Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | Firefox vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | USN-2185-1 | First vendor Publication | 2014-04-29 |
| Vendor | Ubuntu | Last vendor Modification | 2014-04-29 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 13.10 - Ubuntu 12.10 - Ubuntu 12.04 LTS Summary: Firefox could be made to crash or run programs as your login if it opened a malicious website. Software Description: - firefox: Mozilla Open Source web browser Details: Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, John Schoenick, Karl Tomlinson, Vladimir Vukicevic and Christian Holler discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1518, CVE-2014-1519) An out of bounds read was discovered in Web Audio. An attacker could potentially exploit this cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1522) Abhishek Arya discovered an out of bounds read when decoding JPG images. An attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2014-1523) Abhishek Arya discovered a buffer overflow when a script uses a non-XBL object as an XBL object. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1524) Abhishek Arya discovered a use-after-free in the Text Track Manager when processing HTML video. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1525) Jukka Jylänki discovered an out-of-bounds write in Cairo when working with canvas in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1528) Mariusz Mlynski discovered that sites with notification permissions can run script in a privileged context in some circumstances. An attacker could exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1529) It was discovered that browser history navigations could be used to load a site with the addressbar displaying the wrong address. An attacker could potentially exploit this to conduct cross-site scripting or phishing attacks. (CVE-2014-1530) A use-after-free was discovered when resizing images in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1531) Christian Heimes discovered that NSS did not handle IDNA domain prefixes correctly for wildcard certificates. An attacker could potentially exploit this by using a specially crafted certificate to conduct a man-in-the-middle attack. (CVE-2014-1492) Tyson Smith and Jesse Schwartzentruber discovered a use-after-free during host resolution in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1532) Boris Zbarsky discovered that the debugger bypassed XrayWrappers for some objects. If a user were tricked in to opening a specially crafted website whilst using the debugger, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1526) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: Ubuntu 13.10: Ubuntu 12.10: Ubuntu 12.04 LTS: After a standard system update you need to restart Firefox to make all the necessary changes. References: Package Information: |
Original Source
| Url : http://www.ubuntu.com/usn/USN-2185-1 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 25 % | CWE-416 | Use After Free |
| 17 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
| 17 % | CWE-269 | Improper Privilege Management |
| 8 % | CWE-125 | Out-of-bounds Read |
| 8 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
| 8 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 8 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
| 8 % | CWE-20 | Improper Input Validation |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:24002 | |||
| Oval ID: | oval:org.mitre.oval:def:24002 | ||
| Title: | Buffer overflow when using non-XBL object as XBL | ||
| Description: | The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1524 | Version: | 11 |
| Platform(s): | Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Firefox ESR Mozilla SeaMonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24009 | |||
| Oval ID: | oval:org.mitre.oval:def:24009 | ||
| Title: | Memory safety bugs fixed in Firefox ESR 24.5 and Firefox 29.0 | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1518 | Version: | 11 |
| Platform(s): | Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Firefox ESR Mozilla SeaMonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24042 | |||
| Oval ID: | oval:org.mitre.oval:def:24042 | ||
| Title: | DEPRECATED: ELSA-2014:0448: firefox security update (Critical) | ||
| Description: | Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531) A use-after-free flaw was found in the way Firefox resolved hosts in certain circumstances. An attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1532) An out-of-bounds read flaw was found in the way Firefox decoded JPEG images. Loading a web page containing a specially crafted JPEG image could cause Firefox to crash. (CVE-2014-1523) A flaw was found in the way Firefox handled browser navigations through history. An attacker could possibly use this flaw to cause the address bar of the browser to display a web page name while loading content from an entirely different web page, which could allow for cross-site scripting (XSS) attacks. (CVE-2014-1530) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, Christian Holler, Abhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils, Tyson Smith, and Jesse Schwartzentrube as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.5.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to this updated package, which contains Firefox version 24.5.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014:0448-00 CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 | Version: | 5 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:24175 | |||
| Oval ID: | oval:org.mitre.oval:def:24175 | ||
| Title: | DEPRECATED: ELSA-2014:0449: thunderbird security update (Important) | ||
| Description: | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531) A use-after-free flaw was found in the way Thunderbird resolved hosts in certain circumstances. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1532) An out-of-bounds read flaw was found in the way Thunderbird decoded JPEG images. Loading an email or a web page containing a specially crafted JPEG image could cause Thunderbird to crash. (CVE-2014-1523) A flaw was found in the way Thunderbird handled browser navigations through history. An attacker could possibly use this flaw to cause the address bar of the browser to display a web page name while loading content from an entirely different web page, which could allow for cross-site scripting (XSS) attacks. (CVE-2014-1530) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, Christian Holler, Abhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils, Tyson Smith and Jesse Schwartzentrube as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.5.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.5.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014:0449-00 CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 | Version: | 5 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:24208 | |||
| Oval ID: | oval:org.mitre.oval:def:24208 | ||
| Title: | Use-after-free in the Text Track Manager for HTML video | ||
| Description: | The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) via a crafted VIDEO element in an HTML document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1525 | Version: | 11 |
| Platform(s): | Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24286 | |||
| Oval ID: | oval:org.mitre.oval:def:24286 | ||
| Title: | Privilege escalation through Web Notification API | ||
| Description: | The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1529 | Version: | 11 |
| Platform(s): | Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Firefox ESR Mozilla SeaMonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24349 | |||
| Oval ID: | oval:org.mitre.oval:def:24349 | ||
| Title: | ELSA-2014:0448: firefox security update (Critical) | ||
| Description: | Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531) A use-after-free flaw was found in the way Firefox resolved hosts in certain circumstances. An attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1532) An out-of-bounds read flaw was found in the way Firefox decoded JPEG images. Loading a web page containing a specially crafted JPEG image could cause Firefox to crash. (CVE-2014-1523) A flaw was found in the way Firefox handled browser navigations through history. An attacker could possibly use this flaw to cause the address bar of the browser to display a web page name while loading content from an entirely different web page, which could allow for cross-site scripting (XSS) attacks. (CVE-2014-1530) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, Christian Holler, Abhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils, Tyson Smith, and Jesse Schwartzentrube as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.5.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to this updated package, which contains Firefox version 24.5.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014:0448-00 CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 | Version: | 5 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:24352 | |||
| Oval ID: | oval:org.mitre.oval:def:24352 | ||
| Title: | Use-after-free in nsHostResolver | ||
| Description: | Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1532 | Version: | 11 |
| Platform(s): | Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Firefox ESR Mozilla SeaMonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24428 | |||
| Oval ID: | oval:org.mitre.oval:def:24428 | ||
| Title: | Web Audio memory corruption issues | ||
| Description: | The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via crafted content. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1522 | Version: | 11 |
| Platform(s): | Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24484 | |||
| Oval ID: | oval:org.mitre.oval:def:24484 | ||
| Title: | USN-2159-1 -- nss vulnerability | ||
| Description: | NSS could be made to expose sensitive information over the network. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2159-1 CVE-2014-1492 | Version: | 5 |
| Platform(s): | Ubuntu 13.10 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 10.04 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24507 | |||
| Oval ID: | oval:org.mitre.oval:def:24507 | ||
| Title: | Use-after-free in imgLoader while resizing images | ||
| Description: | Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1531 | Version: | 11 |
| Platform(s): | Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Firefox ESR Mozilla SeaMonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24541 | |||
| Oval ID: | oval:org.mitre.oval:def:24541 | ||
| Title: | Incorrect IDNA domain name matching for wildcard certificates | ||
| Description: | The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1492 | Version: | 11 |
| Platform(s): | Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24581 | |||
| Oval ID: | oval:org.mitre.oval:def:24581 | ||
| Title: | USN-2189-1 -- thunderbird vulnerabilities | ||
| Description: | Several security issues were fixed in Thunderbird. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2189-1 CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 | Version: | 4 |
| Platform(s): | Ubuntu 14.04 Ubuntu 13.10 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24639 | |||
| Oval ID: | oval:org.mitre.oval:def:24639 | ||
| Title: | Out-of-bounds write in Cairo | ||
| Description: | The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1528 | Version: | 11 |
| Platform(s): | Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24667 | |||
| Oval ID: | oval:org.mitre.oval:def:24667 | ||
| Title: | Debugger can bypass XrayWrappers with JavaScript | ||
| Description: | The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped objects. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1526 | Version: | 11 |
| Platform(s): | Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24697 | |||
| Oval ID: | oval:org.mitre.oval:def:24697 | ||
| Title: | Out of bounds read while decoding JPG images | ||
| Description: | Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1523 | Version: | 11 |
| Platform(s): | Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Firefox ESR Mozilla SeaMonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24708 | |||
| Oval ID: | oval:org.mitre.oval:def:24708 | ||
| Title: | ELSA-2014:0449: thunderbird security update (Important) | ||
| Description: | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531) A use-after-free flaw was found in the way Thunderbird resolved hosts in certain circumstances. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1532) An out-of-bounds read flaw was found in the way Thunderbird decoded JPEG images. Loading an email or a web page containing a specially crafted JPEG image could cause Thunderbird to crash. (CVE-2014-1523) A flaw was found in the way Thunderbird handled browser navigations through history. An attacker could possibly use this flaw to cause the address bar of the browser to display a web page name while loading content from an entirely different web page, which could allow for cross-site scripting (XSS) attacks. (CVE-2014-1530) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, Christian Holler, Abhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils, Tyson Smith and Jesse Schwartzentrube as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.5.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.5.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014:0449-00 CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 | Version: | 5 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:24710 | |||
| Oval ID: | oval:org.mitre.oval:def:24710 | ||
| Title: | Cross-site scripting (XSS) using history navigations | ||
| Description: | The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1530 | Version: | 11 |
| Platform(s): | Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Firefox ESR Mozilla SeaMonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24716 | |||
| Oval ID: | oval:org.mitre.oval:def:24716 | ||
| Title: | Memory safety bugs fixed in Firefox 29.0 | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1519 | Version: | 11 |
| Platform(s): | Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla SeaMonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24829 | |||
| Oval ID: | oval:org.mitre.oval:def:24829 | ||
| Title: | RHSA-2014:0449: thunderbird security update (Important) | ||
| Description: | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531) A use-after-free flaw was found in the way Thunderbird resolved hosts in certain circumstances. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1532) An out-of-bounds read flaw was found in the way Thunderbird decoded JPEG images. Loading an email or a web page containing a specially crafted JPEG image could cause Thunderbird to crash. (CVE-2014-1523) A flaw was found in the way Thunderbird handled browser navigations through history. An attacker could possibly use this flaw to cause the address bar of the browser to display a web page name while loading content from an entirely different web page, which could allow for cross-site scripting (XSS) attacks. (CVE-2014-1530) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, Christian Holler, Abhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils, Tyson Smith and Jesse Schwartzentrube as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.5.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.5.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0449-00 CESA-2014:0449 CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24839 | |||
| Oval ID: | oval:org.mitre.oval:def:24839 | ||
| Title: | USN-2185-1 -- firefox vulnerabilities | ||
| Description: | Firefox could be made to crash or run programs as your login if it opened a malicious website. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2185-1 CVE-2014-1518 CVE-2014-1519 CVE-2014-1522 CVE-2014-1523 CVE-2014-1524 CVE-2014-1525 CVE-2014-1528 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1492 CVE-2014-1532 CVE-2014-1526 | Version: | 4 |
| Platform(s): | Ubuntu 14.04 Ubuntu 13.10 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24845 | |||
| Oval ID: | oval:org.mitre.oval:def:24845 | ||
| Title: | RHSA-2014:0448: firefox security update (Critical) | ||
| Description: | Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531) A use-after-free flaw was found in the way Firefox resolved hosts in certain circumstances. An attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1532) An out-of-bounds read flaw was found in the way Firefox decoded JPEG images. Loading a web page containing a specially crafted JPEG image could cause Firefox to crash. (CVE-2014-1523) A flaw was found in the way Firefox handled browser navigations through history. An attacker could possibly use this flaw to cause the address bar of the browser to display a web page name while loading content from an entirely different web page, which could allow for cross-site scripting (XSS) attacks. (CVE-2014-1530) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, Christian Holler, Abhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils, Tyson Smith, and Jesse Schwartzentrube as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.5.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to this updated package, which contains Firefox version 24.5.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0448-00 CESA-2014:0448 CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25501 | |||
| Oval ID: | oval:org.mitre.oval:def:25501 | ||
| Title: | SUSE-SU-2014:0665-1 -- Security update for Mozilla Firefox | ||
| Description: | This Mozilla Firefox and Mozilla NSS update fixes several security and non-security issues. Mozilla Firefox has been updated to 24.5.0esr which fixes the following issues: * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards * MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG images * MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object as XBL * MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web Notification API * MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history navigations * MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while resizing images * MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver Mozilla NSS has been updated to 3.16 * required for Firefox 29 * CVE-2014-1492_ In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. * Update of root certificates. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2014:0665-1 CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 CVE-2014-1492 | Version: | 5 |
| Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26141 | |||
| Oval ID: | oval:org.mitre.oval:def:26141 | ||
| Title: | DSA-2994-1 -- nss - security update | ||
| Description: | Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2994-1 CVE-2013-1741 CVE-2013-5606 CVE-2014-1491 CVE-2014-1492 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26168 | |||
| Oval ID: | oval:org.mitre.oval:def:26168 | ||
| Title: | RHSA-2014:1073: nss, nss-util, nss-softokn security, bug fix, and enhancement update (Low) | ||
| Description: | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv3, TLS, and other security standards. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:1073-00 CESA-2014:1073 CVE-2014-1492 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 7 CentOS Linux 7 | Product(s): | nss nss-softokn nss-util |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27348 | |||
| Oval ID: | oval:org.mitre.oval:def:27348 | ||
| Title: | DEPRECATED: ELSA-2014-0449 -- thunderbird security update (important) | ||
| Description: | [24.5.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [24.5.0-1] - Update to 24.5.0 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-0449 CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27391 | |||
| Oval ID: | oval:org.mitre.oval:def:27391 | ||
| Title: | DEPRECATED: ELSA-2014-0448 -- firefox security update (critical) | ||
| Description: | [24.5.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Build with nspr-devel >= 4.10.0 to fix build failure [24.5.0-1] - Update to 24.5.0 ESR [24.4.0-3] - Added a workaround for Bug 1054242 - RHEVM: Extremely high memory usage in Firefox 24 ESR on RHEL 6.5 [24.4.0-2] - fixed rhbz#1067343 - Broken languagepack configuration after firefox update | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-0448 CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2014-05-01 | IAVM : 2014-A-0064 - Multiple Vulnerabilities in Mozilla Products Severity : Category I - VMSKEY : V0050011 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-05-18 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL16716.nasl - Type : ACT_GATHER_INFO |
| 2015-05-29 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-533.nasl - Type : ACT_GATHER_INFO |
| 2015-05-29 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-532.nasl - Type : ACT_GATHER_INFO |
| 2015-05-29 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-531.nasl - Type : ACT_GATHER_INFO |
| 2015-05-29 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-530.nasl - Type : ACT_GATHER_INFO |
| 2015-05-29 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-529.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-0727-1.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-0665-2.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-0665-1.nasl - Type : ACT_GATHER_INFO |
| 2015-04-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201504-01.nasl - Type : ACT_GATHER_INFO |
| 2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-23.nasl - Type : ACT_GATHER_INFO |
| 2015-03-19 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-059.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-0979.nasl - Type : ACT_GATHER_INFO |
| 2014-10-31 | Name : The remote host is affected by multiple vulnerabilities. File : oracle_opensso_agent_cpu_oct_2014.nasl - Type : ACT_GATHER_INFO |
| 2014-10-01 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1246.nasl - Type : ACT_GATHER_INFO |
| 2014-09-29 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140916_nss_and_nspr_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2014-09-18 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1246.nasl - Type : ACT_GATHER_INFO |
| 2014-09-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1246.nasl - Type : ACT_GATHER_INFO |
| 2014-08-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1073.nasl - Type : ACT_GATHER_INFO |
| 2014-08-19 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1073.nasl - Type : ACT_GATHER_INFO |
| 2014-08-19 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1073.nasl - Type : ACT_GATHER_INFO |
| 2014-08-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2994.nasl - Type : ACT_GATHER_INFO |
| 2014-07-31 | Name : The remote host is running software with multiple vulnerabilities. File : oracle_traffic_director_july_2014_cpu.nasl - Type : ACT_GATHER_INFO |
| 2014-07-23 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140722_nss_and_nspr_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2014-07-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0917.nasl - Type : ACT_GATHER_INFO |
| 2014-07-23 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0917.nasl - Type : ACT_GATHER_INFO |
| 2014-07-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0917.nasl - Type : ACT_GATHER_INFO |
| 2014-07-18 | Name : A web proxy server on the remote host is affected by multiple vulnerabilities. File : iplanet_web_proxy_4_0_24.nasl - Type : ACT_GATHER_INFO |
| 2014-07-18 | Name : The remote web server is affected by multiple vulnerabilities. File : sun_java_web_server_7_0_20.nasl - Type : ACT_GATHER_INFO |
| 2014-07-18 | Name : The remote web server is affected by multiple vulnerabilities. File : glassfish_cpu_jul_2014.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-361.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-354.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-336.nasl - Type : ACT_GATHER_INFO |
| 2014-05-14 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-201404-140501.nasl - Type : ACT_GATHER_INFO |
| 2014-05-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2924.nasl - Type : ACT_GATHER_INFO |
| 2014-05-03 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-5829.nasl - Type : ACT_GATHER_INFO |
| 2014-05-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2918.nasl - Type : ACT_GATHER_INFO |
| 2014-05-02 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2014-5833.nasl - Type : ACT_GATHER_INFO |
| 2014-05-01 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2014-0448.nasl - Type : ACT_GATHER_INFO |
| 2014-05-01 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2014-0448.nasl - Type : ACT_GATHER_INFO |
| 2014-05-01 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2014-0449.nasl - Type : ACT_GATHER_INFO |
| 2014-05-01 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2014-0449.nasl - Type : ACT_GATHER_INFO |
| 2014-05-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140429_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2014-05-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140429_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2014-05-01 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2189-1.nasl - Type : ACT_GATHER_INFO |
| 2014-04-30 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2185-1.nasl - Type : ACT_GATHER_INFO |
| 2014-04-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0449.nasl - Type : ACT_GATHER_INFO |
| 2014-04-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0448.nasl - Type : ACT_GATHER_INFO |
| 2014-04-30 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_985d4d6ccfbd11e3a003b4b52fce4ce8.nasl - Type : ACT_GATHER_INFO |
| 2014-04-29 | Name : The remote Windows host contains a web browser that is potentially affected b... File : seamonkey_2_26.nasl - Type : ACT_GATHER_INFO |
| 2014-04-29 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_24_5.nasl - Type : ACT_GATHER_INFO |
| 2014-04-29 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_29.nasl - Type : ACT_GATHER_INFO |
| 2014-04-29 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_24_5_esr.nasl - Type : ACT_GATHER_INFO |
| 2014-04-29 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_24_5.nasl - Type : ACT_GATHER_INFO |
| 2014-04-29 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_29.nasl - Type : ACT_GATHER_INFO |
| 2014-04-29 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_24_5_esr.nasl - Type : ACT_GATHER_INFO |
| 2014-04-03 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2159-1.nasl - Type : ACT_GATHER_INFO |
| 2014-03-31 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2014-086-04.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2016-01-22 09:26:53 |
|
| 2014-05-01 13:28:37 |
|
| 2014-05-01 13:24:45 |
|
| 2014-04-30 17:22:21 |
|
| 2014-04-30 00:18:20 |
|
