO
2013-03-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-701-2.nasl - Type : ACT_GATHER_INFO
2013-03-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-717-3.nasl - Type : ACT_GATHER_INFO
2013-01-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20080702_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080702_firefox_on_SL_5_2.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080702_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080716_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080716_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080716_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20080723_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080923_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080923_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20081001_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20081112_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20081112_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20081119_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20081216_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20081216_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20090107_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0569.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0597.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2008-0616.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0879.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2008-0976.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0978.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-1036.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2009-0002.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12326.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-5826.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-5890.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_epiphany-5889.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_gecko-sdk-5813.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaFirefox-080731.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaFirefox-081002.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaFirefox-081124.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaFirefox-081218.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaThunderbird-080912.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaThunderbird-081003.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaThunderbird-081124.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaThunderbird-090108.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_mozilla-xulrunner181-081002.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_mozilla-xulrunner181-081122.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_mozilla-xulrunner181-081218.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_mozilla-xulrunner190-081002.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_mozilla-xulrunner190-081218.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_seamonkey-080912.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_seamonkey-081003.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_seamonkey-081122.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_seamonkey-081218.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-081218.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaThunderbird-090108.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_mozilla-xulrunner181-081219.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_mozilla-xulrunner190-081218.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_seamonkey-081218.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0977.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2008-11490.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2008-11511.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2008-9901.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-136.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-148.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-155.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-205.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-206.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-228.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-230.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-235.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-244.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-245.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-012.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-645-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-645-3.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-647-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-667-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-668-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-690-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-690-2.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-701-1.nasl - Type : ACT_GATHER_INFO
2009-01-16 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1707.nasl - Type : ACT_GATHER_INFO
2009-01-15 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1704.nasl - Type : ACT_GATHER_INFO
2009-01-09 Name : The remote openSUSE host is missing a security update.
File : suse_MozillaThunderbird-5900.nasl - Type : ACT_GATHER_INFO
2009-01-08 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1696.nasl - Type : ACT_GATHER_INFO
2009-01-08 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1697.nasl - Type : ACT_GATHER_INFO
2009-01-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-0002.nasl - Type : ACT_GATHER_INFO
2009-01-07 Name : The remote openSUSE host is missing a security update.
File : suse_MozillaFirefox-5885.nasl - Type : ACT_GATHER_INFO
2009-01-07 Name : The remote openSUSE host is missing a security update.
File : suse_mozilla-xulrunner181-5881.nasl - Type : ACT_GATHER_INFO
2009-01-02 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_20019.nasl - Type : ACT_GATHER_INFO
2008-12-22 Name : The remote Windows host contains a web browser that is affected by a cross do...
File : mozilla_firefox_20020.nasl - Type : ACT_GATHER_INFO
2008-12-21 Name : The remote Fedora host is missing a security update.
File : fedora_2008-11534.nasl - Type : ACT_GATHER_INFO
2008-12-21 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2008-11551.nasl - Type : ACT_GATHER_INFO
2008-12-21 Name : The remote Fedora host is missing a security update.
File : fedora_2008-11586.nasl - Type : ACT_GATHER_INFO
2008-12-21 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2008-11598.nasl - Type : ACT_GATHER_INFO
2008-12-21 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_29f5bfc5ce0411dda7210030843d3802.nasl - Type : ACT_GATHER_INFO
2008-12-21 Name : The remote openSUSE host is missing a security update.
File : suse_seamonkey-5880.nasl - Type : ACT_GATHER_INFO
2008-12-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-1037.nasl - Type : ACT_GATHER_INFO
2008-12-17 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_20019.nasl - Type : ACT_GATHER_INFO
2008-12-17 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_305.nasl - Type : ACT_GATHER_INFO
2008-12-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-1036.nasl - Type : ACT_GATHER_INFO
2008-12-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-1037.nasl - Type : ACT_GATHER_INFO
2008-12-17 Name : A web browser on the remote host is affected by multiple vulnerabilities.
File : seamonkey_1114.nasl - Type : ACT_GATHER_INFO
2008-11-26 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_gecko-sdk-5811.nasl - Type : ACT_GATHER_INFO
2008-11-25 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1671.nasl - Type : ACT_GATHER_INFO
2008-11-25 Name : The remote openSUSE host is missing a security update.
File : suse_MozillaFirefox-5812.nasl - Type : ACT_GATHER_INFO
2008-11-25 Name : The remote openSUSE host is missing a security update.
File : suse_MozillaThunderbird-5825.nasl - Type : ACT_GATHER_INFO
2008-11-25 Name : The remote openSUSE host is missing a security update.
File : suse_mozilla-xulrunner181-5820.nasl - Type : ACT_GATHER_INFO
2008-11-25 Name : The remote openSUSE host is missing a security update.
File : suse_seamonkey-5815.nasl - Type : ACT_GATHER_INFO
2008-11-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1669.nasl - Type : ACT_GATHER_INFO
2008-11-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-5786.nasl - Type : ACT_GATHER_INFO
2008-11-21 Name : The remote Fedora host is missing a security update.
File : fedora_2008-9807.nasl - Type : ACT_GATHER_INFO
2008-11-21 Name : The remote Fedora host is missing a security update.
File : fedora_2008-9859.nasl - Type : ACT_GATHER_INFO
2008-11-21 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2008-0976.nasl - Type : ACT_GATHER_INFO
2008-11-20 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_20018.nasl - Type : ACT_GATHER_INFO
2008-11-16 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2008-9667.nasl - Type : ACT_GATHER_INFO
2008-11-16 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2008-9669.nasl - Type : ACT_GATHER_INFO
2008-11-14 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_f29fea8fb19f11dda55e00163e000016.nasl - Type : ACT_GATHER_INFO
2008-11-13 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_20018.nasl - Type : ACT_GATHER_INFO
2008-11-13 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_304.nasl - Type : ACT_GATHER_INFO
2008-11-13 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0977.nasl - Type : ACT_GATHER_INFO
2008-11-13 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0978.nasl - Type : ACT_GATHER_INFO
2008-11-13 Name : A web browser on the remote host is affected by multiple vulnerabilities.
File : seamonkey_1113.nasl - Type : ACT_GATHER_INFO
2008-10-16 Name : The remote openSUSE host is missing a security update.
File : suse_MozillaThunderbird-5680.nasl - Type : ACT_GATHER_INFO
2008-10-09 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1649.nasl - Type : ACT_GATHER_INFO
2008-10-08 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_gecko-sdk-5654.nasl - Type : ACT_GATHER_INFO
2008-10-08 Name : The remote openSUSE host is missing a security update.
File : suse_mozilla-xulrunner181-5656.nasl - Type : ACT_GATHER_INFO
2008-10-07 Name : The remote openSUSE host is missing a security update.
File : suse_seamonkey-5657.nasl - Type : ACT_GATHER_INFO
2008-10-06 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2008-0908.nasl - Type : ACT_GATHER_INFO
2008-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_MozillaThunderbird-5655.nasl - Type : ACT_GATHER_INFO
2008-10-02 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2008-0908.nasl - Type : ACT_GATHER_INFO
2008-10-01 Name : The remote openSUSE host is missing a security update.
File : suse_MozillaFirefox-5640.nasl - Type : ACT_GATHER_INFO
2008-10-01 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-5644.nasl - Type : ACT_GATHER_INFO
2008-09-29 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2008-8399.nasl - Type : ACT_GATHER_INFO
2008-09-29 Name : The remote Fedora host is missing a security update.
File : fedora_2008-8401.nasl - Type : ACT_GATHER_INFO
2008-09-29 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2008-8425.nasl - Type : ACT_GATHER_INFO
2008-09-29 Name : The remote Fedora host is missing a security update.
File : fedora_2008-8429.nasl - Type : ACT_GATHER_INFO
2008-09-28 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-270-01.nasl - Type : ACT_GATHER_INFO
2008-09-26 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-269-01.nasl - Type : ACT_GATHER_INFO
2008-09-26 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-269-02.nasl - Type : ACT_GATHER_INFO
2008-09-26 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_20017.nasl - Type : ACT_GATHER_INFO
2008-09-25 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0882.nasl - Type : ACT_GATHER_INFO
2008-09-24 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_2273879e8a2f11dda6fe0030843d3802.nasl - Type : ACT_GATHER_INFO
2008-09-24 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_20017.nasl - Type : ACT_GATHER_INFO
2008-09-24 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_302.nasl - Type : ACT_GATHER_INFO
2008-09-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0879.nasl - Type : ACT_GATHER_INFO
2008-09-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0882.nasl - Type : ACT_GATHER_INFO
2008-09-24 Name : A web browser on the remote host is affected by multiple vulnerabilities.
File : seamonkey_1112.nasl - Type : ACT_GATHER_INFO
2008-09-14 Name : The remote openSUSE host is missing a security update.
File : suse_MozillaThunderbird-5599.nasl - Type : ACT_GATHER_INFO
2008-09-14 Name : The remote openSUSE host is missing a security update.
File : suse_seamonkey-5600.nasl - Type : ACT_GATHER_INFO
2008-08-08 Name : The remote Fedora host is missing a security update.
File : fedora_2008-6706.nasl - Type : ACT_GATHER_INFO
2008-08-08 Name : The remote Fedora host is missing a security update.
File : fedora_2008-6737.nasl - Type : ACT_GATHER_INFO
2008-08-07 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200808-03.nasl - Type : ACT_GATHER_INFO
2008-08-05 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-626-2.nasl - Type : ACT_GATHER_INFO
2008-07-29 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-210-05.nasl - Type : ACT_GATHER_INFO
2008-07-29 Name : The remote openSUSE host is missing a security update.
File : suse_MozillaFirefox-5449.nasl - Type : ACT_GATHER_INFO
2008-07-29 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-5450.nasl - Type : ACT_GATHER_INFO
2008-07-29 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-626-1.nasl - Type : ACT_GATHER_INFO
2008-07-28 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1621.nasl - Type : ACT_GATHER_INFO
2008-07-25 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-629-1.nasl - Type : ACT_GATHER_INFO
2008-07-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1614.nasl - Type : ACT_GATHER_INFO
2008-07-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1615.nasl - Type : ACT_GATHER_INFO
2008-07-24 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_20016.nasl - Type : ACT_GATHER_INFO
2008-07-24 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2008-0616.nasl - Type : ACT_GATHER_INFO
2008-07-18 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-198-01.nasl - Type : ACT_GATHER_INFO
2008-07-18 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-198-02.nasl - Type : ACT_GATHER_INFO
2008-07-18 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2008-6491.nasl - Type : ACT_GATHER_INFO
2008-07-18 Name : The remote Fedora host is missing a security update.
File : fedora_2008-6517.nasl - Type : ACT_GATHER_INFO
2008-07-18 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2008-6518.nasl - Type : ACT_GATHER_INFO
2008-07-18 Name : The remote Fedora host is missing a security update.
File : fedora_2008-6519.nasl - Type : ACT_GATHER_INFO
2008-07-18 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-623-1.nasl - Type : ACT_GATHER_INFO
2008-07-17 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2008-0598.nasl - Type : ACT_GATHER_INFO
2008-07-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0599.nasl - Type : ACT_GATHER_INFO
2008-07-17 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_301.nasl - Type : ACT_GATHER_INFO
2008-07-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0597.nasl - Type : ACT_GATHER_INFO
2008-07-17 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2008-0598.nasl - Type : ACT_GATHER_INFO
2008-07-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0599.nasl - Type : ACT_GATHER_INFO
2008-07-16 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_20016.nasl - Type : ACT_GATHER_INFO
2008-07-16 Name : A web browser on the remote host is affected by a code execution vulnerability.
File : seamonkey_1111.nasl - Type : ACT_GATHER_INFO
2008-07-15 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1607.nasl - Type : ACT_GATHER_INFO
2008-07-15 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-5405.nasl - Type : ACT_GATHER_INFO
2008-07-15 Name : The remote openSUSE host is missing a security update.
File : suse_MozillaFirefox-5411.nasl - Type : ACT_GATHER_INFO
2008-07-10 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-191-03.nasl - Type : ACT_GATHER_INFO
2008-07-10 Name : The remote Fedora host is missing a security update.
File : fedora_2008-6193.nasl - Type : ACT_GATHER_INFO
2008-07-10 Name : The remote Fedora host is missing a security update.
File : fedora_2008-6196.nasl - Type : ACT_GATHER_INFO
2008-07-08 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0547.nasl - Type : ACT_GATHER_INFO
2008-07-08 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2008-0549.nasl - Type : ACT_GATHER_INFO
2008-07-08 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2008-6127.nasl - Type : ACT_GATHER_INFO
2008-07-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0547.nasl - Type : ACT_GATHER_INFO
2008-07-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2008-0549.nasl - Type : ACT_GATHER_INFO
2008-07-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0569.nasl - Type : ACT_GATHER_INFO
2008-07-08 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-619-1.nasl - Type : ACT_GATHER_INFO
2008-07-02 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_20015.nasl - Type : ACT_GATHER_INFO
2008-07-02 Name : A web browser on the remote host is affected by multiple vulnerabilities.
File : seamonkey_1110.nasl - Type : ACT_GATHER_INFO