Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | Thunderbird vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | USN-2053-1 | First vendor Publication | 2013-12-11 |
| Vendor | Ubuntu | Last vendor Modification | 2013-12-11 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS Summary: Several security issues were fixed in Thunderbird. Software Description: - thunderbird: Mozilla Open Source mail and newsgroup client Details: Ben Turner, Bobby Holley, Jesse Ruderman and Christian Holler discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5609) Tyson Smith and Jesse Schwartzentruber discovered a use-after-free in event listeners. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5616) A use-after-free was discovered in the table editing interface. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5618) Tyson Smith and Jesse Schwartzentruber discovered a crash when inserting an ordered list in to a document using script. If a user had enabled scripting, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-6671) Sijie Xia discovered that trust settings for built-in EV root certificates were ignored under certain circumstances, removing the ability for a user to manually untrust certificates from specific authorities. (CVE-2013-6673) Tyson Smith, Jesse Schwartzentruber and Atte Kettunen discovered a use-after-free in functions for synthetic mouse movement handling. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5613) Eric Faust discovered that GetElementIC typed array stubs can be generated outside observed typesets. If a user had enabled scripting, an attacker could possibly exploit this to cause undefined behaviour with a potential security impact. (CVE-2013-5615) Michal Zalewski discovered several issues with JPEG image handling. An attacker could potentially exploit these to obtain sensitive information. (CVE-2013-6629, CVE-2013-6630) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: Ubuntu 13.04: Ubuntu 12.10: Ubuntu 12.04 LTS: After a standard system update you need to restart Thunderbird to make all the necessary changes. References: Package Information: |
Original Source
| Url : http://www.ubuntu.com/usn/USN-2053-1 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 43 % | CWE-416 | Use After Free |
| 14 % | CWE-310 | Cryptographic Issues |
| 14 % | CWE-200 | Information Exposure |
| 14 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
| 14 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:20678 | |||
| Oval ID: | oval:org.mitre.oval:def:20678 | ||
| Title: | Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners. | ||
| Description: | Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5616 | Version: | 14 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20749 | |||
| Oval ID: | oval:org.mitre.oval:def:20749 | ||
| Title: | RHSA-2013:1812: firefox security update (Critical) | ||
| Description: | The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:1812-01 CESA-2013:1812 CVE-2013-0772 CVE-2013-5609 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5616 CVE-2013-5618 CVE-2013-6671 | Version: | 117 |
| Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20780 | |||
| Oval ID: | oval:org.mitre.oval:def:20780 | ||
| Title: | USN-2052-1 -- firefox vulnerabilities | ||
| Description: | Firefox could be made to crash or run programs as your login if it opened a malicious website. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2052-1 CVE-2013-5609 CVE-2013-5610 CVE-2013-5611 CVE-2013-5612 CVE-2013-5614 CVE-2013-5616 CVE-2013-5618 CVE-2013-5619 CVE-2013-6671 CVE-2013-6672 CVE-2013-6673 CVE-2013-5613 CVE-2013-5615 CVE-2013-6629 CVE-2013-6630 | Version: | 5 |
| Platform(s): | Ubuntu 13.10 Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20800 | |||
| Oval ID: | oval:org.mitre.oval:def:20800 | ||
| Title: | The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors. | ||
| Description: | The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5615 | Version: | 14 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20881 | |||
| Oval ID: | oval:org.mitre.oval:def:20881 | ||
| Title: | USN-2053-1 -- thunderbird vulnerabilities | ||
| Description: | Several security issues were fixed in Thunderbird. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2053-1 CVE-2013-5609 CVE-2013-5616 CVE-2013-5618 CVE-2013-6671 CVE-2013-6673 CVE-2013-5613 CVE-2013-5615 CVE-2013-6629 CVE-2013-6630 | Version: | 5 |
| Platform(s): | Ubuntu 13.10 Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21015 | |||
| Oval ID: | oval:org.mitre.oval:def:21015 | ||
| Title: | Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function. | ||
| Description: | Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5613 | Version: | 14 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21024 | |||
| Oval ID: | oval:org.mitre.oval:def:21024 | ||
| Title: | Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user. | ||
| Description: | Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-6673 | Version: | 14 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21061 | |||
| Oval ID: | oval:org.mitre.oval:def:21061 | ||
| Title: | USN-2060-1 -- libjpeg-turbo, libjpeg6b vulnerabilities | ||
| Description: | libjpeg and libjpeg-turbo could be made to expose sensitive information. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2060-1 CVE-2013-6629 CVE-2013-6630 | Version: | 5 |
| Platform(s): | Ubuntu 13.10 Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 10.04 | Product(s): | libjpeg-turbo libjpeg6b |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21110 | |||
| Oval ID: | oval:org.mitre.oval:def:21110 | ||
| Title: | The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. | ||
| Description: | The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-6671 | Version: | 14 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21122 | |||
| Oval ID: | oval:org.mitre.oval:def:21122 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-5609 | Version: | 14 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21129 | |||
| Oval ID: | oval:org.mitre.oval:def:21129 | ||
| Title: | RHSA-2013:1804: libjpeg security update (Moderate) | ||
| Description: | The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:1804-00 CESA-2013:1804 CVE-2013-6629 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | libjpeg |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21152 | |||
| Oval ID: | oval:org.mitre.oval:def:21152 | ||
| Title: | The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. | ||
| Description: | The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-6630 | Version: | 15 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21193 | |||
| Oval ID: | oval:org.mitre.oval:def:21193 | ||
| Title: | RHSA-2013:1803: libjpeg-turbo security update (Moderate) | ||
| Description: | The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:1803-00 CESA-2013:1803 CVE-2013-6629 CVE-2013-6630 | Version: | 31 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | libjpeg-turbo |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21236 | |||
| Oval ID: | oval:org.mitre.oval:def:21236 | ||
| Title: | The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. | ||
| Description: | The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-6629 | Version: | 15 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21283 | |||
| Oval ID: | oval:org.mitre.oval:def:21283 | ||
| Title: | RHSA-2013:1823: thunderbird security update (Important) | ||
| Description: | The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:1823-01 CESA-2013:1823 CVE-2013-0772 CVE-2013-5609 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5616 CVE-2013-5618 CVE-2013-6671 | Version: | 117 |
| Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23396 | |||
| Oval ID: | oval:org.mitre.oval:def:23396 | ||
| Title: | DEPRECATED: ELSA-2013:1812: firefox security update (Critical) | ||
| Description: | The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:1812-01 CVE-2013-0772 CVE-2013-5609 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5616 CVE-2013-5618 CVE-2013-6671 | Version: | 38 |
| Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23646 | |||
| Oval ID: | oval:org.mitre.oval:def:23646 | ||
| Title: | ELSA-2013:1804: libjpeg security update (Moderate) | ||
| Description: | The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:1804-00 CVE-2013-6629 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | libjpeg |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23916 | |||
| Oval ID: | oval:org.mitre.oval:def:23916 | ||
| Title: | ELSA-2013:1812: firefox security update (Critical) | ||
| Description: | The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:1812-01 CVE-2013-0772 CVE-2013-5609 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5616 CVE-2013-5618 CVE-2013-6671 | Version: | 37 |
| Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:24036 | |||
| Oval ID: | oval:org.mitre.oval:def:24036 | ||
| Title: | ELSA-2013:1803: libjpeg-turbo security update (Moderate) | ||
| Description: | The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:1803-00 CVE-2013-6629 CVE-2013-6630 | Version: | 13 |
| Platform(s): | Oracle Linux 6 | Product(s): | libjpeg-turbo |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:24712 | |||
| Oval ID: | oval:org.mitre.oval:def:24712 | ||
| Title: | Vulnerability in Java SE 5.0u61, Java SE 6u71, Java SE 7u51, Java SE 8 allows successful unauthenticated network attacks via multiple protocols | ||
| Description: | The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-6629 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26976 | |||
| Oval ID: | oval:org.mitre.oval:def:26976 | ||
| Title: | DEPRECATED: ELSA-2013-1804 -- libjpeg security update (moderate) | ||
| Description: | [6b-38] - Add patch for CVE-2013-6629 - Resolves: #1031952 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-1804 CVE-2013-6629 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | libjpeg |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27154 | |||
| Oval ID: | oval:org.mitre.oval:def:27154 | ||
| Title: | DEPRECATED: ELSA-2013-1803 -- libjpeg-turbo security update (moderate) | ||
| Description: | [1.2.1-3] - Resolves: #1031955 apply patch for CVE-2013-6630 [1.2.1-2] - Resolves: #1031955 libjpeg-turbo: various flaws (CVE-2013-6629) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-1803 CVE-2013-6629 CVE-2013-6630 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | libjpeg-turbo |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27223 | |||
| Oval ID: | oval:org.mitre.oval:def:27223 | ||
| Title: | DEPRECATED: ELSA-2013-1823 -- thunderbird security update (important) | ||
| Description: | [24.2.0-1.0.1.el6_5] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Make sure build with nspr-devel >= 4.10.0 [24.2.0-1] - Update to 24.2.0 ESR [24.1.0-1] - Update to 24.1.0 ESR | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-1823 CVE-2013-5609 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5616 CVE-2013-5618 CVE-2013-6671 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27366 | |||
| Oval ID: | oval:org.mitre.oval:def:27366 | ||
| Title: | DEPRECATED: ELSA-2013-1812 -- firefox security update (critical) | ||
| Description: | [24.2.0-1.0.1.el6_4] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Build with nspr-devel >= 4.10.0 to fix build failure [24.2.0-1] - Update to 24.2.0 ESR [24.1.0-4] - Fixed mozbz#938730 - avoid mix of memory allocators (crashes) when using system sqlite [24.1.0-3] - Fixed locale pickup (rhbz#1034541) [24.1.0-2] - Fixed package reinstall issue [24.1.0-1] - Update to 24.1.0 ESR [24.0-0.1] - Update to 24.0 ESR | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-1812 CVE-2013-5609 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5616 CVE-2013-5618 CVE-2013-6671 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2014-03-13 | IAVM : 2014-B-0024 - Multiple Security Vulnerabilities in Apple iOS Severity : Category I - VMSKEY : V0046157 |
| 2014-02-27 | IAVM : 2014-A-0030 - Apple Mac OS X Security Update 2014-001 Severity : Category I - VMSKEY : V0044547 |
| 2013-12-12 | IAVM : 2013-A-0233 - Multiple Vulnerabilities in Mozilla Products Severity : Category I - VMSKEY : V0042596 |
| 2013-11-14 | IAVM : 2013-B-0124 - Multiple Vulnerabilities in Google Chrome Severity : Category I - VMSKEY : V0042301 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2017-04-12 | Name : The remote Windows host is affected by multiple vulnerabilities. File : smb_nt_ms17_apr_4015550.nasl - Type : ACT_GATHER_INFO |
| 2017-04-12 | Name : The remote Windows host is affected by multiple vulnerabilities. File : smb_nt_ms17_apr_4015549.nasl - Type : ACT_GATHER_INFO |
| 2017-04-12 | Name : The remote Windows host is affected by an information disclosure vulnerability. File : smb_nt_ms17_apr_4015383.nasl - Type : ACT_GATHER_INFO |
| 2017-04-12 | Name : An application installed on the remote macOS or Mac OS X host is affected by ... File : macosx_ms17-04-4019460_mono.nasl - Type : ACT_GATHER_INFO |
| 2017-04-11 | Name : A web application framework running on the remote host is affected by an info... File : smb_nt_ms17_apr_4017094.nasl - Type : ACT_GATHER_INFO |
| 2017-04-11 | Name : The remote Windows host is affected by multiple vulnerabilities. File : smb_nt_ms17_apr_4015583.nasl - Type : ACT_GATHER_INFO |
| 2017-04-11 | Name : The remote Windows host is affected by multiple vulnerabilities. File : smb_nt_ms17_apr_4015221.nasl - Type : ACT_GATHER_INFO |
| 2017-04-11 | Name : The remote Windows host is affected by multiple vulnerabilities. File : smb_nt_ms17_apr_4015219.nasl - Type : ACT_GATHER_INFO |
| 2017-04-11 | Name : The remote Windows host is affected by multiple vulnerabilities. File : smb_nt_ms17_apr_4015217.nasl - Type : ACT_GATHER_INFO |
| 2017-04-11 | Name : The remote Windows host is affected by multiple vulnerabilities. File : smb_nt_ms17-apr_4015551.nasl - Type : ACT_GATHER_INFO |
| 2016-06-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201606-03.nasl - Type : ACT_GATHER_INFO |
| 2016-05-24 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL59503294.nasl - Type : ACT_GATHER_INFO |
| 2016-02-22 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL62655427.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-0732-1.nasl - Type : ACT_GATHER_INFO |
| 2015-04-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201504-01.nasl - Type : ACT_GATHER_INFO |
| 2014-12-16 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-773.nasl - Type : ACT_GATHER_INFO |
| 2014-12-16 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-772.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0982.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0414.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0413.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-0041.nasl - Type : ACT_GATHER_INFO |
| 2014-09-23 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : domino_9_0_1_fp2.nasl - Type : ACT_GATHER_INFO |
| 2014-09-23 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : ibm_domino_9_0_1_fp2.nasl - Type : ACT_GATHER_INFO |
| 2014-09-23 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : ibm_notes_9_0_1_fp2.nasl - Type : ACT_GATHER_INFO |
| 2014-09-17 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2014-0008.nasl - Type : ACT_GATHER_INFO |
| 2014-09-17 | Name : The remote host has an update manager installed that is affected by multiple ... File : vmware_vcenter_update_mgr_vmsa-2014-0008.nasl - Type : ACT_GATHER_INFO |
| 2014-07-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0705.nasl - Type : ACT_GATHER_INFO |
| 2014-07-28 | Name : The remote AIX host has a version of Java SDK installed that is potentially a... File : aix_java_apr2014_advisory.nasl - Type : ACT_GATHER_INFO |
| 2014-06-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-961.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-1022.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-1023.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-1024.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-903.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-904.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-993.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-994.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-995.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-2.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-37.nasl - Type : ACT_GATHER_INFO |
| 2014-06-10 | Name : The remote Fedora host is missing a security update. File : fedora_2014-6870.nasl - Type : ACT_GATHER_INFO |
| 2014-06-10 | Name : The remote Fedora host is missing a security update. File : fedora_2014-6859.nasl - Type : ACT_GATHER_INFO |
| 2014-06-03 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-140514.nasl - Type : ACT_GATHER_INFO |
| 2014-06-01 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-140515.nasl - Type : ACT_GATHER_INFO |
| 2014-05-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0509.nasl - Type : ACT_GATHER_INFO |
| 2014-05-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0508.nasl - Type : ACT_GATHER_INFO |
| 2014-05-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0486.nasl - Type : ACT_GATHER_INFO |
| 2014-05-14 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-openjdk-140508.nasl - Type : ACT_GATHER_INFO |
| 2014-05-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2923.nasl - Type : ACT_GATHER_INFO |
| 2014-04-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0412.nasl - Type : ACT_GATHER_INFO |
| 2014-04-16 | Name : The remote Unix host contains a programming platform that is potentially affe... File : oracle_java_cpu_apr_2014_unix.nasl - Type : ACT_GATHER_INFO |
| 2014-04-16 | Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_java_cpu_apr_2014.nasl - Type : ACT_GATHER_INFO |
| 2014-03-12 | Name : The remote device is affected by multiple vulnerabilities. File : appletv_6_1.nasl - Type : ACT_GATHER_INFO |
| 2014-02-25 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2014-001.nasl - Type : ACT_GATHER_INFO |
| 2014-02-25 | Name : The remote host is missing a Mac OS X update that fixes a certificate validat... File : macosx_10_9_2.nasl - Type : ACT_GATHER_INFO |
| 2014-01-12 | Name : The remote Fedora host is missing a security update. File : fedora_2013-23722.nasl - Type : ACT_GATHER_INFO |
| 2014-01-03 | Name : The remote Fedora host is missing a security update. File : fedora_2013-23291.nasl - Type : ACT_GATHER_INFO |
| 2013-12-24 | Name : The remote Fedora host is missing a security update. File : fedora_2013-23749.nasl - Type : ACT_GATHER_INFO |
| 2013-12-23 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-267.nasl - Type : ACT_GATHER_INFO |
| 2013-12-20 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox24-201312-131215.nasl - Type : ACT_GATHER_INFO |
| 2013-12-20 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox24-201312-131216.nasl - Type : ACT_GATHER_INFO |
| 2013-12-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2060-1.nasl - Type : ACT_GATHER_INFO |
| 2013-12-18 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-23519.nasl - Type : ACT_GATHER_INFO |
| 2013-12-17 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2013-350-02.nasl - Type : ACT_GATHER_INFO |
| 2013-12-16 | Name : The remote Fedora host is missing a security update. File : fedora_2013-23295.nasl - Type : ACT_GATHER_INFO |
| 2013-12-16 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_dd116b1964b311e3868f0025905a4771.nasl - Type : ACT_GATHER_INFO |
| 2013-12-13 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131211_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-12-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1823.nasl - Type : ACT_GATHER_INFO |
| 2013-12-12 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2013-1812.nasl - Type : ACT_GATHER_INFO |
| 2013-12-12 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2013-1823.nasl - Type : ACT_GATHER_INFO |
| 2013-12-12 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-23127.nasl - Type : ACT_GATHER_INFO |
| 2013-12-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2013-1823.nasl - Type : ACT_GATHER_INFO |
| 2013-12-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2013-1812.nasl - Type : ACT_GATHER_INFO |
| 2013-12-12 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131211_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-12-12 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2053-1.nasl - Type : ACT_GATHER_INFO |
| 2013-12-12 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2052-1.nasl - Type : ACT_GATHER_INFO |
| 2013-12-11 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_26.nasl - Type : ACT_GATHER_INFO |
| 2013-12-11 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131210_libjpeg_turbo_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2013-12-11 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_24_2_esr.nasl - Type : ACT_GATHER_INFO |
| 2013-12-11 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131210_libjpeg_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-12-11 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_24_2.nasl - Type : ACT_GATHER_INFO |
| 2013-12-11 | Name : The remote Windows host contains a web browser that is potentially affected b... File : seamonkey_223.nasl - Type : ACT_GATHER_INFO |
| 2013-12-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1812.nasl - Type : ACT_GATHER_INFO |
| 2013-12-11 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1804.nasl - Type : ACT_GATHER_INFO |
| 2013-12-11 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_24_2.nasl - Type : ACT_GATHER_INFO |
| 2013-12-11 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_26.nasl - Type : ACT_GATHER_INFO |
| 2013-12-11 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_24_2_esr.nasl - Type : ACT_GATHER_INFO |
| 2013-12-10 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1803.nasl - Type : ACT_GATHER_INFO |
| 2013-12-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1803.nasl - Type : ACT_GATHER_INFO |
| 2013-12-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1804.nasl - Type : ACT_GATHER_INFO |
| 2013-12-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1804.nasl - Type : ACT_GATHER_INFO |
| 2013-12-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1803.nasl - Type : ACT_GATHER_INFO |
| 2013-11-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-273.nasl - Type : ACT_GATHER_INFO |
| 2013-11-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2799.nasl - Type : ACT_GATHER_INFO |
| 2013-11-14 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_31_0_1650_48.nasl - Type : ACT_GATHER_INFO |
| 2013-11-14 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_google_chrome_31_0_1650_48.nasl - Type : ACT_GATHER_INFO |
| 2013-11-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_3bfc70164bcc11e3b0cf00262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 12:02:52 |
|
| 2013-12-13 00:22:17 |
|
| 2013-12-11 21:24:28 |
|
| 2013-12-11 17:18:04 |
|
