Executive Summary
Summary | |
---|---|
Title | Mozilla Updates for Multiple Vulnerabilities |
Informations | |||
---|---|---|---|
Name | TA08-319A | First vendor Publication | 2008-11-14 |
Vendor | US-CERT | Last vendor Modification | 2008-11-14 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
New versions of Firefox, Thunderbird, and SeaMonkey address several vulnerabilities, the most severe of which could allow a remote attacker to execute arbitrary code on an affected system. I. Description The Mozilla and the SeaMonkey projects have released new versions of Firefox, Thunderbird and SeaMonkey to address several vulnerabilities. Further details about these vulnerabilities are available in Mozilla Foundation Security Advisories. An attacker could exploit these vulnerabilities by convincing a user to view a specially crafted HTML document, such as a web page or an HTML email message. II. Impact While the impacts of the individual vulnerabilities vary, the most severe could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. An attacker may also be able to cause a denial of service or execute cross-site scripting attacks. III. Solution Upgrade These vulnerabilities are addressed in Mozilla Firefox 3.0.4, Firefox 2.0.0.18, Thunderbird 2.0.0.18, and SeaMonkey 1.1.13. |
Original Source
Url : http://www.us-cert.gov/cas/techalerts/TA08-319A.html |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-26 | Leveraging Race Conditions |
CAPEC-29 | Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions |
CAPEC-172 | Time and State Attacks |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
27 % | CWE-399 | Resource Management Errors |
13 % | CWE-20 | Improper Input Validation |
7 % | CWE-362 | Race Condition |
7 % | CWE-287 | Improper Authentication |
7 % | CWE-264 | Permissions, Privileges, and Access Controls |
7 % | CWE-200 | Information Exposure |
7 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
7 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
7 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
7 % | CWE-91 | XML Injection (aka Blind XPath Injection) |
7 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10750 | |||
Oval ID: | oval:org.mitre.oval:def:10750 | ||
Title: | Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. | ||
Description: | Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5012 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11063 | |||
Oval ID: | oval:org.mitre.oval:def:11063 | ||
Title: | Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system. | ||
Description: | Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5015 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17616 | |||
Oval ID: | oval:org.mitre.oval:def:17616 | ||
Title: | USN-667-1 -- firefox, firefox-3.0, xulrunner-1.9 vulnerabilities | ||
Description: | Liu Die Yu discovered an information disclosure vulnerability in Firefox when using saved .url shortcut files. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-667-1 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5015 CVE-2008-5016 CVE-2008-5017 CVE-2008-5018 CVE-2008-5019 CVE-2008-0017 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.10 Ubuntu 8.04 Ubuntu 8.10 | Product(s): | firefox firefox-3.0 xulrunner-1.9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17848 | |||
Oval ID: | oval:org.mitre.oval:def:17848 | ||
Title: | USN-668-1 -- mozilla-thunderbird, thunderbird vulnerabilities | ||
Description: | Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the same-origin check in Thunderbird could be bypassed. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-668-1 CVE-2008-5012 CVE-2008-5014 CVE-2008-5016 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5024 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.10 Ubuntu 8.04 Ubuntu 8.10 | Product(s): | mozilla-thunderbird thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19874 | |||
Oval ID: | oval:org.mitre.oval:def:19874 | ||
Title: | DSA-1669-1 xulrunner - several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1669-1 CVE-2008-0016 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-0017 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20161 | |||
Oval ID: | oval:org.mitre.oval:def:20161 | ||
Title: | DSA-1671-1 iceweasel - several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Iceweasel webbrowser, an unbranded version of the Firefox browser. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1671-1 CVE-2008-0017 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceweasel |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22044 | |||
Oval ID: | oval:org.mitre.oval:def:22044 | ||
Title: | ELSA-2008:0976: thunderbird security update (Moderate) | ||
Description: | The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0976-01 CVE-2008-5014 CVE-2008-5016 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5012 CVE-2008-5022 CVE-2008-5024 CVE-2008-5052 | Version: | 41 |
Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29116 | |||
Oval ID: | oval:org.mitre.oval:def:29116 | ||
Title: | RHSA-2008:0976 -- thunderbird security update (Moderate) | ||
Description: | Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5021) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2008:0976 CESA-2008:0976-CentOS 5 CVE-2008-5012 CVE-2008-5014 CVE-2008-5016 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5024 CVE-2008-5052 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29237 | |||
Oval ID: | oval:org.mitre.oval:def:29237 | ||
Title: | RHSA-2008:0978 -- firefox security update (Critical) | ||
Description: | All firefox users should upgrade to these updated packages, which contain backported patches that correct these issues. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2008:0978 CESA-2008:0978-CentOS 5 CVE-2008-0017 CVE-2008-5014 CVE-2008-5015 CVE-2008-5016 CVE-2008-5017 CVE-2008-5018 CVE-2008-5019 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | firefox nss devhelp xulrunner yelp |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7740 | |||
Oval ID: | oval:org.mitre.oval:def:7740 | ||
Title: | DSA-1669 xulrunner -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. "moz_bug_r_a4" discovered that the same-origin check in nsXMLDocument::OnChannelRedirect() could by bypassed. "moz_bug_r_a4" discovered that several vulnerabilities in feedWriter could lead to Chrome privilege escalation. Paul Nickerson discovered that an attacker could move windows during a mouse click, resulting in unwanted action triggered by drag-and-drop. "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability in XSLT handling. Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string. Gareth Heyes discovered that some Unicode surrogate characters are ignored by the HTML parser. Boris Zbarsky discovered that resource: URls allow directory traversal when using URL-encoded slashes. Georgi Guninski discovered that resource: URLs could bypass local access restrictions. Billy Hoffman discovered that the XBM decoder could reveal uninitialised memory. Liu Die Yu discovered an information leak through local shortcut files. Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. It was discovered that insufficient checks in the Flash plugin glue code could lead to arbitrary code execution. Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. It was discovered that crashes in the layout engine could lead to arbitrary code execution. It was discovered that crashes in the Javascript engine could lead to arbitrary code execution. Justin Schuh discovered that a buffer overflow in http-index-format parser could lead to arbitrary code execution. It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. "moz_bug_r_a4" discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners() could be bypassed. Collin Jackson discovered that the -moz-binding property bypasses security checks on codebase principals. Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1669 CVE-2008-0016 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-0017 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8140 | |||
Oval ID: | oval:org.mitre.oval:def:8140 | ||
Title: | DSA-1671 iceweasel -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Iceweasel webbrowser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: Justin Schuh discovered that a buffer overflow in the http-index-format parser could lead to arbitrary code execution. Liu Die Yu discovered an information leak through local shortcut files. Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. It was discovered that insufficient checks in the Flash plugin glue code could lead to arbitrary code execution. Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. It was discovered that crashes in the layout engine could lead to arbitrary code execution. It was discovered that crashes in the Javascript engine could lead to arbitrary code execution. It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. moz_bug_r_a4 discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners() could be bypassed. Collin Jackson discovered that the -moz-binding property bypasses security checks on codebase principals. Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1671 CVE-2008-0017 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceweasel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9449 | |||
Oval ID: | oval:org.mitre.oval:def:9449 | ||
Title: | The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js. | ||
Description: | The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5052 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9660 | |||
Oval ID: | oval:org.mitre.oval:def:9660 | ||
Title: | Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address. | ||
Description: | Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5013 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-13 | Name : SLES10: Security update for gecko-sdk and mozilla-xulrunner File : nvt/sles10_gecko-sdk0.nasl |
2009-10-13 | Name : SLES10: Security update for MozillaFirefox File : nvt/sles10_MozillaFirefox6.nasl |
2009-10-13 | Name : SLES10: Security update for MozillaFirefox File : nvt/sles10_MozillaFirefox0.nasl |
2009-06-03 | Name : Solaris Update for Mozilla 1.7 125539-06 File : nvt/gb_solaris_125539_06.nasl |
2009-06-03 | Name : Solaris Update for Mozilla Firefox Web browser 125540-06 File : nvt/gb_solaris_125540_06.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2008:235 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2008_235.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-firefox MDVSA-2008:228 (mozilla-firefox) File : nvt/gb_mandriva_MDVSA_2008_228.nasl |
2009-04-09 | Name : Mandriva Update for firefox MDVSA-2008:230 (firefox) File : nvt/gb_mandriva_MDVSA_2008_230.nasl |
2009-03-23 | Name : Ubuntu Update for mozilla-thunderbird, thunderbird vulnerabilities USN-668-1 File : nvt/gb_ubuntu_USN_668_1.nasl |
2009-03-23 | Name : Ubuntu Update for firefox, firefox-3.0, xulrunner-1.9 vulnerabilities USN-667-1 File : nvt/gb_ubuntu_USN_667_1.nasl |
2009-03-06 | Name : RedHat Update for thunderbird RHSA-2008:0976-01 File : nvt/gb_RHSA-2008_0976-01_thunderbird.nasl |
2009-03-06 | Name : RedHat Update for seamonkey RHSA-2008:0977-01 File : nvt/gb_RHSA-2008_0977-01_seamonkey.nasl |
2009-03-06 | Name : RedHat Update for firefox RHSA-2008:0978-01 File : nvt/gb_RHSA-2008_0978-01_firefox.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0977 centos3 x86_64 File : nvt/gb_CESA-2008_0977_seamonkey_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for thunderbird CESA-2008:0976 centos4 i386 File : nvt/gb_CESA-2008_0976_thunderbird_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0977 centos3 i386 File : nvt/gb_CESA-2008_0977_seamonkey_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for thunderbird CESA-2008:0976 centos4 x86_64 File : nvt/gb_CESA-2008_0976_thunderbird_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0977-01 centos2 i386 File : nvt/gb_CESA-2008_0977-01_seamonkey_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for firefox CESA-2008:0978 centos4 x86_64 File : nvt/gb_CESA-2008_0978_firefox_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for firefox CESA-2008:0978 centos4 i386 File : nvt/gb_CESA-2008_0978_firefox_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0977 centos4 x86_64 File : nvt/gb_CESA-2008_0977_seamonkey_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0977 centos4 i386 File : nvt/gb_CESA-2008_0977_seamonkey_centos4_i386.nasl |
2009-02-17 | Name : Fedora Update for evolution-rss FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_evolution-rss_fc9.nasl |
2009-02-17 | Name : Fedora Update for firefox FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_firefox_fc9.nasl |
2009-02-17 | Name : Fedora Update for galeon FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_galeon_fc9.nasl |
2009-02-17 | Name : Fedora Update for gnome-python2-extras FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_gnome-python2-extras_fc9.nasl |
2009-02-17 | Name : Fedora Update for gnome-web-photo FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_gnome-web-photo_fc9.nasl |
2009-02-17 | Name : Fedora Update for google-gadgets FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_google-gadgets_fc9.nasl |
2009-02-17 | Name : Fedora Update for gtkmozembedmm FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_gtkmozembedmm_fc9.nasl |
2009-02-17 | Name : Fedora Update for kazehakase FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_kazehakase_fc9.nasl |
2009-02-17 | Name : Fedora Update for mozvoikko FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_mozvoikko_fc9.nasl |
2009-02-17 | Name : Fedora Update for mugshot FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_mugshot_fc9.nasl |
2009-02-17 | Name : Fedora Update for ruby-gnome2 FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_ruby-gnome2_fc9.nasl |
2009-02-17 | Name : Fedora Update for seamonkey FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_seamonkey_fc9.nasl |
2009-02-17 | Name : Fedora Update for totem FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_totem_fc9.nasl |
2009-02-17 | Name : Fedora Update for xulrunner FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_xulrunner_fc9.nasl |
2009-02-17 | Name : Fedora Update for yelp FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_yelp_fc9.nasl |
2009-02-17 | Name : Fedora Update for thunderbird FEDORA-2008-9807 File : nvt/gb_fedora_2008_9807_thunderbird_fc8.nasl |
2009-02-17 | Name : Fedora Update for thunderbird FEDORA-2008-9859 File : nvt/gb_fedora_2008_9859_thunderbird_fc9.nasl |
2009-02-17 | Name : Fedora Update for thunderbird FEDORA-2008-9901 File : nvt/gb_fedora_2008_9901_thunderbird_fc10.nasl |
2009-02-17 | Name : Fedora Update for devhelp FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_devhelp_fc9.nasl |
2009-02-17 | Name : Fedora Update for gnome-python2-extras FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_gnome-python2-extras_fc8.nasl |
2009-02-17 | Name : Fedora Update for cairo-dock FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_cairo-dock_fc8.nasl |
2009-02-17 | Name : Fedora Update for blam FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_blam_fc8.nasl |
2009-02-17 | Name : Fedora Update for chmsee FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_chmsee_fc8.nasl |
2009-02-17 | Name : Fedora Update for devhelp FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_devhelp_fc8.nasl |
2009-02-17 | Name : Fedora Update for epiphany-extensions FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_epiphany-extensions_fc8.nasl |
2009-02-17 | Name : Fedora Update for Miro FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_Miro_fc8.nasl |
2009-02-17 | Name : Fedora Update for epiphany FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_epiphany_fc8.nasl |
2009-02-17 | Name : Fedora Update for evolution-rss FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_evolution-rss_fc8.nasl |
2009-02-17 | Name : Fedora Update for firefox FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_firefox_fc8.nasl |
2009-02-17 | Name : Fedora Update for galeon FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_galeon_fc8.nasl |
2009-02-17 | Name : Fedora Update for gnome-web-photo FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_gnome-web-photo_fc8.nasl |
2009-02-17 | Name : Fedora Update for kazehakase FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_kazehakase_fc8.nasl |
2009-02-17 | Name : Fedora Update for liferea FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_liferea_fc8.nasl |
2009-02-17 | Name : Fedora Update for openvrml FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_openvrml_fc8.nasl |
2009-02-17 | Name : Fedora Update for ruby-gnome2 FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_ruby-gnome2_fc8.nasl |
2009-02-17 | Name : Fedora Update for seamonkey FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_seamonkey_fc8.nasl |
2009-02-17 | Name : Fedora Update for yelp FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_yelp_fc8.nasl |
2009-02-17 | Name : Fedora Update for Miro FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_Miro_fc9.nasl |
2009-02-17 | Name : Fedora Update for cairo-dock FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_cairo-dock_fc9.nasl |
2009-02-17 | Name : Fedora Update for chmsee FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_chmsee_fc9.nasl |
2009-02-17 | Name : Fedora Update for epiphany FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_epiphany_fc9.nasl |
2009-02-17 | Name : Fedora Update for epiphany-extensions FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_epiphany-extensions_fc9.nasl |
2009-01-23 | Name : SuSE Update for MozillaFirefox,MozillaThunderbird,seamonkey SUSE-SA:2008:055 File : nvt/gb_suse_2008_055.nasl |
2009-01-13 | Name : Debian Security Advisory DSA 1696-1 (icedove) File : nvt/deb_1696_1.nasl |
2009-01-13 | Name : Debian Security Advisory DSA 1697-1 (iceape) File : nvt/deb_1697_1.nasl |
2008-12-03 | Name : Debian Security Advisory DSA 1671-1 (iceweasel) File : nvt/deb_1671_1.nasl |
2008-11-24 | Name : Debian Security Advisory DSA 1669-1 (xulrunner) File : nvt/deb_1669_1.nasl |
2008-11-21 | Name : Mozilla Seamonkey Multiple Vulnerabilities November-08 (Win) File : nvt/gb_seamonkey_mult_vuln_nov08_win.nasl |
2008-11-21 | Name : Mozilla Seamonkey Multiple Vulnerabilities November-08 (Linux) File : nvt/gb_seamonkey_mult_vuln_nov08_lin.nasl |
2008-11-21 | Name : Mozilla Thunderbird Multiple Vulnerabilities November-08 (Linux) File : nvt/gb_thunderbird_mult_vuln_nov08_lin.nasl |
2008-11-21 | Name : Mozilla Thunderbird Multiple Vulnerabilities November-08 (Win) File : nvt/gb_thunderbird_mult_vuln_nov08_win.nasl |
2008-11-21 | Name : Mozilla Firefox Multiple Vulnerabilities November-08 (Win) File : nvt/gb_firefox_mult_vuln_nov08_win.nasl |
2008-11-21 | Name : Mozilla Firefox Multiple Vulnerabilities November-08 (Linux) File : nvt/gb_firefox_mult_vuln_nov08_lin.nasl |
2008-11-19 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox35.nasl |
2008-10-17 | Name : Firefox .url Shortcut File Information Disclosure Vulnerability File : nvt/gb_firefox_url_file_info_dis_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
50285 | Mozilla Multiple Product JavaScript Engine AppendAttributeValue Function Remo... |
50210 | Mozilla Multiple Products Layout Engine Multiple Function DoS |
50182 | Mozilla Multiple Products Codebase Principals Protection Mechanism Bypass Sig... |
50181 | Mozilla Multiple Products nsXMLHttpRequest::NotifyEventListeners Method Same-... |
50179 | Mozilla Multiple Products nsFrameManager File Input Element Modification Blur... |
50178 | Mozilla Multiple Products Session Restore Feature Same-origin Policy Bypass C... |
50177 | Mozilla Multiple Products JavaScript Engine Date Class Unspecified Remote DoS |
50176 | Mozilla Multiple Products Browser Engine xpcom/io/nsEscape.cpp Unspecified Ov... |
50142 | Mozilla Firefox file: URI Chrome Privileges Same Tab Access Local System Save... |
50141 | Mozilla Multiple Products jslock.cpp OBJ_IS_NATIVE Function Non-Native Object... |
50140 | Mozilla Multiple Products Flash Module SWF File Dynamic Unloading Arbitrary R... |
50139 | Mozilla Multiple Products Canvas Element Handling Same-policy Origin Bypass |
49995 | Mozilla Multiple Products EX4 Document Handling Remote XML Injection |
49925 | Mozilla Multiple Products http-index-format MIME Type Parser Crafted Index Re... |
49073 | Mozilla Multiple Products HTML Element .url Shortcut File Arbitrary Cache Dis... |
Snort® IPS/IDS
Date | Description |
---|---|
2016-10-25 | Mozilla Firefox file type memory corruption attempt RuleID : 40280 - Revision : 1 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox file type memory corruption attempt RuleID : 17603 - Revision : 10 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox file type memory corruption attempt RuleID : 17601 - Revision : 15 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2008-0976.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0977.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0978.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20081112_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20081112_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20081119_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2008-0976.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0978.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-5826.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gecko-sdk-5813.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaThunderbird-081124.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-081124.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_mozilla-xulrunner181-081122.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_seamonkey-081122.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-667-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-668-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0977.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-235.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-230.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-228.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2008-9901.nasl - Type : ACT_GATHER_INFO |
2009-01-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1696.nasl - Type : ACT_GATHER_INFO |
2009-01-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1697.nasl - Type : ACT_GATHER_INFO |
2008-11-26 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gecko-sdk-5811.nasl - Type : ACT_GATHER_INFO |
2008-11-25 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-5815.nasl - Type : ACT_GATHER_INFO |
2008-11-25 | Name : The remote openSUSE host is missing a security update. File : suse_mozilla-xulrunner181-5820.nasl - Type : ACT_GATHER_INFO |
2008-11-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1671.nasl - Type : ACT_GATHER_INFO |
2008-11-25 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-5825.nasl - Type : ACT_GATHER_INFO |
2008-11-25 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-5812.nasl - Type : ACT_GATHER_INFO |
2008-11-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1669.nasl - Type : ACT_GATHER_INFO |
2008-11-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-5786.nasl - Type : ACT_GATHER_INFO |
2008-11-21 | Name : The remote Fedora host is missing a security update. File : fedora_2008-9807.nasl - Type : ACT_GATHER_INFO |
2008-11-21 | Name : The remote Fedora host is missing a security update. File : fedora_2008-9859.nasl - Type : ACT_GATHER_INFO |
2008-11-21 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0976.nasl - Type : ACT_GATHER_INFO |
2008-11-20 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_20018.nasl - Type : ACT_GATHER_INFO |
2008-11-16 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-9667.nasl - Type : ACT_GATHER_INFO |
2008-11-16 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-9669.nasl - Type : ACT_GATHER_INFO |
2008-11-14 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_f29fea8fb19f11dda55e00163e000016.nasl - Type : ACT_GATHER_INFO |
2008-11-13 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_20018.nasl - Type : ACT_GATHER_INFO |
2008-11-13 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1113.nasl - Type : ACT_GATHER_INFO |
2008-11-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0978.nasl - Type : ACT_GATHER_INFO |
2008-11-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0977.nasl - Type : ACT_GATHER_INFO |
2008-11-13 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_304.nasl - Type : ACT_GATHER_INFO |
2008-09-24 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_302.nasl - Type : ACT_GATHER_INFO |