Executive Summary

Summary
Title Firefox and Xulrunner vulnerabilities
Informations
Name USN-728-1 First vendor Publication 2009-03-05
Vendor Ubuntu Last vendor Modification 2009-03-05
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS Ubuntu 8.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS:
firefox-3.0 3.0.7+nobinonly-0ubuntu0.8.04.1
xulrunner-1.9 1.9.0.7+nobinonly-0ubuntu0.8.04.1

Ubuntu 8.10:
abrowser 3.0.7+nobinonly-0ubuntu0.8.10.1
firefox-3.0 3.0.7+nobinonly-0ubuntu0.8.10.1
xulrunner-1.9 1.9.0.7+nobinonly-0ubuntu0.8.10.1

After a standard system upgrade you need to restart Firefox and any applications that use xulrunner, such as Epiphany, to effect the necessary changes.

Details follow:

Glenn Randers-Pehrson discovered that the embedded libpng in Firefox did not properly initialize pointers. If a user were tricked into viewing a malicious website with a crafted PNG file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0040)

Martijn Wargers, Jesse Ruderman, Josh Soref, Gary Kwong, and Timothee Groleau discovered flaws in the browser engine. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774)

A flaw was discovered in Firefox's garbage collection process. Under certain circumstances a remote attacker could exploit this to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0775)

Georgi Guninski discovered a flaw when Firefox performed a cross-domain redirect. An attacker could bypass the same-origin policy in Firefox by utilizing nsIRDFService and steal private data from users authenticated to the redirected website. (CVE-2009-0776)

Masahiro Yamada discovered that Firefox did not display control characters in the location bar. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2009-0777)

Original Source

Url : http://www.ubuntu.com/usn/USN-728-1

CWE : Common Weakness Enumeration

% Id Name
71 % CWE-399 Resource Management Errors
14 % CWE-200 Information Exposure
14 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10316
 
Oval ID: oval:org.mitre.oval:def:10316
Title: The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Description: The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0040
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10491
 
Oval ID: oval:org.mitre.oval:def:10491
Title: The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang.
Description: The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0773
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11138
 
Oval ID: oval:org.mitre.oval:def:11138
Title: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0774
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11222
 
Oval ID: oval:org.mitre.oval:def:11222
Title: Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.
Description: Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0777
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11314
 
Oval ID: oval:org.mitre.oval:def:11314
Title: The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.
Description: The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0771
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13052
 
Oval ID: oval:org.mitre.oval:def:13052
Title: USN-730-1 -- libpng vulnerabilities
Description: It was discovered that libpng did not properly perform bounds checking in certain operations. An attacker could send a specially crafted PNG image and cause a denial of service in applications linked against libpng. This issue only affected Ubuntu 8.04 LTS. Tavis Ormandy discovered that libpng did not properly initialize memory. If a user or automated system were tricked into opening a crafted PNG image, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue did not affect Ubuntu 8.10. Harald van Dijk discovered an off-by-one error in libpng. An attacker could could cause an application crash in programs using pngtest. It was discovered that libpng did not properly NULL terminate a keyword string. An attacker could exploit this to set arbitrary memory locations to zero. Glenn Randers-Pehrson discovered that libpng did not properly initialize pointers. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program
Family: unix Class: patch
Reference(s): USN-730-1
CVE-2007-5268
CVE-2007-5269
CVE-2008-1382
CVE-2008-3964
CVE-2008-5907
CVE-2009-0040
Version: 5
Platform(s): Ubuntu 7.10
Ubuntu 8.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): libpng
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13613
 
Oval ID: oval:org.mitre.oval:def:13613
Title: DSA-1750-1 libpng -- several
Description: Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems: The png_handle_tRNS function allows attackers to cause a denial of service via a grayscale PNG image with a bad tRNS chunk CRC value. Certain chunk handlers allow attackers to cause a denial of service via crafted pCAL, sCAL, tEXt, iTXt, and ztXT chunking in PNG images, which trigger out-of-bounds read operations. libpng allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialised memory. The png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords. A memory leak in the png_handle_tEXt function allows context-dependent attackers to cause a denial of service via a crafted PNG file. libpng allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialised pointer in the png_read_png function, pCAL chunk handling, or setup of 16-bit gamma tables. For the old stable distribution, these problems have been fixed in version1.2.15~beta5-1+etch2. For the stable distribution, these problems have been fixed in version 1.2.27-2+lenny2. For the unstable distribution, these problems have been fixed in version 1.2.35-1. We recommend that you upgrade your libpng packages.
Family: unix Class: patch
Reference(s): DSA-1750-1
CVE-2007-2445
CVE-2007-5269
CVE-2008-1382
CVE-2008-5907
CVE-2008-6218
CVE-2009-0040
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): libpng
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13664
 
Oval ID: oval:org.mitre.oval:def:13664
Title: USN-741-1 -- mozilla-thunderbird, thunderbird vulnerabilities
Description: Several flaws were discovered in the browser engine. If Javascript were enabled, an attacker could exploit these flaws to crash Thunderbird and possibly execute arbitrary code with user privileges. Jesse Ruderman and Gary Kwong discovered flaws in the browser engine. If a user had Javascript enabled, these problems could allow a remote attacker to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Georgi Guninski discovered a flaw when Thunderbird performed a cross-domain redirect. If a user had Javascript enabled, an attacker could bypass the same-origin policy in Thunderbird by utilizing nsIRDFService and steal private data from users authenticated to the redirected website
Family: unix Class: patch
Reference(s): USN-741-1
CVE-2009-0352
CVE-2009-0772
CVE-2009-0774
CVE-2009-0776
Version: 5
Platform(s): Ubuntu 7.10
Ubuntu 8.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): mozilla-thunderbird
thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13790
 
Oval ID: oval:org.mitre.oval:def:13790
Title: USN-728-1 -- firefox-3.0, xulrunner-1.9 vulnerabilities
Description: Glenn Randers-Pehrson discovered that the embedded libpng in Firefox did not properly initialize pointers. If a user were tricked into viewing a malicious website with a crafted PNG file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Martijn Wargers, Jesse Ruderman, Josh Soref, Gary Kwong, and Timothee Groleau discovered flaws in the browser engine. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. A flaw was discovered in Firefox�s garbage collection process. Under certain circumstances a remote attacker could exploit this to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Georgi Guninski discovered a flaw when Firefox performed a cross-domain redirect. An attacker could bypass the same-origin policy in Firefox by utilizing nsIRDFService and steal private data from users authenticated to the redirected website. Masahiro Yamada discovered that Firefox did not display control characters in the location bar. An attacker could exploit this to spoof the location bar, such as in a phishing attack
Family: unix Class: patch
Reference(s): USN-728-1
CVE-2009-0040
CVE-2009-0771
CVE-2009-0772
CVE-2009-0773
CVE-2009-0774
CVE-2009-0775
CVE-2009-0776
CVE-2009-0777
Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 8.04
Product(s): firefox-3.0
xulrunner-1.9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13848
 
Oval ID: oval:org.mitre.oval:def:13848
Title: USN-728-3 -- firefox vulnerabilities
Description: Jesse Ruderman and Gary Kwong discovered flaws in the browser engine. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Georgi Guninski discovered a flaw when Firefox performed a cross-domain redirect. An attacker could bypass the same-origin policy in Firefox by utilizing nsIRDFService and steal private data from users authenticated to the redirected website
Family: unix Class: patch
Reference(s): USN-728-3
CVE-2009-0772
CVE-2009-0774
CVE-2009-0776
Version: 5
Platform(s): Ubuntu 6.06
Product(s): firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13894
 
Oval ID: oval:org.mitre.oval:def:13894
Title: USN-728-2 -- firefox vulnerabilities
Description: Jesse Ruderman and Gary Kwong discovered flaws in the browser engine. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Georgi Guninski discovered a flaw when Firefox performed a cross-domain redirect. An attacker could bypass the same-origin policy in Firefox by utilizing nsIRDFService and steal private data from users authenticated to the redirected website
Family: unix Class: patch
Reference(s): USN-728-2
CVE-2009-0772
CVE-2009-0774
CVE-2009-0776
Version: 5
Platform(s): Ubuntu 7.10
Product(s): firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20238
 
Oval ID: oval:org.mitre.oval:def:20238
Title: DSA-1751-1 xulrunner - several vulnerabilities
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser.
Family: unix Class: patch
Reference(s): DSA-1751-1
CVE-2009-0771
CVE-2009-0772
CVE-2009-0773
CVE-2009-0774
CVE-2009-0775
CVE-2009-0776
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22504
 
Oval ID: oval:org.mitre.oval:def:22504
Title: ELSA-2009:0315: firefox security update (Critical)
Description: Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.
Family: unix Class: patch
Reference(s): ELSA-2009:0315-01
CVE-2009-0040
CVE-2009-0771
CVE-2009-0772
CVE-2009-0773
CVE-2009-0774
CVE-2009-0775
CVE-2009-0776
CVE-2009-0777
Version: 37
Platform(s): Oracle Linux 5
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22744
 
Oval ID: oval:org.mitre.oval:def:22744
Title: ELSA-2009:0333: libpng security update (Moderate)
Description: The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Family: unix Class: patch
Reference(s): ELSA-2009:0333-01
CVE-2008-1382
CVE-2009-0040
Version: 13
Platform(s): Oracle Linux 5
Product(s): libpng
libpng10
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22778
 
Oval ID: oval:org.mitre.oval:def:22778
Title: ELSA-2009:0258: thunderbird security update (Moderate)
Description: nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
Family: unix Class: patch
Reference(s): ELSA-2009:0258-01
CVE-2009-0352
CVE-2009-0353
CVE-2009-0355
CVE-2009-0772
CVE-2009-0774
CVE-2009-0775
CVE-2009-0776
Version: 33
Platform(s): Oracle Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29166
 
Oval ID: oval:org.mitre.oval:def:29166
Title: RHSA-2009:0258 -- thunderbird security update (Moderate)
Description: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775)
Family: unix Class: patch
Reference(s): RHSA-2009:0258
CESA-2009:0258-CentOS 5
CVE-2009-0352
CVE-2009-0353
CVE-2009-0355
CVE-2009-0772
CVE-2009-0774
CVE-2009-0775
CVE-2009-0776
Version: 3
Platform(s): Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29196
 
Oval ID: oval:org.mitre.oval:def:29196
Title: RHSA-2009:0333 -- libpng security update (Moderate)
Description: Updated libpng and libpng10 packages that fix a couple of security issues are now available for Red Hat Enterprise Linux 2.1, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was discovered in libpng that could result in libpng trying to freerandom memory if certain, unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an application linked against libpng, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0040)
Family: unix Class: patch
Reference(s): RHSA-2009:0333
CESA-2009:0333-CentOS 2
CVE-2008-1382
CVE-2009-0040
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
CentOS Linux 2
Product(s): libpng
libpng10
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29381
 
Oval ID: oval:org.mitre.oval:def:29381
Title: RHSA-2009:0315 -- firefox security update (Critical)
Description: An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-0040, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0775)
Family: unix Class: patch
Reference(s): RHSA-2009:0315
CESA-2009:0315-CentOS 5
CVE-2009-0040
CVE-2009-0771
CVE-2009-0772
CVE-2009-0773
CVE-2009-0774
CVE-2009-0775
CVE-2009-0776
CVE-2009-0777
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
CentOS Linux 5
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5250
 
Oval ID: oval:org.mitre.oval:def:5250
Title: Mozilla Seamonkey memory corruption Vulnerability
Description: The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0771
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5703
 
Oval ID: oval:org.mitre.oval:def:5703
Title: Mozilla Thunderbird Denial of Service Vulnerability
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0772
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5806
 
Oval ID: oval:org.mitre.oval:def:5806
Title: Mozilla Seamonkey remote code execution Vulnerability
Description: Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0775
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5816
 
Oval ID: oval:org.mitre.oval:def:5816
Title: Mozilla Thunderbird remote code execution Vulnerability
Description: Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0775
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5856
 
Oval ID: oval:org.mitre.oval:def:5856
Title: Mozilla Seamonkey Denial of Service and arbitrary code execution Vulnerabilities
Description: The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0773
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5945
 
Oval ID: oval:org.mitre.oval:def:5945
Title: Mozilla Seamonkey Denial of Service Vulnerability
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0772
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5947
 
Oval ID: oval:org.mitre.oval:def:5947
Title: Mozilla Firefox gczeal (vector) Denial of Service Vulnerability
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0774
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5956
 
Oval ID: oval:org.mitre.oval:def:5956
Title: Mozilla Firefox security bypass Vulnerability
Description: nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0776
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5980
 
Oval ID: oval:org.mitre.oval:def:5980
Title: Mozilla Thunderbird Denial of Service and arbitrary code execution Vulnerabilities
Description: The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0773
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6017
 
Oval ID: oval:org.mitre.oval:def:6017
Title: Mozilla Seamonkey security bypass Vulnerability
Description: nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0776
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6039
 
Oval ID: oval:org.mitre.oval:def:6039
Title: Mozilla Thunderbird Phishing Vulnerability
Description: Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0777
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6057
 
Oval ID: oval:org.mitre.oval:def:6057
Title: Mozilla Seamonkey gczeal (vector) Denial of Service Vulnerability
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0774
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6097
 
Oval ID: oval:org.mitre.oval:def:6097
Title: Mozilla Firefox Denial of Service Vulnerability
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0772
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6121
 
Oval ID: oval:org.mitre.oval:def:6121
Title: Mozilla Thunderbird gczeal (vector) Denial of Service Vulnerability
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0774
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6141
 
Oval ID: oval:org.mitre.oval:def:6141
Title: Mozilla Firefox Denial of Service and arbitrary code execution Vulnerabilities
Description: The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0773
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6157
 
Oval ID: oval:org.mitre.oval:def:6157
Title: Mozilla Firefox Phishing Vulnerability
Description: Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0777
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6163
 
Oval ID: oval:org.mitre.oval:def:6163
Title: Mozilla Thunderbird memory corruption Vulnerability
Description: The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0771
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6191
 
Oval ID: oval:org.mitre.oval:def:6191
Title: Mozilla Thunderbird security bypass Vulnerability
Description: nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0776
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6196
 
Oval ID: oval:org.mitre.oval:def:6196
Title: Mozilla Firefox memory corruption Vulnerability
Description: The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0771
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6207
 
Oval ID: oval:org.mitre.oval:def:6207
Title: Mozilla Firefox remote code execution Vulnerability
Description: Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0775
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6229
 
Oval ID: oval:org.mitre.oval:def:6229
Title: Mozilla Seamonkey Phishing Vulnerability
Description: Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0777
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6458
 
Oval ID: oval:org.mitre.oval:def:6458
Title: Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerability
Description: The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0040
Version: 1
Platform(s): VMWare ESX Server 3
VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6557
 
Oval ID: oval:org.mitre.oval:def:6557
Title: DSA-1750 libpng -- several vulnerabilities
Description: Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems: The png_handle_tRNS function allows attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. Certain chunk handlers allow attackers to cause a denial of service (crash) via crafted pCAL, sCAL, tEXt, iTXt, and ztXT chunking in PNG images, which trigger out-of-bounds read operations. libpng allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialised memory. The png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords. A memory leak in the png_handle_tEXt function allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file. libpng allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialised pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Family: unix Class: patch
Reference(s): DSA-1750
CVE-2007-2445
CVE-2007-5269
CVE-2008-1382
CVE-2008-5907
CVE-2008-6218
CVE-2009-0040
Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): libpng
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6708
 
Oval ID: oval:org.mitre.oval:def:6708
Title: Mozilla Firefox, Thunderbird and Seamonkey Denial of Service and arbitrary code execution Vulnerabilities
Description: The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0773
Version: 19
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6755
 
Oval ID: oval:org.mitre.oval:def:6755
Title: Mozilla Firefox, Thunderbird and Seamonkey memory corruption Vulnerability
Description: The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0771
Version: 19
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6811
 
Oval ID: oval:org.mitre.oval:def:6811
Title: Mozilla Firefox, Thunderbird and Seamonkey Denial of Service Vulnerability
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0772
Version: 19
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6945
 
Oval ID: oval:org.mitre.oval:def:6945
Title: Mozilla Firefox, Thunderbird and Seamonkey gczeal (vector) Denial of Service Vulnerability
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0774
Version: 19
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7390
 
Oval ID: oval:org.mitre.oval:def:7390
Title: Mozilla Firefox, Thunderbird and Seamonkey security bypass Vulnerability
Description: nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0776
Version: 19
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7435
 
Oval ID: oval:org.mitre.oval:def:7435
Title: Mozilla Firefox, Thunderbird and Seamonkey Phishing Vulnerability
Description: Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0777
Version: 19
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7584
 
Oval ID: oval:org.mitre.oval:def:7584
Title: Mozilla Firefox, Thunderbird and Seamonkey remote code execution Vulnerability
Description: Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0775
Version: 19
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7990
 
Oval ID: oval:org.mitre.oval:def:7990
Title: DSA-1751 xulrunner -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Martijn Wargers, Jesse Ruderman and Josh Soref discovered crashes in the layout engine, which might allow the execution of arbitrary code. Jesse Ruderman discovered crashes in the layout engine, which might allow the execution of arbitrary code. Gary Kwong, and Timothee Groleau discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. Gary Kwong discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. It was discovered that incorrect memory management in the DOM element handling may lead to the execution of arbitrary code. Georgi Guninski discovered a violation of the same-origin policy through RDFXMLDataSource and cross-domain redirects. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser.
Family: unix Class: patch
Reference(s): DSA-1751
CVE-2009-0771
CVE-2009-0772
CVE-2009-0773
CVE-2009-0774
CVE-2009-0775
CVE-2009-0776
Version: 3
Platform(s): Debian GNU/Linux 5.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9241
 
Oval ID: oval:org.mitre.oval:def:9241
Title: nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
Description: nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0776
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9609
 
Oval ID: oval:org.mitre.oval:def:9609
Title: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0772
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9681
 
Oval ID: oval:org.mitre.oval:def:9681
Title: Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.
Description: Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0775
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 465
Application 164
Application 36
Application 77
Os 59
Os 63
Os 2
Os 2
Os 3
Os 2
Os 1
Os 1

OpenVAS Exploits

Date Description
2012-10-03 Name : Gentoo Security Advisory GLSA 201209-25 (vmware-server vmware-player vmware-w...
File : nvt/glsa_201209_25.nasl
2011-08-09 Name : CentOS Update for thunderbird CESA-2009:0258 centos4 i386
File : nvt/gb_CESA-2009_0258_thunderbird_centos4_i386.nasl
2011-08-09 Name : CentOS Update for thunderbird CESA-2009:0258 centos5 i386
File : nvt/gb_CESA-2009_0258_thunderbird_centos5_i386.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2009:0315 centos4 i386
File : nvt/gb_CESA-2009_0315_firefox_centos4_i386.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2009:0315 centos5 i386
File : nvt/gb_CESA-2009_0315_firefox_centos5_i386.nasl
2011-08-09 Name : CentOS Update for seamonkey CESA-2009:0325-01 centos2 i386
File : nvt/gb_CESA-2009_0325-01_seamonkey_centos2_i386.nasl
2011-08-09 Name : CentOS Update for libpng10 CESA-2009:0340 centos3 i386
File : nvt/gb_CESA-2009_0340_libpng10_centos3_i386.nasl
2011-08-09 Name : CentOS Update for libpng10 CESA-2009:0333 centos4 i386
File : nvt/gb_CESA-2009_0333_libpng10_centos4_i386.nasl
2011-08-09 Name : CentOS Update for libpng CESA-2009:0333-01 centos2 i386
File : nvt/gb_CESA-2009_0333-01_libpng_centos2_i386.nasl
2011-08-09 Name : CentOS Update for seamonkey CESA-2009:0325 centos4 i386
File : nvt/gb_CESA-2009_0325_seamonkey_centos4_i386.nasl
2011-08-09 Name : CentOS Update for seamonkey CESA-2009:0325 centos3 i386
File : nvt/gb_CESA-2009_0325_seamonkey_centos3_i386.nasl
2010-05-12 Name : Mac OS X 10.5.8 Update / Mac OS X Security Update 2009-003
File : nvt/macosx_upd_10_5_8_secupd_2009-003.nasl
2010-05-12 Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002
File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-13 Name : SLES10: Security update for libpng
File : nvt/sles10_libpng0.nasl
2009-10-13 Name : SLES10: Security update for libpng
File : nvt/sles10_libpng.nasl
2009-10-13 Name : SLES10: Security update for MozillaFirefox
File : nvt/sles10_MozillaFirefox3.nasl
2009-10-11 Name : SLES11: Security update for MozillaFirefox
File : nvt/sles11_MozillaFirefox.nasl
2009-10-11 Name : SLES11: Security update for libpng
File : nvt/sles11_libpng12-0.nasl
2009-10-10 Name : SLES9: Security update for libpng
File : nvt/sles9p5043440.nasl
2009-10-10 Name : SLES9: Security update for libpng
File : nvt/sles9p5043680.nasl
2009-07-29 Name : Ubuntu USN-802-1 (apache2)
File : nvt/ubuntu_802_1.nasl
2009-07-29 Name : Ubuntu USN-801-1 (tiff)
File : nvt/ubuntu_801_1.nasl
2009-07-29 Name : Ubuntu USN-799-1 (dbus)
File : nvt/ubuntu_799_1.nasl
2009-07-29 Name : Debian Security Advisory DSA 1830-1 (icedove)
File : nvt/deb_1830_1.nasl
2009-06-23 Name : Fedora Core 10 FEDORA-2009-6531 (libpng)
File : nvt/fcore_2009_6531.nasl
2009-06-23 Name : Fedora Core 9 FEDORA-2009-6603 (libpng)
File : nvt/fcore_2009_6603.nasl
2009-06-05 Name : Ubuntu USN-723-1 (git-core)
File : nvt/ubuntu_723_1.nasl
2009-05-20 Name : CentOS Security Advisory CESA-2009:0258 (thunderbird)
File : nvt/ovcesa2009_0258.nasl
2009-04-28 Name : CentOS Security Advisory CESA-2009:0333 (libpng)
File : nvt/ovcesa2009_0333.nasl
2009-04-20 Name : SuSE Security Advisory SUSE-SA:2009:023 (MozillaFirefox)
File : nvt/suse_sa_2009_023.nasl
2009-04-06 Name : Fedora Core 10 FEDORA-2009-3161 (seamonkey)
File : nvt/fcore_2009_3161.nasl
2009-04-06 Name : Fedora Core 9 FEDORA-2009-3101 (seamonkey)
File : nvt/fcore_2009_3101.nasl
2009-04-06 Name : Mandrake Security Advisory MDVSA-2009:083 (mozilla-thunderbird)
File : nvt/mdksa_2009_083.nasl
2009-03-31 Name : Debian Security Advisory DSA 1750-1 (libpng)
File : nvt/deb_1750_1.nasl
2009-03-31 Name : Ubuntu USN-742-1 (jasper)
File : nvt/ubuntu_742_1.nasl
2009-03-31 Name : RedHat Security Advisory RHSA-2009:0258
File : nvt/RHSA_2009_0258.nasl
2009-03-31 Name : Ubuntu USN-741-1 (thunderbird)
File : nvt/ubuntu_741_1.nasl
2009-03-31 Name : Fedora Core 10 FEDORA-2009-2882 (thunderbird)
File : nvt/fcore_2009_2882.nasl
2009-03-31 Name : Fedora Core 9 FEDORA-2009-2884 (thunderbird)
File : nvt/fcore_2009_2884.nasl
2009-03-20 Name : Gentoo Security Advisory GLSA 200903-28 (libpng)
File : nvt/glsa_200903_28.nasl
2009-03-20 Name : SuSE Security Advisory SUSE-SA:2009:012 (MozillaFirefox)
File : nvt/suse_sa_2009_012.nasl
2009-03-20 Name : Mandrake Security Advisory MDVSA-2009:075 (firefox)
File : nvt/mdksa_2009_075.nasl
2009-03-13 Name : CentOS Security Advisory CESA-2009:0340 (libpng)
File : nvt/ovcesa2009_0340.nasl
2009-03-13 Name : Fedora Core 10 FEDORA-2009-1976 (libpng10)
File : nvt/fcore_2009_1976.nasl
2009-03-13 Name : Fedora Core 9 FEDORA-2009-2045 (libpng10)
File : nvt/fcore_2009_2045.nasl
2009-03-13 Name : Fedora Core 9 FEDORA-2009-2421 (firefox)
File : nvt/fcore_2009_2421.nasl
2009-03-13 Name : CentOS Security Advisory CESA-2009:0333-01 (libpng)
File : nvt/ovcesa2009_0333_01.nasl
2009-03-13 Name : Fedora Core 10 FEDORA-2009-2422 (firefox)
File : nvt/fcore_2009_2422.nasl
2009-03-13 Name : CentOS Security Advisory CESA-2009:0315 (firefox)
File : nvt/ovcesa2009_0315.nasl
2009-03-13 Name : CentOS Security Advisory CESA-2009:0325-01 (seamonkey)
File : nvt/ovcesa2009_0325_01.nasl
2009-03-10 Name : Mozilla Thunderbird Multiple Vulnerabilities Mar-09 (Win)
File : nvt/gb_thunderbird_mult_vuln_mar09_win.nasl
2009-03-10 Name : Mozilla Thunderbird Multiple Vulnerabilities Mar-09 (Linux)
File : nvt/gb_thunderbird_mult_vuln_mar09_lin.nasl
2009-03-10 Name : Mozilla Seamonkey Multiple Vulnerabilities Mar-09 (Win)
File : nvt/gb_seamonkey_mult_vuln_mar09_win.nasl
2009-03-10 Name : Mozilla Seamonkey Multiple Vulnerabilities Mar-09 (Linux)
File : nvt/gb_seamonkey_mult_vuln_mar09_lin.nasl
2009-03-10 Name : Mozilla Firefox Multiple Vulnerabilities Mar-09 (Win)
File : nvt/gb_firefox_mult_vuln_mar09_win.nasl
2009-03-10 Name : Mozilla Firefox Multiple Vulnerabilities Mar-09 (Linux)
File : nvt/gb_firefox_mult_vuln_mar09_lin.nasl
2009-03-07 Name : RedHat Security Advisory RHSA-2009:0333
File : nvt/RHSA_2009_0333.nasl
2009-03-07 Name : Ubuntu USN-728-2 (firefox)
File : nvt/ubuntu_728_2.nasl
2009-03-07 Name : Ubuntu USN-728-1 (xulrunner-1.9)
File : nvt/ubuntu_728_1.nasl
2009-03-07 Name : Ubuntu USN-727-2 (network-manager)
File : nvt/ubuntu_727_2.nasl
2009-03-07 Name : Ubuntu USN-727-1 (network-manager-applet)
File : nvt/ubuntu_727_1.nasl
2009-03-07 Name : Ubuntu USN-726-2 (curl)
File : nvt/ubuntu_726_2.nasl
2009-03-07 Name : Ubuntu USN-726-1 (curl)
File : nvt/ubuntu_726_1.nasl
2009-03-07 Name : Ubuntu USN-728-3 (firefox)
File : nvt/ubuntu_728_3.nasl
2009-03-07 Name : Ubuntu USN-730-1 (libpng)
File : nvt/ubuntu_730_1.nasl
2009-03-07 Name : RedHat Security Advisory RHSA-2009:0340
File : nvt/RHSA_2009_0340.nasl
2009-03-07 Name : RedHat Security Advisory RHSA-2009:0325
File : nvt/RHSA_2009_0325.nasl
2009-03-07 Name : RedHat Security Advisory RHSA-2009:0315
File : nvt/RHSA_2009_0315.nasl
2009-03-07 Name : FreeBSD Ports: pngcrush
File : nvt/freebsd_pngcrush.nasl
2009-03-07 Name : CentOS Security Advisory CESA-2009:0325 (seamonkey)
File : nvt/ovcesa2009_0325.nasl
2009-03-02 Name : Mandrake Security Advisory MDVSA-2009:051 (libpng)
File : nvt/mdksa_2009_051.nasl
2009-03-02 Name : SuSE Security Summary SUSE-SR:2009:005
File : nvt/suse_sr_2009_005.nasl
2009-03-02 Name : Fedora Core 10 FEDORA-2009-2112 (libpng)
File : nvt/fcore_2009_2112.nasl
2009-03-02 Name : Fedora Core 9 FEDORA-2009-2128 (libpng)
File : nvt/fcore_2009_2128.nasl
2009-03-02 Name : Fedora Core 10 FEDORA-2009-2131 (mingw32-libpng)
File : nvt/fcore_2009_2131.nasl
0000-00-00 Name : Slackware Advisory SSA:2009-083-02 seamonkey
File : nvt/esoft_slk_ssa_2009_083_02.nasl
0000-00-00 Name : Slackware Advisory SSA:2009-051-01 libpng
File : nvt/esoft_slk_ssa_2009_051_01.nasl
0000-00-00 Name : Slackware Advisory SSA:2009-083-03 mozilla-thunderbird
File : nvt/esoft_slk_ssa_2009_083_03.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
53317 libpng 16-bit Gamma Table Handling Uninitialised Pointer Free Arbitrary Code ...

53316 libpng pCAL Chunk Handling Uninitialised Pointer Free Arbitrary Code Execution

53315 libpng png_read_png Function Uninitialised Pointer Free Arbitrary Code Execution

52452 Mozilla Multiple Products Location Bar Invisible Character Decoding Spoofing ...

52451 Mozilla Multiple Products nsIRDFService Cross-domain Redirect Same-origin Pol...

Multiple Mozilla products contain a flaw that may allow a malicious website operator to access private data from users redirected to another website. The issue is triggered by nsIRDFService allowing a malicious website operator to use a cross-domain redirect to steal arbitrary XML data from another domain, resulting in a loss of confidentiality.
52450 Mozilla Multiple Products Crafted Cloned XUL DOM Elements Arbitrary Code Exec...

52449 Mozilla Multiple Products JavaScript Engine Multiple Vector Unspecified DoS

52448 Mozilla Multiple Products JavaScript Engine jsopcode.cpp Multiple Vector Arbi...

52447 Mozilla Multiple Products JavaScript Engine jsarray.cpp ResizeSlots Function ...

52446 Mozilla Multiple Products Layout Engine gczeal Unspecified Code Execution

52445 Mozilla Multiple Products Layout Engine nsCSSStyleSheet::GetOwnerNode Functio...

52444 Mozilla Multiple Products Layout Engine Multiple Unspecified Memory Corruptions

Snort® IPS/IDS

Date Description
2014-03-06 Mozilla Firefox SVG data processing obfuscated memory corruption attempt
RuleID : 29580 - Revision : 3 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox Javascript array.splice memory corruption attempt
RuleID : 17399 - Revision : 8 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox Javascript array.splice memory corruption attempt
RuleID : 17398 - Revision : 8 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox SVG data processing memory corruption attempt
RuleID : 15428 - Revision : 17 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

Date Description
2014-12-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-08.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL9988.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2009-0258.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0315.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0325.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0333.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0340.nasl - Type : ACT_GATHER_INFO
2013-03-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-728-3.nasl - Type : ACT_GATHER_INFO
2013-03-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-728-2.nasl - Type : ACT_GATHER_INFO
2013-01-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-10-01 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201209-25.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090304_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090304_libpng_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090304_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20090324_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1830.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0333.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12358.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-090319.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libpng-090317.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12353.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-6187.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libpng-6003.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libpng-6024.nasl - Type : ACT_GATHER_INFO
2009-08-05 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_5_8.nasl - Type : ACT_GATHER_INFO
2009-08-05 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2009-003.nasl - Type : ACT_GATHER_INFO
2009-07-27 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2009-0007.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-090312.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaFirefox-090312.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libpng-devel-090217.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libpng-devel-090217.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libpng-devel-090225.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_seamonkey-090617.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_seamonkey-090617.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libpng-devel-090225.nasl - Type : ACT_GATHER_INFO
2009-06-19 Name : The remote openSUSE host is missing a security update.
File : suse_seamonkey-6310.nasl - Type : ACT_GATHER_INFO
2009-06-09 Name : The remote host contains a web browser that is affected by several vulnerabil...
File : safari_4.0.nasl - Type : ACT_GATHER_INFO
2009-05-26 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2009-0258.nasl - Type : ACT_GATHER_INFO
2009-05-13 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2009-1976.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-730-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-741-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2009-3161.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-728-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2009-2112.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2009-2131.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-2422.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2009-2882.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-083.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-075.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-051.nasl - Type : ACT_GATHER_INFO
2009-04-21 Name : The remote openSUSE host is missing a security update.
File : suse_MozillaFirefox-6194.nasl - Type : ACT_GATHER_INFO
2009-03-31 Name : The remote Fedora host is missing a security update.
File : fedora_2009-3101.nasl - Type : ACT_GATHER_INFO
2009-03-25 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-0258.nasl - Type : ACT_GATHER_INFO
2009-03-25 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-083-02.nasl - Type : ACT_GATHER_INFO
2009-03-25 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-083-03.nasl - Type : ACT_GATHER_INFO
2009-03-23 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1750.nasl - Type : ACT_GATHER_INFO
2009-03-23 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1751.nasl - Type : ACT_GATHER_INFO
2009-03-22 Name : The remote Fedora host is missing a security update.
File : fedora_2009-2884.nasl - Type : ACT_GATHER_INFO
2009-03-20 Name : A web browser on the remote host is affected by multiple vulnerabilities.
File : seamonkey_1115.nasl - Type : ACT_GATHER_INFO
2009-03-20 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_20021.nasl - Type : ACT_GATHER_INFO
2009-03-16 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200903-28.nasl - Type : ACT_GATHER_INFO
2009-03-10 Name : The remote Fedora host is missing a security update.
File : fedora_2009-2045.nasl - Type : ACT_GATHER_INFO
2009-03-09 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-2421.nasl - Type : ACT_GATHER_INFO
2009-03-08 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0315.nasl - Type : ACT_GATHER_INFO
2009-03-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0325.nasl - Type : ACT_GATHER_INFO
2009-03-05 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_ea2411a408e811deb88a0022157515b2.nasl - Type : ACT_GATHER_INFO
2009-03-05 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_307.nasl - Type : ACT_GATHER_INFO
2009-03-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0315.nasl - Type : ACT_GATHER_INFO
2009-03-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0325.nasl - Type : ACT_GATHER_INFO
2009-03-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0333.nasl - Type : ACT_GATHER_INFO
2009-03-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0340.nasl - Type : ACT_GATHER_INFO
2009-03-05 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0340.nasl - Type : ACT_GATHER_INFO
2009-02-27 Name : The remote openSUSE host is missing a security update.
File : suse_libpng-6021.nasl - Type : ACT_GATHER_INFO
2009-02-27 Name : The remote Fedora host is missing a security update.
File : fedora_2009-2128.nasl - Type : ACT_GATHER_INFO
2009-02-24 Name : The remote openSUSE host is missing a security update.
File : suse_libpng-6001.nasl - Type : ACT_GATHER_INFO
2009-02-23 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-051-01.nasl - Type : ACT_GATHER_INFO
2008-03-04 Name : The remote host is missing Sun Security Patch number 137081-11
File : solaris10_x86_137081.nasl - Type : ACT_GATHER_INFO
2008-03-04 Name : The remote host is missing Sun Security Patch number 137080-11
File : solaris10_137080.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:05:43
  • Multiple Updates