Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Firefox and xulrunner vulnerabilities
Informations
Name USN-645-1 First vendor Publication 2008-09-24
Vendor Ubuntu Last vendor Modification 2008-09-24
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 7.04:
firefox 2.0.0.17+0nobinonly-0ubuntu0.7.4

Ubuntu 7.10:
firefox 2.0.0.17+1nobinonly-0ubuntu0.7.10

Ubuntu 8.04 LTS:
firefox-3.0 3.0.2+build6+nobinonly-0ubuntu0.8.04.1
xulrunner-1.9 1.9.0.2+build6+nobinonly-0ubuntu0.8.04.1

After a standard system upgrade you need to restart Firefox and any applications that use xulrunner, such as Epiphany, to effect the necessary changes.

Details follow:

Justin Schuh, Tom Cross and Peter Williams discovered errors in the Firefox URL parsing routines. If a user were tricked into opening a crafted hyperlink, an attacker could overflow a stack buffer and execute arbitrary code. (CVE-2008-0016)

It was discovered that the same-origin check in Firefox could be bypassed. If a user were tricked into opening a malicious website, an attacker may be able to execute JavaScript in the context of a different website. (CVE-2008-3835)

Several problems were discovered in the JavaScript engine. This could allow an attacker to execute scripts from page content with chrome privileges. (CVE-2008-3836)

Paul Nickerson discovered Firefox did not properly process mouse click events. If a user were tricked into opening a malicious web page, an attacker could move the content window, which could potentially be used to force a user to perform unintended drag and drop operations. (CVE-2008-3837)

Several problems were discovered in the browser engine. This could allow an attacker to execute code with chrome privileges. (CVE-2008-4058, CVE-2008-4059, CVE-2008-4060)

Drew Yao, David Maciejak and other Mozilla developers found several problems in the browser engine of Firefox. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064)

Dave Reed discovered a flaw in the JavaScript parsing code when processing certain BOM characters. An attacker could exploit this to bypass script filters and perform cross-site scripting attacks. (CVE-2008-4065)

Gareth Heyes discovered a flaw in the HTML parser of Firefox. If a user were tricked into opening a malicious web page, an attacker could bypass script filtering and perform cross-site scripting attacks. (CVE-2008-4066)

Boris Zbarsky and Georgi Guninski independently discovered flaws in the resource: protocol. An attacker could exploit this to perform directory traversal, read information about the system, and prompt the user to save information in a file. (CVE-2008-4067, CVE-2008-4068)

Billy Hoffman discovered a problem in the XBM decoder. If a user were tricked into opening a malicious web page or XBM file, an attacker may be able to cause a denial of service via application crash. (CVE-2008-4069)

Original Source

Url : http://www.ubuntu.com/usn/USN-645-1

CWE : Common Weakness Enumeration

% Id Name
36 % CWE-264 Permissions, Privileges, and Access Controls
14 % CWE-399 Resource Management Errors
14 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
14 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)
7 % CWE-200 Information Exposure
7 % CWE-189 Numeric Errors (CWE/SANS Top 25)
7 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10206
 
Oval ID: oval:org.mitre.oval:def:10206
Title: Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp.
Description: Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4062
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10770
 
Oval ID: oval:org.mitre.oval:def:10770
Title: Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI.
Description: Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4067
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10794
 
Oval ID: oval:org.mitre.oval:def:10794
Title: Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine.
Description: Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4061
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11000
 
Oval ID: oval:org.mitre.oval:def:11000
Title: The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file.
Description: The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4069
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11151
 
Oval ID: oval:org.mitre.oval:def:11151
Title: Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames.
Description: Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4063
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11383
 
Oval ID: oval:org.mitre.oval:def:11383
Title: Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug."
Description: Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug."
Family: unix Class: vulnerability
Reference(s): CVE-2008-4065
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11471
 
Oval ID: oval:org.mitre.oval:def:11471
Title: Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI.
Description: Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4068
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11579
 
Oval ID: oval:org.mitre.oval:def:11579
Title: Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.
Description: Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.
Family: unix Class: vulnerability
Reference(s): CVE-2008-0016
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11607
 
Oval ID: oval:org.mitre.oval:def:11607
Title: Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT.
Description: Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4060
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11743
 
Oval ID: oval:org.mitre.oval:def:11743
Title: Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert messagebox in the cairo_surface_set_device_offset function, (2) integer overflows when handling animated PNG data in the info_callback function in nsPNGDecoder.cpp, and (3) an integer overflow when handling SVG data in the nsSVGFEGaussianBlurElement::SetupPredivide function in nsSVGFilters.cpp.
Description: Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert messagebox in the cairo_surface_set_device_offset function, (2) integer overflows when handling animated PNG data in the info_callback function in nsPNGDecoder.cpp, and (3) an integer overflow when handling SVG data in the nsSVGFEGaussianBlurElement::SetupPredivide function in nsSVGFilters.cpp.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4064
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17626
 
Oval ID: oval:org.mitre.oval:def:17626
Title: USN-645-1 -- firefox, firefox-3.0, xulrunner-1.9 vulnerabilities
Description: Justin Schuh, Tom Cross and Peter Williams discovered errors in the Firefox URL parsing routines.
Family: unix Class: patch
Reference(s): USN-645-1
CVE-2008-0016
CVE-2008-3835
CVE-2008-3836
CVE-2008-3837
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4063
CVE-2008-4064
CVE-2008-4065
CVE-2008-4066
CVE-2008-4067
CVE-2008-4068
CVE-2008-4069
 Version: 7
Platform(s): Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04
 Product(s): firefox
firefox-3.0
xulrunner-1.9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17661
 
Oval ID: oval:org.mitre.oval:def:17661
Title: USN-645-3 -- firefox-3.0, xulrunner-1.9 regression
Description: USN-645-1 fixed vulnerabilities in Firefox and xulrunner.
Family: unix Class: patch
Reference(s): USN-645-3
CVE-2008-0016
CVE-2008-3835
CVE-2008-3836
CVE-2008-3837
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4063
CVE-2008-4064
CVE-2008-4065
CVE-2008-4066
CVE-2008-4067
CVE-2008-4068
CVE-2008-4069
 Version: 7
Platform(s): Ubuntu 8.04
 Product(s): firefox-3.0
xulrunner-1.9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17769
 
Oval ID: oval:org.mitre.oval:def:17769
Title: USN-645-2 -- firefox vulnerabilities
Description: USN-645-1 fixed vulnerabilities in Firefox and xulrunner for Ubuntu 7.04, 7.10 and 8.04 LTS.
Family: unix Class: patch
Reference(s): USN-645-2
CVE-2008-0016
CVE-2008-3835
CVE-2008-3836
CVE-2008-3837
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4063
CVE-2008-4064
CVE-2008-4065
CVE-2008-4066
CVE-2008-4067
CVE-2008-4068
CVE-2008-4069
 Version: 7
Platform(s): Ubuntu 6.06
 Product(s): firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19884
 
Oval ID: oval:org.mitre.oval:def:19884
Title: DSA-1649-1 iceweasel - several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser.
Family: unix Class: patch
Reference(s): DSA-1649-1
CVE-2008-0016
CVE-2008-3835
CVE-2008-3836
CVE-2008-3837
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4065
CVE-2008-4066
CVE-2008-4067
CVE-2008-4068
CVE-2008-4069
 Version: 5
Platform(s): Debian GNU/Linux 4.0
 Product(s): iceweasel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22483
 
Oval ID: oval:org.mitre.oval:def:22483
Title: ELSA-2008:0879: firefox security update (Critical)
Description: Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI.
Family: unix Class: patch
Reference(s): ELSA-2008:0879-01
CVE-2008-3837
CVE-2008-4058
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4063
CVE-2008-4064
CVE-2008-4065
CVE-2008-4067
CVE-2008-4068
 Version: 45
Platform(s): Oracle Linux 5
 Product(s): firefox
devhelp
nss
xulrunner
yelp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29008
 
Oval ID: oval:org.mitre.oval:def:29008
Title: RHSA-2008:0879 -- firefox security update (Critical)
Description: All firefox users should upgrade to this updated package, which contains backported patches that correct these issues.
Family: unix Class: patch
Reference(s): RHSA-2008:0879
CESA-2008:0879-CentOS 5
CVE-2008-3837
CVE-2008-4058
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4063
CVE-2008-4064
CVE-2008-4065
CVE-2008-4067
CVE-2008-4068
 Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
CentOS Linux 5
 Product(s): firefox
devhelp
nss
xulrunner
yelp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7657
 
Oval ID: oval:org.mitre.oval:def:7657
Title: DSA-1649 iceweasel -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. moz_bug_r_a4 discovered that the same-origin check in nsXMLDocument::OnChannelRedirect() could by bypassed. moz_bug_r_a4 discovered that several vulnerabilities in feedWriter could lead to Chrome privilege escalation. Paul Nickerson discovered that an attacker could move windows during a mouse click, resulting in unwanted action triggered by drag-and-drop. moz_bug_r_a4 discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. moz_bug_r_a4 discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. Olli Pettay and moz_bug_r_a4 discovered a Chrome privilege escalation vulnerability in XSLT handling. Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string. Gareth Heyes discovered that some Unicode surrogate characters are ignored by the HTML parser. Boris Zbarsky discovered that resource: URLs allow directory traversal when using URL-encoded slashes. Georgi Guninski discovered that resource: URLs could bypass local access restrictions. Billy Hoffman discovered that the XBM decoder could reveal uninitialised memory.
Family: unix Class: patch
Reference(s): DSA-1649
CVE-2008-0016
CVE-2008-3835
CVE-2008-3836
CVE-2008-3837
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4065
CVE-2008-4066
CVE-2008-4067
CVE-2008-4068
CVE-2008-4069
 Version: 3
Platform(s): Debian GNU/Linux 4.0
 Product(s): iceweasel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8880
 
Oval ID: oval:org.mitre.oval:def:8880
Title: Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "javascript" sequence, aka "HTML escaped low surrogates bug."
Description: Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav&#56325ascript" sequence, aka "HTML escaped low surrogates bug."
Family: unix Class: vulnerability
Reference(s): CVE-2008-4066
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9529
 
Oval ID: oval:org.mitre.oval:def:9529
Title: The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.
Description: The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4059
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9643
 
Oval ID: oval:org.mitre.oval:def:9643
Title: The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.
Description: The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2008-3835
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9679
 
Oval ID: oval:org.mitre.oval:def:9679
Title: The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS.
Description: The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4058
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9950
 
Oval ID: oval:org.mitre.oval:def:9950
Title: Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823.
Description: Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823.
Family: unix Class: vulnerability
Reference(s): CVE-2008-3837
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 149
Application 33
Application 81
Os 6
Os 1

SAINT Exploits

Description Link
Mozilla Firefox UTF-8 URL buffer overflow More info here

ExploitDB Exploits

id Description
2009-09-14 Mozilla Firefox 2.0.0.16 UTF-8 URL Remote Buffer Overflow Exploit

OpenVAS Exploits

Date Description
2009-10-13 Name : SLES10: Security update for Mozilla
File : nvt/sles10_gecko-sdk.nasl
2009-10-13 Name : SLES10: Security update for MozillaFirefox
File : nvt/sles10_MozillaFirefox4.nasl
2009-10-10 Name : SLES9: Security update for Epiphany and Mozilla
File : nvt/sles9p5036604.nasl
2009-06-03 Name : Solaris Update for Mozilla 1.7 125539-06
File : nvt/gb_solaris_125539_06.nasl
2009-06-03 Name : Solaris Update for Mozilla Firefox Web browser 125540-06
File : nvt/gb_solaris_125540_06.nasl
2009-04-09 Name : Mandriva Update for mozilla-firefox MDVSA-2008:205 (mozilla-firefox)
File : nvt/gb_mandriva_MDVSA_2008_205.nasl
2009-04-09 Name : Mandriva Update for mozilla-thunderbird MDVSA-2008:206 (mozilla-thunderbird)
File : nvt/gb_mandriva_MDVSA_2008_206.nasl
2009-03-23 Name : Ubuntu Update for firefox, firefox-3.0, xulrunner-1.9 vulnerabilities USN-645-1
File : nvt/gb_ubuntu_USN_645_1.nasl
2009-03-23 Name : Ubuntu Update for mozilla-thunderbird, thunderbird vulnerabilities USN-647-1
File : nvt/gb_ubuntu_USN_647_1.nasl
2009-03-23 Name : Ubuntu Update for firefox-3.0, xulrunner-1.9 regression USN-645-3
File : nvt/gb_ubuntu_USN_645_3.nasl
2009-03-23 Name : Ubuntu Update for firefox vulnerabilities USN-645-2
File : nvt/gb_ubuntu_USN_645_2.nasl
2009-03-06 Name : RedHat Update for thunderbird RHSA-2008:0908-01
File : nvt/gb_RHSA-2008_0908-01_thunderbird.nasl
2009-03-06 Name : RedHat Update for firefox RHSA-2008:0879-01
File : nvt/gb_RHSA-2008_0879-01_firefox.nasl
2009-03-06 Name : RedHat Update for seamonkey RHSA-2008:0882-01
File : nvt/gb_RHSA-2008_0882-01_seamonkey.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:0882-01 centos2 i386
File : nvt/gb_CESA-2008_0882-01_seamonkey_centos2_i386.nasl
2009-02-27 Name : CentOS Update for thunderbird CESA-2008:0908 centos4 x86_64
File : nvt/gb_CESA-2008_0908_thunderbird_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for thunderbird CESA-2008:0908 centos4 i386
File : nvt/gb_CESA-2008_0908_thunderbird_centos4_i386.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:0882 centos3 x86_64
File : nvt/gb_CESA-2008_0882_seamonkey_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:0882 centos3 i386
File : nvt/gb_CESA-2008_0882_seamonkey_centos3_i386.nasl
2009-02-17 Name : Fedora Update for epiphany-extensions FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_epiphany-extensions_fc9.nasl
2009-02-17 Name : Fedora Update for epiphany FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_epiphany_fc9.nasl
2009-02-17 Name : Fedora Update for evolution-rss FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_evolution-rss_fc9.nasl
2009-02-17 Name : Fedora Update for firefox FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_firefox_fc9.nasl
2009-02-17 Name : Fedora Update for galeon FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_galeon_fc9.nasl
2009-02-17 Name : Fedora Update for gnome-python2-extras FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_gnome-python2-extras_fc9.nasl
2009-02-17 Name : Fedora Update for gnome-web-photo FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_gnome-web-photo_fc9.nasl
2009-02-17 Name : Fedora Update for google-gadgets FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_google-gadgets_fc9.nasl
2009-02-17 Name : Fedora Update for gtkmozembedmm FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_gtkmozembedmm_fc9.nasl
2009-02-17 Name : Fedora Update for kazehakase FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_kazehakase_fc9.nasl
2009-02-17 Name : Fedora Update for mozvoikko FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_mozvoikko_fc9.nasl
2009-02-17 Name : Fedora Update for mugshot FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_mugshot_fc9.nasl
2009-02-17 Name : Fedora Update for ruby-gnome2 FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_ruby-gnome2_fc9.nasl
2009-02-17 Name : Fedora Update for totem FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_totem_fc9.nasl
2009-02-17 Name : Fedora Update for xulrunner FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_xulrunner_fc9.nasl
2009-02-17 Name : Fedora Update for yelp FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_yelp_fc9.nasl
2009-02-17 Name : Fedora Update for seamonkey FEDORA-2008-8429
File : nvt/gb_fedora_2008_8429_seamonkey_fc9.nasl
2009-02-17 Name : Fedora Update for thunderbird FEDORA-2008-9807
File : nvt/gb_fedora_2008_9807_thunderbird_fc8.nasl
2009-02-17 Name : Fedora Update for thunderbird FEDORA-2008-9859
File : nvt/gb_fedora_2008_9859_thunderbird_fc9.nasl
2009-02-17 Name : Fedora Update for Miro FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_Miro_fc9.nasl
2009-02-17 Name : Fedora Update for chmsee FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_chmsee_fc9.nasl
2009-02-17 Name : Fedora Update for Miro FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_Miro_fc8.nasl
2009-02-17 Name : Fedora Update for blam FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_blam_fc8.nasl
2009-02-17 Name : Fedora Update for cairo-dock FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_cairo-dock_fc8.nasl
2009-02-17 Name : Fedora Update for chmsee FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_chmsee_fc8.nasl
2009-02-17 Name : Fedora Update for devhelp FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_devhelp_fc8.nasl
2009-02-17 Name : Fedora Update for epiphany-extensions FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_epiphany-extensions_fc8.nasl
2009-02-17 Name : Fedora Update for epiphany FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_epiphany_fc8.nasl
2009-02-17 Name : Fedora Update for evolution-rss FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_evolution-rss_fc8.nasl
2009-02-17 Name : Fedora Update for firefox FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_firefox_fc8.nasl
2009-02-17 Name : Fedora Update for galeon FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_galeon_fc8.nasl
2009-02-17 Name : Fedora Update for gnome-python2-extras FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_gnome-python2-extras_fc8.nasl
2009-02-17 Name : Fedora Update for gtkmozembedmm FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_gtkmozembedmm_fc8.nasl
2009-02-17 Name : Fedora Update for devhelp FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_devhelp_fc9.nasl
2009-02-17 Name : Fedora Update for cairo-dock FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_cairo-dock_fc9.nasl
2009-02-17 Name : Fedora Update for blam FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_blam_fc9.nasl
2009-02-17 Name : Fedora Update for seamonkey FEDORA-2008-8401
File : nvt/gb_fedora_2008_8401_seamonkey_fc8.nasl
2009-02-17 Name : Fedora Update for yelp FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_yelp_fc8.nasl
2009-02-17 Name : Fedora Update for ruby-gnome2 FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_ruby-gnome2_fc8.nasl
2009-02-17 Name : Fedora Update for openvrml FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_openvrml_fc8.nasl
2009-02-17 Name : Fedora Update for liferea FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_liferea_fc8.nasl
2009-02-17 Name : Fedora Update for kazehakase FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_kazehakase_fc8.nasl
2009-02-17 Name : Fedora Update for gnome-web-photo FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_gnome-web-photo_fc8.nasl
2009-01-23 Name : SuSE Update for MozillaFirefox,MozillaThunderbird,seamonkey,mozilla SUSE-SA:...
File : nvt/gb_suse_2008_050.nasl
2009-01-13 Name : Debian Security Advisory DSA 1697-1 (iceape)
File : nvt/deb_1697_1.nasl
2009-01-13 Name : Debian Security Advisory DSA 1696-1 (icedove)
File : nvt/deb_1696_1.nasl
2008-11-24 Name : Debian Security Advisory DSA 1669-1 (xulrunner)
File : nvt/deb_1669_1.nasl
2008-11-01 Name : Debian Security Advisory DSA 1649-1 (iceweasel)
File : nvt/deb_1649_1.nasl
2008-09-24 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox34.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-270-01 mozilla-thunderbird
File : nvt/esoft_slk_ssa_2008_270_01.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-269-02 seamonkey
File : nvt/esoft_slk_ssa_2008_269_02.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-269-01 mozilla-firefox
File : nvt/esoft_slk_ssa_2008_269_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
56782 Mozilla Firefox feedWriter Feed Preview Multiple Function Remote Script Execu...
48780 Mozilla Multiple Products URL Parsing Implementation Crafted UTF-8 URL Arbitr...
48779 Mozilla Multiple Products XBM Decoder Image File Handling Arbitrary Memory Di...
48773 Mozilla Multiple Product nsXMLDocument::OnChannelRedirect Function Same Origi...
48771 Mozilla Firefox HTML Escaped Low Surrogates XSS
48770 Mozilla Firefox XPConnect Component SCRIPT Element Privileged Code Execution
48769 Mozilla Multiple Products resource URI Traversal Access Restriction Bypass
48768 Mozilla Multiple Products window.moveBy Crafted onmousedown drag-and-drop Act...
48767 Mozilla Firefox nsSVGFilters.cpp nsSVGFEGaussianBlurElement::SetupPredivide F...
48766 Mozilla Firefox nsPNGDecoder.cpp info_callback Function Animated PNG Data Han...
48765 Mozilla Firefox cairo_surface_set_device_offset Function alert messagebox Han...
48764 Mozilla Firefox nsFrameList::SortByContentOrder Function Memory Corruption
48763 Mozilla Firefox indic IME Extension Memory Corruption
48762 Mozilla Firefox nsContentList::Item Function this Variable Memory Corruption
48761 Mozilla Multiple Products on Linux URL-encoded resource URI Traversal Arbitra...
48760 Mozilla Multiple Products Stripped BOM Character XSS
48759 Mozilla Multiple Products MathML Component rowspan Attribute Handling Memory ...
48751 Mozilla Multiple Products nsJSNPRuntime.cpp nsNPObjWrapper::GetNewOrUsed Func...
48750 Mozilla Multiple Products nsEscape.cpp nsEscapeCount Function Memory Corruption
48749 Mozilla Multiple Products jsxml.c Namespace / Qname Characteristic Handling M...
48748 Mozilla Multiple Products XSLT Arbitrary Script Execution
48747 Mozilla Multiple Products document.loadBindingDocument() Arbitrary Script Exe...
48746 Mozilla Multiple Products XPCNativeWrappers Pollution Arbitrary Code Execution

Snort® IPS/IDS

Date Description
2017-08-29 Mozilla Firefox BOM character cross site scripting attempt
RuleID : 43749 - Revision : 2 - Type : BROWSER-FIREFOX
2017-08-29 Mozilla Firefox BOM character cross site scripting attempt
RuleID : 43748 - Revision : 2 - Type : BROWSER-FIREFOX
2017-08-23 Mozilla products obfuscated cross site scripting attempt
RuleID : 43673 - Revision : 3 - Type : BROWSER-FIREFOX
2017-08-23 Mozilla products obfuscated cross site scripting attempt
RuleID : 43672 - Revision : 3 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow
RuleID : 17519 - Revision : 9 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox Animated PNG Processing integer overflow attempt
RuleID : 17379 - Revision : 14 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox Animated PNG Processing integer overflow attempt
RuleID : 17378 - Revision : 15 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox animated PNG processing integer overflow
RuleID : 15191 - Revision : 11 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0879.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0882.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2008-0908.nasl - Type : ACT_GATHER_INFO
2013-03-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-645-2.nasl - Type : ACT_GATHER_INFO
2013-01-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080923_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080923_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20081001_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0879.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaFirefox-081002.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaThunderbird-081003.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_mozilla-xulrunner181-081002.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_mozilla-xulrunner190-081002.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_seamonkey-081003.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-647-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-645-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-206.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-645-3.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-205.nasl - Type : ACT_GATHER_INFO
2009-01-08 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1696.nasl - Type : ACT_GATHER_INFO
2009-01-08 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1697.nasl - Type : ACT_GATHER_INFO
2008-11-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1669.nasl - Type : ACT_GATHER_INFO
2008-11-21 Name : The remote Fedora host is missing a security update.
File : fedora_2008-9859.nasl - Type : ACT_GATHER_INFO
2008-11-21 Name : The remote Fedora host is missing a security update.
File : fedora_2008-9807.nasl - Type : ACT_GATHER_INFO
2008-10-09 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1649.nasl - Type : ACT_GATHER_INFO
2008-10-08 Name : The remote openSUSE host is missing a security update.
File : suse_mozilla-xulrunner181-5656.nasl - Type : ACT_GATHER_INFO
2008-10-08 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_gecko-sdk-5654.nasl - Type : ACT_GATHER_INFO
2008-10-07 Name : The remote openSUSE host is missing a security update.
File : suse_seamonkey-5657.nasl - Type : ACT_GATHER_INFO
2008-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_MozillaThunderbird-5655.nasl - Type : ACT_GATHER_INFO
2008-10-06 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2008-0908.nasl - Type : ACT_GATHER_INFO
2008-10-02 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2008-0908.nasl - Type : ACT_GATHER_INFO
2008-10-01 Name : The remote openSUSE host is missing a security update.
File : suse_MozillaFirefox-5640.nasl - Type : ACT_GATHER_INFO
2008-10-01 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-5644.nasl - Type : ACT_GATHER_INFO
2008-09-29 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2008-8425.nasl - Type : ACT_GATHER_INFO
2008-09-29 Name : The remote Fedora host is missing a security update.
File : fedora_2008-8401.nasl - Type : ACT_GATHER_INFO
2008-09-29 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2008-8399.nasl - Type : ACT_GATHER_INFO
2008-09-29 Name : The remote Fedora host is missing a security update.
File : fedora_2008-8429.nasl - Type : ACT_GATHER_INFO
2008-09-28 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-270-01.nasl - Type : ACT_GATHER_INFO
2008-09-26 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-269-01.nasl - Type : ACT_GATHER_INFO
2008-09-26 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-269-02.nasl - Type : ACT_GATHER_INFO
2008-09-26 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_20017.nasl - Type : ACT_GATHER_INFO
2008-09-25 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0882.nasl - Type : ACT_GATHER_INFO
2008-09-24 Name : A web browser on the remote host is affected by multiple vulnerabilities.
File : seamonkey_1112.nasl - Type : ACT_GATHER_INFO
2008-09-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0882.nasl - Type : ACT_GATHER_INFO
2008-09-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0879.nasl - Type : ACT_GATHER_INFO
2008-09-24 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_302.nasl - Type : ACT_GATHER_INFO
2008-09-24 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_20017.nasl - Type : ACT_GATHER_INFO
2008-09-24 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_2273879e8a2f11dda6fe0030843d3802.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:05:18
  • Multiple Updates