Executive Summary

Summary
Title Sun Alert 272909 Multiple Security Vulnerabilities in Firefox Versions Before 3.5.5 May Allow Execution of Arbitrary Code or Unauthorized Access to Certain Data
Informations
Name SUN-272909 First vendor Publication 2009-11-24
Vendor Sun Last vendor Modification 2009-11-24
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: OpenSolaris

Multiple security vulnerabilities with varying impacts affect Firefox (see firefox(1)) versions prior to 3.5.3 as shipped with OpenSolaris. These vulnerabilities may allow an unprivileged remote user to steal content from the "History" or "Smart Location" bar, or to possibly execute arbitrary code on the system where Firefox is being run. Further vulnerabilities may allow a remote user to run malicious JavaScript at Chrome privileges or perform a cross-origin data theft.

The following Mozilla advisories describe the vulnerabilities:

MFSA 2009-64 at http://www.mozilla.org/security/announce/2009/mfsa2009-64.html
MFSA 2009-63 at http://www.mozilla.org/security/announce/2009/mfsa2009-63.html
MFSA 2009-62 at http://www.mozilla.org/security/announce/2009/mfsa2009-62.html
MFSA 2009-61 at http://www.mozilla.org/security/announce/2009/mfsa2009-61.html
MFSA 2009-59 at http://www.mozilla.org/security/announce/2009/mfsa2009-59.html
MFSA 2009-57 at http://www.mozilla.org/security/announce/2009/mfsa2009-57.html
MFSA 2009-56 at http://www.mozilla.org/security/announce/2009/mfsa2009-56.html
MFSA 2009-55 at http://www.mozilla.org/security/announce/2009/mfsa2009-55.html
MFSA 2009-54 at http://www.mozilla.org/security/announce/2009/mfsa2009-54.html
MFSA 2009-53 at http://www.mozilla.org/security/announce/2009/mfsa2009-53.html
MFSA 2009-52 at http://www.mozilla.org/security/announce/2009/mfsa2009-52.html


The following are the CVE identifiers that pertain to these security issues:

CVE-2009-3383 at http://www.security-database.com/detail.php?cve=CVE-2009-3383
CVE-2009-3382 at http://www.security-database.com/detail.php?cve=CVE-2009-3382
CVE-2009-3381 at http://www.security-database.com/detail.php?cve=CVE-2009-3381
CVE-2009-3380 at http://www.security-database.com/detail.php?cve=CVE-2009-3380
CVE-2009-3379 at http://www.security-database.com/detail.php?cve=CVE-2009-3379
CVE-2009-3378 at http://www.security-database.com/detail.php?cve=CVE-2009-3378
CVE-2009-3377 at http://www.security-database.com/detail.php?cve=CVE-2009-3377
CVE-2009-3376 at http://www.security-database.com/detail.php?cve=CVE-2009-3376
CVE-2009-3375 at http://www.security-database.com/detail.php?cve=CVE-2009-3375
CVE-2009-1563 at http://www.security-database.com/detail.php?cve=CVE-2009-1563
CVE-2009-3374 at http://www.security-database.com/detail.php?cve=CVE-2009-3374
CVE-2009-3373 at http://www.security-database.com/detail.php?cve=CVE-2009-3373
CVE-2009-3372 at http://www.security-database.com/detail.php?cve=CVE-2009-3372
CVE-2009-3371 at http://www.security-database.com/detail.php?cve=CVE-2009-3371
CVE-2009-3274 at http://www.security-database.com/detail.php?cve=CVE-2009-3274
CVE-2009-3370 at http://www.security-database.com/detail.php?cve=CVE-2009-3370


State: Resolved
First released: 24-Nov-2009

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_272909_multiple_security

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-42 MIME Conversion
CAPEC-44 Overflow Binary Resource File
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-100 Overflow Buffers

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-264 Permissions, Privileges, and Access Controls
33 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
17 % CWE-399 Resource Management Errors
17 % CWE-16 Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10440
 
Oval ID: oval:org.mitre.oval:def:10440
Title: content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.
Description: content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3375
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10684
 
Oval ID: oval:org.mitre.oval:def:10684
Title: Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.
Description: Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3373
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10836
 
Oval ID: oval:org.mitre.oval:def:10836
Title: Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries.
Description: Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3370
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10977
 
Oval ID: oval:org.mitre.oval:def:10977
Title: Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.
Description: Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3372
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10993
 
Oval ID: oval:org.mitre.oval:def:10993
Title: Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.
Description: Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3379
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11218
 
Oval ID: oval:org.mitre.oval:def:11218
Title: Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.
Description: Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3376
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11219
 
Oval ID: oval:org.mitre.oval:def:11219
Title: layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
Description: layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3382
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12897
 
Oval ID: oval:org.mitre.oval:def:12897
Title: DSA-1939-1 libvorbis -- several
Description: Lucas Adamski, Matthew Gregan, David Keeler, and Dan Kaminsky discovered that libvorbis, a library for the Vorbis general-purpose compressed audio codec, did not correctly handle certain malformed ogg files. An attacher could cause a denial of service or possibly execute arbitrary code via a crafted .ogg file. For the oldstable distribution, these problems have been fixed in version 1.1.2.dfsg-1.4+etch1. For the stable distribution, these problems have been fixed in version 1.2.0.dfsg-3.1+lenny1. For the testing distribution and the unstable distribution, these problems have been fixed in version 1.2.3-1 We recommend that you upgrade your libvorbis packages.
Family: unix Class: patch
Reference(s): DSA-1939-1
CVE-2009-2663
CVE-2009-3379
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): libvorbis
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12913
 
Oval ID: oval:org.mitre.oval:def:12913
Title: DSA-1998-1 kdelibs -- buffer overflow
Description: Maksymilian Arciemowicz discovered a buffer overflow in the internal string routines of the KDE core libraries, which could lead to the execution of arbitrary code. For the stable distribution, this problem has been fixed in version 4:3.5.10.dfsg.1-0lenny4. For the unstable distribution, this problem has been fixed in version 4:3.5.10.dfsg.1-3. We recommend that you upgrade your kdelibs packages.
Family: unix Class: patch
Reference(s): DSA-1998-1
CVE-2009-0689
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): kdelibs
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13121
 
Oval ID: oval:org.mitre.oval:def:13121
Title: USN-853-1 -- firefox-3.0, firefox-3.5, xulrunner-1.9, xulrunner-1.9.1 vulnerabilities
Description: Alin Rad Pop discovered a heap-based buffer overflow in Firefox when it converted strings to floating point numbers. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Jeremy Brown discovered that the Firefox Download Manager was vulnerable to symlink attacks. A local attacker could exploit this to create or overwrite files with the privileges of the user invoking the program. Paul Stone discovered a flaw in the Firefox form history. If a user were tricked into viewing a malicious website, a remote attacker could access this data to steal confidential information. Orlando Berrera discovered that Firefox did not properly free memory when using web-workers. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 9.10. A flaw was discovered in the way Firefox processed Proxy Auto-configuration files. If a user configured the browser to use PAC files with certain regular expressions, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. A heap-based buffer overflow was discovered in Mozilla�s GIF image parser. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. A flaw was discovered in the JavaScript engine of Firefox. An attacker could exploit this to execute scripts from page content with chrome privileges. Gregory Fleischer discovered that the same-origin check in Firefox could be bypassed by utilizing the document.getSelection function. An attacker could exploit this to read data from other domains. Jesse Ruderman and Sid Stamm discovered that Firefox did not properly display filenames containing right-to-left override characters. If a user were tricked into downloading a malicious file with a crafted filename, an attacker could exploit this to trick the user into opening a different file than the user expected. Several flaws were discovered in third party media libraries. If a user were tricked into opening a crafted media file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 9.10. Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel Banchero, David Keeler, Boris Zbarsky, Thomas Frederiksen, Marcia Knous, Carsten Book, Kevin Brosnan, David Anderson and Jeff Walden discovered various flaws in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program
Family: unix Class: patch
Reference(s): USN-853-1
CVE-2009-1563
CVE-2009-3274
CVE-2009-3370
CVE-2009-3371
CVE-2009-3372
CVE-2009-3373
CVE-2009-3374
CVE-2009-3375
CVE-2009-3376
CVE-2009-3377
CVE-2009-3380
CVE-2009-3381
CVE-2009-3382
CVE-2009-3383
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 9.04
Product(s): firefox-3.0
firefox-3.5
xulrunner-1.9
xulrunner-1.9.1
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13156
 
Oval ID: oval:org.mitre.oval:def:13156
Title: DSA-1922-1 xulrunner -- several
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3380 Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel Banchero, David Keeler and Boris Zbarsky reported crashes in layout engine, which might allow the execution of arbitrary code. CVE-2009-3382 Carsten Book reported a crash in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3376 Jesse Ruderman and Sid Stamm discovered spoofing vulnerability in the file download dialog. CVE-2009-3375 Gregory Fleischer discovered a bypass of the same-origin policy using the document.getSelection function. CVE-2009-3374 "moz_bug_r_a4" discovered a privilege escalation to Chrome status in the XPCOM utility XPCVariant::VariantDataToJS. CVE-2009-3373 "regenrecht" discovered a buffer overflow in the GIF parser, which might lead to the execution of arbitrary code. CVE-2009-3372 Marco C. discovered that a programming error in the proxy auto configuration code might lead to denial of service or the execution of arbitrary code. CVE-2009-3274 Jeremy Brown discovered that the filename of a downloaded file which is opened by the user is predictable, which might lead to tricking the user into a malicious file if the attacker has local access to the system. CVE-2009-3370 Paul Stone discovered that history information from web forms could be stolen. For the stable distribution, these problems have been fixed in version 1.9.0.15-0lenny1. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the unstable distribution, these problems have been fixed in version 1.9.1.4-1. We recommend that you upgrade your xulrunner packages.
Family: unix Class: patch
Reference(s): DSA-1922-1
CVE-2009-3274
CVE-2009-3370
CVE-2009-3372
CVE-2009-3373
CVE-2009-3374
CVE-2009-3375
CVE-2009-3376
CVE-2009-3380
CVE-2009-3382
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13490
 
Oval ID: oval:org.mitre.oval:def:13490
Title: USN-871-1 -- kdelibs vulnerability
Description: A buffer overflow was found in the KDE libraries when converting a string to a floating point number. If a user or application linked against kdelibs were tricked into processing crafted input, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that the KDE libraries could use KHTML to process an unknown MIME type. If a user or application linked against kdelibs were tricked into opening a crafted file, an attacker could potentially trigger XMLHTTPRequests to remote sites.
Family: unix Class: patch
Reference(s): USN-871-1
CVE-2009-0689
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 9.04
Product(s): kdelibs
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13742
 
Oval ID: oval:org.mitre.oval:def:13742
Title: USN-853-2 -- firefox-3.5, xulrunner-1.9.1 regression
Description: USN-853-1 fixed vulnerabilities in Firefox and Xulrunner. The upstream changes introduced regressions that could lead to crashes when processing certain malformed GIF images, fonts and web pages. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Alin Rad Pop discovered a heap-based buffer overflow in Firefox when it converted strings to floating point numbers. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Jeremy Brown discovered that the Firefox Download Manager was vulnerable to symlink attacks. A local attacker could exploit this to create or overwrite files with the privileges of the user invoking the program. Paul Stone discovered a flaw in the Firefox form history. If a user were tricked into viewing a malicious website, a remote attacker could access this data to steal confidential information. Orlando Berrera discovered that Firefox did not properly free memory when using web-workers. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 9.10. A flaw was discovered in the way Firefox processed Proxy Auto-configuration files. If a user configured the browser to use PAC files with certain regular expressions, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. A heap-based buffer overflow was discovered in Mozilla�s GIF image parser. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. A flaw was discovered in the JavaScript engine of Firefox. An attacker could exploit this to execute scripts from page content with chrome privileges. Gregory Fleischer discovered that the same-origin check in Firefox could be bypassed by utilizing the document.getSelection function. An attacker could exploit this to read data from other domains. Jesse Ruderman and Sid Stamm discovered that Firefox did not properly display filenames containing right-to-left override characters. If a user were tricked into downloading a malicious file with a crafted filename, an attacker could exploit this to trick the user into opening a different file than the user expected. Several flaws were discovered in third party media libraries. If a user were tricked into opening a crafted media file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 9.10. Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel Banchero, David Keeler, Boris Zbarsky, Thomas Frederiksen, Marcia Knous, Carsten Book, Kevin Brosnan, David Anderson and Jeff Walden discovered various flaws in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program
Family: unix Class: patch
Reference(s): USN-853-2
CVE-2009-1563
CVE-2009-3274
CVE-2009-3370
CVE-2009-3371
CVE-2009-3372
CVE-2009-3373
CVE-2009-3374
CVE-2009-3375
CVE-2009-3376
CVE-2009-3377
CVE-2009-3380
CVE-2009-3381
CVE-2009-3382
CVE-2009-3383
Version: 5
Platform(s): Ubuntu 9.10
Product(s): firefox-3.5
xulrunner-1.9.1
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13944
 
Oval ID: oval:org.mitre.oval:def:13944
Title: USN-861-1 -- libvorbis vulnerabilities
Description: It was discovered that libvorbis did not correctly handle ogg files with underpopulated Huffman trees. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could cause a denial of service. It was discovered that libvorbis did not correctly handle certain malformed ogg files. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could cause a denial of service or possibly execute arbitrary code with the user�s privileges
Family: unix Class: patch
Reference(s): USN-861-1
CVE-2008-2009
CVE-2009-3379
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 9.04
Product(s): libvorbis
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22503
 
Oval ID: oval:org.mitre.oval:def:22503
Title: ELSA-2009:1561: libvorbis security update (Important)
Description: Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.
Family: unix Class: patch
Reference(s): ELSA-2009:1561-01
CVE-2009-3379
Version: 6
Platform(s): Oracle Linux 5
Product(s): libvorbis
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22669
 
Oval ID: oval:org.mitre.oval:def:22669
Title: ELSA-2009:1601: kdelibs security update (Critical)
Description: Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Family: unix Class: patch
Reference(s): ELSA-2009:1601-01
CVE-2009-0689
Version: 6
Platform(s): Oracle Linux 5
Product(s): kdelibs
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23947
 
Oval ID: oval:org.mitre.oval:def:23947
Title: ELSA-2014:0311: php security update (Critical)
Description: Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Family: unix Class: patch
Reference(s): ELSA-2014:0311-00
CVE-2006-7243
CVE-2009-0689
Version: 7
Platform(s): Oracle Linux 5
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24079
 
Oval ID: oval:org.mitre.oval:def:24079
Title: RHSA-2014:0311: php security update (Critical)
Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2009-0689) It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0311-00
CESA-2014:0311
CVE-2006-7243
CVE-2009-0689
Version: 11
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25660
 
Oval ID: oval:org.mitre.oval:def:25660
Title: SUSE-SU-2013:1828-1 -- Security update for ruby
Description: The following security issue has been fixed: * CVE-2013-4164: heap overflow in float point parsing
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1828-1
CVE-2013-4164
CVE-2009-0689
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): ruby
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29170
 
Oval ID: oval:org.mitre.oval:def:29170
Title: RHSA-2009:1561 -- libvorbis security update (Important)
Description: Updated libvorbis packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format.
Family: unix Class: patch
Reference(s): RHSA-2009:1561
CESA-2009:1561-CentOS 3
CESA-2009:1561-CentOS 5
CVE-2009-3379
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 3
CentOS Linux 5
Product(s): libvorbis
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29365
 
Oval ID: oval:org.mitre.oval:def:29365
Title: RHSA-2009:1601 -- kdelibs security update (Critical)
Description: Updated kdelibs packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdelibs packages provide libraries for the K Desktop Environment (KDE). A buffer overflow flaw was found in the kdelibs string to floating point conversion routines. A web page containing malicious JavaScript could crash Konqueror or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-0689)
Family: unix Class: patch
Reference(s): RHSA-2009:1601
CESA-2009:1601-CentOS 5
CVE-2009-0689
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
CentOS Linux 5
Product(s): kdelibs
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5581
 
Oval ID: oval:org.mitre.oval:def:5581
Title: Mozilla Firefox 3.0.x before 3.0.15 cause a denial of service in layout/base/nsCSSFrameConstructor.cpp
Description: layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3382
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5935
 
Oval ID: oval:org.mitre.oval:def:5935
Title: Remote bypass vulnerability in content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 via the document.getSelection function
Description: content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3375
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5996
 
Oval ID: oval:org.mitre.oval:def:5996
Title: Multiple vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4
Description: Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3383
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6347
 
Oval ID: oval:org.mitre.oval:def:6347
Title: Arbitrary code execution in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0 ia a crafted regular expression in a Proxy Auto-configuration (PAC) file.
Description: Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3372
Version: 17
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6375
 
Oval ID: oval:org.mitre.oval:def:6375
Title: vulnerabilities in liboggz, as used in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service
Description: Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3377
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6443
 
Oval ID: oval:org.mitre.oval:def:6443
Title: The oggplay_data_handle_theora_frame in liboggplay in Mozilla Firefox 3.5.x before 3.5.4 to cuase denial of service
Description: The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3378
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6455
 
Oval ID: oval:org.mitre.oval:def:6455
Title: Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events
Description: Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3370
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6464
 
Oval ID: oval:org.mitre.oval:def:6464
Title: Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service
Description: Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3371
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6495
 
Oval ID: oval:org.mitre.oval:def:6495
Title: Multiple vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 to cause a denial of service.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3381
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6528
 
Oval ID: oval:org.mitre.oval:def:6528
Title: Mozilla Firefox Floating Point Memory Allocation Vulnerability
Description: Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0689
Version: 10
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6541
 
Oval ID: oval:org.mitre.oval:def:6541
Title: Spoofed file extensions via a crafted filename containing Unicode character in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0
Description: Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3376
Version: 13
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6548
 
Oval ID: oval:org.mitre.oval:def:6548
Title: Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0 via unspecified vectors.
Description: Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3373
Version: 17
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6565
 
Oval ID: oval:org.mitre.oval:def:6565
Title: Vulnerability in the XPCVariant::VariantDataToJS function in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4
Description: The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects."
Family: windows Class: vulnerability
Reference(s): CVE-2009-3374
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6580
 
Oval ID: oval:org.mitre.oval:def:6580
Title: Multiple vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 to cause a denial of service
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3380
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6582
 
Oval ID: oval:org.mitre.oval:def:6582
Title: Vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4 to cause a denial of service
Description: Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3379
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6826
 
Oval ID: oval:org.mitre.oval:def:6826
Title: DSA-1998 kdelibs -- buffer overflow
Description: Maksymilian Arciemowicz discovered a buffer overflow in the internal string routines of the KDE core libraries, which could lead to the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1998
CVE-2009-0689
Version: 7
Platform(s): Debian GNU/Linux 5.0
Product(s): kdelibs
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7349
 
Oval ID: oval:org.mitre.oval:def:7349
Title: DSA-1939 libvorbis -- several vulnerabilities
Description: Lucas Adamski, Matthew Gregan, David Keeler, and Dan Kaminsky discovered that libvorbis, a library for the Vorbis general-purpose compressed audio codec, did not correctly handle certain malformed ogg files. An attacher could cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file.
Family: unix Class: patch
Reference(s): DSA-1939
CVE-2009-2663
CVE-2009-3379
Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): libvorbis
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7945
 
Oval ID: oval:org.mitre.oval:def:7945
Title: DSA-1922 xulrunner -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel Banchero, David Keeler and Boris Zbarsky reported crashes in layout engine, which might allow the execution of arbitrary code. Carsten Book reported a crash in the layout engine, which might allow the execution of arbitrary code. Jesse Ruderman and Sid Stamm discovered spoofing vulnerability in the file download dialog. Gregory Fleischer discovered a bypass of the same-origin policy using the document.getSelection() function. "moz_bug_r_a4" discovered a privilege escalation to Chrome status in the XPCOM utility XPCVariant::VariantDataToJS. "regenrecht" discovered a buffer overflow in the GIF parser, which might lead to the execution of arbitrary code. Marco C. discovered that a programming error in the proxy auto configuration code might lead to denial of service or the execution of arbitrary code. Jeremy Brown discovered that the filename of a downloaded file which is opened by the user is predictable, which might lead to tricking the user into a malicious file if the attacker has local access to the system. Paul Stone discovered that history information from web forms could be stolen.
Family: unix Class: patch
Reference(s): DSA-1922
CVE-2009-3274
CVE-2009-3370
CVE-2009-3372
CVE-2009-3373
CVE-2009-3374
CVE-2009-3375
CVE-2009-3376
CVE-2009-3380
CVE-2009-3382
Version: 3
Platform(s): Debian GNU/Linux 5.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8888
 
Oval ID: oval:org.mitre.oval:def:8888
Title: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0689. Reason: This candidate is a duplicate of CVE-2009-0689. Certain codebase relationships were not originally clear. Notes: All CVE users should reference CVE-2009-0689 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Description: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0689. Reason: This candidate is a duplicate of CVE-2009-0689. Certain codebase relationships were not originally clear. Notes: All CVE users should reference CVE-2009-0689 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1563
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9463
 
Oval ID: oval:org.mitre.oval:def:9463
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3380
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9541
 
Oval ID: oval:org.mitre.oval:def:9541
Title: Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Description: Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0689
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9641
 
Oval ID: oval:org.mitre.oval:def:9641
Title: Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, related to the Download Manager component. NOTE: some of these details are obtained from third party information.
Description: Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, related to the Download Manager component. NOTE: some of these details are obtained from third party information.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3274
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9789
 
Oval ID: oval:org.mitre.oval:def:9789
Title: The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects."
Description: The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects."
Family: unix Class: vulnerability
Reference(s): CVE-2009-3374
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 45
Application 44
Os 10
Os 1
Os 1

ExploitDB Exploits

id Description
2013-08-19 Mozilla Firefox 3.5.4 - Local Color Map Exploit
2009-12-11 Sunbird 0.9 Array Overrun (code execution) 0day
2009-11-19 Opera 10.01 Remote Array Overrun
2009-11-19 K-Meleon 1.5.3 Remote Array Overrun
2009-11-19 SeaMonkey 1.1.8 Remote Array Overrun
2009-11-19 KDE KDELibs 4.3.3 Remote Array Overrun

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for thunderbird CESA-2010:0153 centos5 i386
File : nvt/gb_CESA-2010_0153_thunderbird_centos5_i386.nasl
2011-08-09 Name : CentOS Update for kdelibs CESA-2009:1601 centos5 i386
File : nvt/gb_CESA-2009_1601_kdelibs_centos5_i386.nasl
2011-08-09 Name : CentOS Update for kdelibs CESA-2009:1601 centos4 i386
File : nvt/gb_CESA-2009_1601_kdelibs_centos4_i386.nasl
2011-08-09 Name : CentOS Update for libvorbis CESA-2009:1561 centos5 i386
File : nvt/gb_CESA-2009_1561_libvorbis_centos5_i386.nasl
2011-08-09 Name : CentOS Update for libvorbis CESA-2009:1561 centos4 i386
File : nvt/gb_CESA-2009_1561_libvorbis_centos4_i386.nasl
2011-08-09 Name : CentOS Update for libvorbis CESA-2009:1561 centos3 i386
File : nvt/gb_CESA-2009_1561_libvorbis_centos3_i386.nasl
2011-08-09 Name : CentOS Update for seamonkey CESA-2009:1531 centos4 i386
File : nvt/gb_CESA-2009_1531_seamonkey_centos4_i386.nasl
2011-08-09 Name : CentOS Update for seamonkey CESA-2009:1531 centos3 i386
File : nvt/gb_CESA-2009_1531_seamonkey_centos3_i386.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2009:1530 centos4 i386
File : nvt/gb_CESA-2009_1530_firefox_centos4_i386.nasl
2010-06-11 Name : Fedora Update for libfishsound FEDORA-2010-9774
File : nvt/gb_fedora_2010_9774_libfishsound_fc13.nasl
2010-06-11 Name : Fedora Update for libannodex FEDORA-2010-9774
File : nvt/gb_fedora_2010_9774_libannodex_fc13.nasl
2010-06-11 Name : Fedora Update for liboggz FEDORA-2010-9774
File : nvt/gb_fedora_2010_9774_liboggz_fc13.nasl
2010-06-11 Name : Fedora Update for mod_annodex FEDORA-2010-9774
File : nvt/gb_fedora_2010_9774_mod_annodex_fc13.nasl
2010-06-11 Name : Fedora Update for sonic-visualiser FEDORA-2010-9774
File : nvt/gb_fedora_2010_9774_sonic-visualiser_fc13.nasl
2010-06-07 Name : Fedora Update for liboggz FEDORA-2010-9253
File : nvt/gb_fedora_2010_9253_liboggz_fc12.nasl
2010-05-12 Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002
File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl
2010-04-29 Name : Fedora Update for seamonkey FEDORA-2010-7100
File : nvt/gb_fedora_2010_7100_seamonkey_fc11.nasl
2010-03-30 Name : FreeBSD Ports: seamonkey, linux-seamonkey
File : nvt/freebsd_seamonkey.nasl
2010-03-22 Name : CentOS Update for thunderbird CESA-2010:0154 centos4 i386
File : nvt/gb_CESA-2010_0154_thunderbird_centos4_i386.nasl
2010-03-22 Name : Ubuntu Update for thunderbird vulnerabilities USN-915-1
File : nvt/gb_ubuntu_USN_915_1.nasl
2010-03-22 Name : RedHat Update for thunderbird RHSA-2010:0154-02
File : nvt/gb_RHSA-2010_0154-02_thunderbird.nasl
2010-02-25 Name : Debian Security Advisory DSA 1998-1 (kdelibs)
File : nvt/deb_1998_1.nasl
2010-01-29 Name : Mandriva Update for kdelibs4 MDVSA-2010:027 (kdelibs4)
File : nvt/gb_mandriva_MDVSA_2010_027.nasl
2010-01-29 Name : Mandriva Update for kdelibs4 MDVSA-2010:028 (kdelibs4)
File : nvt/gb_mandriva_MDVSA_2010_028.nasl
2009-12-14 Name : SLES11: Security update for kdelibs3
File : nvt/sles11_kdelibs3.nasl
2009-12-14 Name : Mandriva Security Advisory MDVSA-2009:330 (kdelibs)
File : nvt/mdksa_2009_330.nasl
2009-12-10 Name : FreeBSD Ports: opera
File : nvt/freebsd_opera19.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:290-1 (firefox)
File : nvt/mdksa_2009_290_1.nasl
2009-12-03 Name : Ubuntu USN-861-1 (libvorbis)
File : nvt/ubuntu_861_1.nasl
2009-12-03 Name : RedHat Security Advisory RHSA-2009:1601
File : nvt/RHSA_2009_1601.nasl
2009-12-03 Name : FreeBSD Ports: libvorbis
File : nvt/freebsd_libvorbis1.nasl
2009-12-03 Name : Debian Security Advisory DSA 1939-1 (libvorbis)
File : nvt/deb_1939_1.nasl
2009-11-23 Name : Ubuntu USN-853-1 (xulrunner-1.9.1)
File : nvt/ubuntu_853_1.nasl
2009-11-17 Name : Fedora Core 11 FEDORA-2009-11243 (libvorbis)
File : nvt/fcore_2009_11243.nasl
2009-11-17 Name : Fedora Core 10 FEDORA-2009-11169 (libvorbis)
File : nvt/fcore_2009_11169.nasl
2009-11-11 Name : SLES11: Security update for Mozilla Firefox
File : nvt/sles11_MozillaFirefox7.nasl
2009-11-11 Name : CentOS Security Advisory CESA-2009:1530 (firefox)
File : nvt/ovcesa2009_1530.nasl
2009-11-11 Name : CentOS Security Advisory CESA-2009:1531 (seamonkey)
File : nvt/ovcesa2009_1531.nasl
2009-11-11 Name : CentOS Security Advisory CESA-2009:1561 (libvorbis)
File : nvt/ovcesa2009_1561.nasl
2009-11-11 Name : SLES10: Security update for Mozilla Firefox
File : nvt/sles10_MozillaFirefox7.nasl
2009-11-11 Name : SLES10: Security update for mozilla-nspr
File : nvt/sles10_mozilla-nspr0.nasl
2009-11-11 Name : SLES10: Security update for Mozilla XULRunner
File : nvt/sles10_mozilla-xulrunn0.nasl
2009-11-11 Name : Mandriva Security Advisory MDVSA-2009:290 (firefox)
File : nvt/mdksa_2009_290.nasl
2009-11-11 Name : RedHat Security Advisory RHSA-2009:1531
File : nvt/RHSA_2009_1531.nasl
2009-11-11 Name : SLES11: Security update for Mozilla
File : nvt/sles11_mozilla-nspr.nasl
2009-11-11 Name : SLES11: Security update for Mozilla XULRunner
File : nvt/sles11_mozilla-xulrunn1.nasl
2009-11-11 Name : SuSE Security Advisory SUSE-SA:2009:052 (MozillaFirefox)
File : nvt/suse_sa_2009_052.nasl
2009-11-11 Name : SuSE Security Summary SUSE-SR:2009:018
File : nvt/suse_sr_2009_018.nasl
2009-11-11 Name : RedHat Security Advisory RHSA-2009:1530
File : nvt/RHSA_2009_1530.nasl
2009-11-11 Name : RedHat Security Advisory RHSA-2009:1561
File : nvt/RHSA_2009_1561.nasl
2009-11-11 Name : Debian Security Advisory DSA 1922-1 (xulrunner)
File : nvt/deb_1922_1.nasl
2009-11-11 Name : Debian Security Advisory DSA 1931-1 (nspr)
File : nvt/deb_1931_1.nasl
2009-11-11 Name : Fedora Core 11 FEDORA-2009-10878 (chmsee)
File : nvt/fcore_2009_10878.nasl
2009-11-11 Name : Fedora Core 10 FEDORA-2009-10981 (blam)
File : nvt/fcore_2009_10981.nasl
2009-11-11 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox42.nasl
2009-11-04 Name : Mozilla Seamonkey Multiple Vulnerabilities Nov-09 (Win)
File : nvt/gb_seamonkey_mult_vuln_nov09_win.nasl
2009-11-04 Name : Mozilla Seamonkey Multiple Vulnerabilities Nov-09 (Linux)
File : nvt/gb_seamonkey_mult_vuln_nov09_lin.nasl
2009-11-02 Name : Mozilla Firefox Multiple Vulnerabilities Nov-09 (Win)
File : nvt/gb_firefox_mult_vuln_nov09_win.nasl
2009-11-02 Name : Mozilla Firefox Multiple Vulnerabilities Nov-09 (Linux)
File : nvt/gb_firefox_mult_vuln_nov09_lin.nasl
2009-11-02 Name : Mozilla Firefox Multiple Memory Corruption Vulnerabilities Nov-09 (Win)
File : nvt/gb_firefox_mult_mem_crptn_vuln_nov09_win.nasl
2009-11-02 Name : Mozilla Firefox Multiple Memory Corruption Vulnerabilities Nov-09 (Linux)
File : nvt/gb_firefox_mult_mem_crptn_vuln_nov09_lin.nasl
2009-11-02 Name : Mozilla Firefox Denial Of Service Vulnerability Nov-09 (Win)
File : nvt/gb_firefox_dos_vuln_nov09_win.nasl
2009-11-02 Name : Mozilla Firefox Denial Of Service Vulnerability Nov-09 (Linux)
File : nvt/gb_firefox_dos_vuln_nov09_lin.nasl
2009-09-23 Name : Insecure Saving Of Downloadable File In Mozilla Firefox (Linux)
File : nvt/secpod_firefox_insecure_saving_download_file.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
63646 J Programming Language libc dtoa Implementation Floating Point Parsing Memory...

63641 Matlab libc dtoa Implementation Floating Point Parsing Memory Corruption

63639 Apple Mac OS X libc dtoa Implementation Floating Point Parsing Memory Corruption

62402 K-Meleon libc dtoa Implementation Floating Point Parsing Memory Corruption

61189 Mozilla Sunbird libc dtoa Implementation Floating Point Parsing Memory Corrup...

61188 Flock Browser libc dtoa Implementation Floating Point Parsing Memory Corruption

61187 KDE kdelibs libc dtoa Implementation Floating Point Parsing Memory Corruption

61186 Opera libc dtoa Implementation Floating Point Parsing Memory Corruption

61091 Mozilla Multiple Products libc dtoa Implementation Floating Point Parsing Mem...

59395 Mozilla Firefox Recursive JavaScript Web-workers Memory Corruption

59394 Mozilla Multiple Browsers Proxy Auto-configuration (PAC) File Regular Express...

59393 Mozilla Multiple Browsers GIF Color Map Parser Overflow

59392 Mozilla Firefox XPCOM XPCVariant::VariantDataToJS Utility Chrome Privileged J...

59391 Mozilla Firefox Key Event Javascript Methods Form History Remote Disclosure

59390 Mozilla Firefox document.getSelection Function Cross-origin Data Disclosure

59389 Mozilla Multiple Browsers Filename Right-to-left (RTL) Override Character Dow...

59388 Mozilla Firefox liboggplay oggplay_data_handle_theora_frame Function NULL Der...

59386 Mozilla Firefox libvorbis Multiple Unspecified Code Execution Issues

59385 liboggz Unspecified Memory Corruption

59384 Mozilla Firefox Browser Engine nsCachedStyleData::GetStyleDisplay Function Me...

59383 Mozilla Firefox JavaScript Engine Multiple Unspecified Memory Corruption

59382 Mozilla Firefox Browser Engine Multiple Unspecified Memory Corruption (2009-3...

59381 Mozilla Firefox Browser Engine Multiple Unspecified Memory Corruption (2009-3...

57844 Mozilla Firefox on Linux Temporary File Download Manipulation Weakness

55603 libc gdtoa/misc.c dtoa() Implementation printf Function Array Overflow

Snort® IPS/IDS

Date Description
2017-12-21 Mozilla Firefox browser engine memory corruption attempt
RuleID : 44978 - Revision : 2 - Type : BROWSER-FIREFOX
2014-03-06 Mozilla Firefox browser engine memory corruption attempt
RuleID : 29579 - Revision : 2 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla products floating point buffer overflow attempt
RuleID : 21155 - Revision : 6 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla products floating point buffer overflow attempt
RuleID : 21154 - Revision : 6 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox JS Web Worker arbitrary code execution attempt
RuleID : 18332 - Revision : 6 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox browser engine memory corruption attempt
RuleID : 16347 - Revision : 5 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

Date Description
2018-11-02 Name : The remote Debian host is missing a security update.
File : debian_DLA-1564.nasl - Type : ACT_GATHER_INFO
2016-12-01 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2958-1.nasl - Type : ACT_GATHER_INFO
2016-03-08 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0001_remote.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote Fedora host is missing a security update.
File : fedora_2015-6dec4e6d5f.nasl - Type : ACT_GATHER_INFO
2016-01-28 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0257-1.nasl - Type : ACT_GATHER_INFO
2016-01-04 Name : The remote Debian host is missing a security update.
File : debian_DLA-376.nasl - Type : ACT_GATHER_INFO
2016-01-04 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_4b3a7e70afce11e5b86414dae9d210b8.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0312.nasl - Type : ACT_GATHER_INFO
2014-03-20 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140318_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-03-19 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0311.nasl - Type : ACT_GATHER_INFO
2014-03-19 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0311.nasl - Type : ACT_GATHER_INFO
2014-03-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0311.nasl - Type : ACT_GATHER_INFO
2013-12-05 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_ruby-131125.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1530.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1531.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1561.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1601.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0154.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1561.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1601.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO
2013-01-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091027_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091027_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091109_libvorbis_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091124_kdelibs_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20100317_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-6609.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kdelibs3-6692.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-nspr-6631.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-xulrunner190-6617.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-294.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-027.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-028.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-7100.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-9253.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-9774.nasl - Type : ACT_GATHER_INFO
2010-05-20 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12616.nasl - Type : ACT_GATHER_INFO
2010-05-20 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_seamonkey-100430.nasl - Type : ACT_GATHER_INFO
2010-05-20 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_seamonkey-100430.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO
2010-04-14 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-071.nasl - Type : ACT_GATHER_INFO
2010-03-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO
2010-03-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_3.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO
2010-03-22 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_56cfe192329f11dfabb2000f20797ede.nasl - Type : ACT_GATHER_INFO
2010-03-19 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO
2010-03-19 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_20024.nasl - Type : ACT_GATHER_INFO
2010-03-19 Name : A web browser on the remote host is affected by multiple vulnerabilities.
File : seamonkey_1119.nasl - Type : ACT_GATHER_INFO
2010-03-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-915-1.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1922.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1931.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1939.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1998.nasl - Type : ACT_GATHER_INFO
2010-01-12 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kdelibs4-100107.nasl - Type : ACT_GATHER_INFO
2010-01-08 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0001.nasl - Type : ACT_GATHER_INFO
2009-12-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-346.nasl - Type : ACT_GATHER_INFO
2009-12-22 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12563.nasl - Type : ACT_GATHER_INFO
2009-12-11 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-871-1.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_kdelibs3-091202.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_kdelibs3-091202.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_kdelibs3-091204.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kdelibs3-091202.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kdelibs3-6691.nasl - Type : ACT_GATHER_INFO
2009-12-04 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-290.nasl - Type : ACT_GATHER_INFO
2009-12-02 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_6431c4dbdeb411de90780030843d3802.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_opera-091125.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_opera-091125.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_opera-091125.nasl - Type : ACT_GATHER_INFO
2009-11-25 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_94edff42d93d11dea4340211d880e350.nasl - Type : ACT_GATHER_INFO
2009-11-25 Name : The remote host contains a web browser that is affected by multiple issues.
File : opera_1010.nasl - Type : ACT_GATHER_INFO
2009-11-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1601.nasl - Type : ACT_GATHER_INFO
2009-11-25 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-861-1.nasl - Type : ACT_GATHER_INFO
2009-11-12 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-853-2.nasl - Type : ACT_GATHER_INFO
2009-11-11 Name : The remote Fedora host is missing a security update.
File : fedora_2009-11169.nasl - Type : ACT_GATHER_INFO
2009-11-11 Name : The remote Fedora host is missing a security update.
File : fedora_2009-11243.nasl - Type : ACT_GATHER_INFO
2009-11-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1561.nasl - Type : ACT_GATHER_INFO
2009-11-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_mozilla-nspr-091104.nasl - Type : ACT_GATHER_INFO
2009-11-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_mozilla-nspr-091104.nasl - Type : ACT_GATHER_INFO
2009-11-09 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-nspr-091103.nasl - Type : ACT_GATHER_INFO
2009-11-09 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-nspr-6630.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-10981.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaFirefox-091103.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-091102.nasl - Type : ACT_GATHER_INFO
2009-11-04 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-091030.nasl - Type : ACT_GATHER_INFO
2009-11-04 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-xulrunner190-091030.nasl - Type : ACT_GATHER_INFO
2009-11-04 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-6606.nasl - Type : ACT_GATHER_INFO
2009-11-04 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-xulrunner190-6616.nasl - Type : ACT_GATHER_INFO
2009-11-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-853-1.nasl - Type : ACT_GATHER_INFO
2009-10-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1530.nasl - Type : ACT_GATHER_INFO
2009-10-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1531.nasl - Type : ACT_GATHER_INFO
2009-10-29 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-10878.nasl - Type : ACT_GATHER_INFO
2009-10-29 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_c87aa2d2c3c411deab08000f20797ede.nasl - Type : ACT_GATHER_INFO
2009-10-29 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_3015.nasl - Type : ACT_GATHER_INFO
2009-10-29 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_354.nasl - Type : ACT_GATHER_INFO
2009-10-29 Name : A web browser on the remote host is affected by multiple vulnerabilities.
File : seamonkey_20.nasl - Type : ACT_GATHER_INFO
2009-10-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1530.nasl - Type : ACT_GATHER_INFO
2009-10-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1531.nasl - Type : ACT_GATHER_INFO
2009-10-01 Name : The remote host contains a web browser that is affected by a buffer overflow ...
File : google_chrome_3_0_195_24.nasl - Type : ACT_GATHER_INFO