Executive Summary
Summary | |
---|---|
Title | Firefox 3.0 and Xulrunner 1.9 vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-895-1 | First vendor Publication | 2010-02-17 |
Vendor | Ubuntu | Last vendor Modification | 2010-02-17 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: Ubuntu 8.10: Ubuntu 9.04: After a standard system upgrade you need to restart Firefox and any applications that use xulrunner to effect the necessary changes. Details follow: Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0159) Orlando Barrera II discovered a flaw in the Web Workers implementation of Firefox. If a user were tricked into posting to a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0160) Alin Rad Pop discovered that Firefox's HTML parser would incorrectly free memory under certain circumstances. If the browser could be made to access these freed memory objects, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1571) Hidetake Jo discovered that the showModalDialog in Firefox did not always honor the same-origin policy. An attacker could exploit this to run untrusted JavaScript from other domains. (CVE-2009-3988) Georgi Guninski discovered that the same-origin check in Firefox could be bypassed by utilizing a crafted SVG image. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0162) |
Original Source
Url : http://www.ubuntu.com/usn/USN-895-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
25 % | CWE-399 | Resource Management Errors |
25 % | CWE-264 | Permissions, Privileges, and Access Controls |
25 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
25 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10697 | |||
Oval ID: | oval:org.mitre.oval:def:10697 | ||
Title: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. | ||
Description: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0162 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11166 | |||
Oval ID: | oval:org.mitre.oval:def:11166 | ||
Title: | The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
Description: | The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0160 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11227 | |||
Oval ID: | oval:org.mitre.oval:def:11227 | ||
Title: | Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations. | ||
Description: | Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1571 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13349 | |||
Oval ID: | oval:org.mitre.oval:def:13349 | ||
Title: | DSA-1999-1 xulrunner -- several | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1571 Alin Rad Pop discovered that incorrect memory handling in the HTML parser could lead to the execution of arbitrary code. CVE-2009-3988 Hidetake Jo discovered that the same-origin policy can be bypassed through window.dialogArguments. CVE-2010-0159 Henri Sivonen, Boris Zbarsky, Zack Weinberg, Bob Clary, Martijn Wargers and Paul Nickerson reported crashes in layout engine, which might allow the execution of arbitrary code. CVE-2010-0160 Orlando Barrera II discovered that incorrect memory handling in the implementation of the web worker API could lead to the execution of arbitrary code. CVE-2010-0162 Georgi Guninski discovered that the same origin policy can be bypassed through specially crafted SVG documents. For the stable distribution, these problems have been fixed in version 1.9.0.18-1. For the unstable distribution, these problems have been fixed in version 1.9.1.8-1. We recommend that you upgrade your xulrunner packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1999-1 CVE-2009-1571 CVE-2009-3988 CVE-2010-0159 CVE-2010-0160 CVE-2010-0162 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7463 | |||
Oval ID: | oval:org.mitre.oval:def:7463 | ||
Title: | DSA-1999 xulrunner -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Alin Rad Pop discovered that incorrect memory handling in the HTML parser could lead to the execution of arbitrary code. Hidetake Jo discovered that the same-origin policy can be bypassed through window.dialogArguments. Henri Sivonen, Boris Zbarsky, Zack Weinberg, Bob Clary, Martijn Wargers and Paul Nickerson reported crashes in layout engine, which might allow the execution of arbitrary code. Orlando Barrera II discovered that incorrect memory handling in the implementation of the web worker API could lead to the execution of arbitrary code. Georgi Guninski discovered that the same origin policy can be bypassed through specially crafted SVG documents. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1999 CVE-2009-1571 CVE-2009-3988 CVE-2010-0159 CVE-2010-0160 CVE-2010-0162 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8355 | |||
Oval ID: | oval:org.mitre.oval:def:8355 | ||
Title: | Mozilla Firefox and SeaMonkey XSS Vulnerability due to window.dialogArguments being readable cross-domain | ||
Description: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3988 | Version: | 15 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8465 | |||
Oval ID: | oval:org.mitre.oval:def:8465 | ||
Title: | Mozilla Firefox and SeaMonkey Web Worker Array Handling Heap Corruption Vulnerability | ||
Description: | The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0160 | Version: | 15 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8485 | |||
Oval ID: | oval:org.mitre.oval:def:8485 | ||
Title: | Mozilla Firefox, Thunderbird and SeaMonkey Browser Engine Memory Corruption Vulnerability | ||
Description: | The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0159 | Version: | 20 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8615 | |||
Oval ID: | oval:org.mitre.oval:def:8615 | ||
Title: | Mozilla Firefox, Thunderbird and SeaMonkey Use-After-Free HTML Parser Vulnerability | ||
Description: | Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1571 | Version: | 20 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8631 | |||
Oval ID: | oval:org.mitre.oval:def:8631 | ||
Title: | Mozilla Firefox and SeaMonkey XSS hazard using SVG document and binary Content-Type | ||
Description: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0162 | Version: | 15 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9384 | |||
Oval ID: | oval:org.mitre.oval:def:9384 | ||
Title: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values. | ||
Description: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3988 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9590 | |||
Oval ID: | oval:org.mitre.oval:def:9590 | ||
Title: | The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. | ||
Description: | The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0159 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2010-05-21 | Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities |
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for firefox CESA-2010:0112 centos5 i386 File : nvt/gb_CESA-2010_0112_firefox_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for thunderbird CESA-2010:0153 centos5 i386 File : nvt/gb_CESA-2010_0153_thunderbird_centos5_i386.nasl |
2010-03-22 | Name : RedHat Update for thunderbird RHSA-2010:0154-02 File : nvt/gb_RHSA-2010_0154-02_thunderbird.nasl |
2010-03-22 | Name : CentOS Update for thunderbird CESA-2010:0154 centos4 i386 File : nvt/gb_CESA-2010_0154_thunderbird_centos4_i386.nasl |
2010-03-12 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2010:051 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2010_051.nasl |
2010-03-05 | Name : Fedora Update for sunbird FEDORA-2010-3267 File : nvt/gb_fedora_2010_3267_sunbird_fc11.nasl |
2010-03-05 | Name : Fedora Update for thunderbird FEDORA-2010-3267 File : nvt/gb_fedora_2010_3267_thunderbird_fc11.nasl |
2010-03-05 | Name : SuSE Update for MozillaFirefox,seamonkey SUSE-SA:2010:015 File : nvt/gb_suse_2010_015.nasl |
2010-03-05 | Name : Fedora Update for sunbird FEDORA-2010-3230 File : nvt/gb_fedora_2010_3230_sunbird_fc12.nasl |
2010-03-05 | Name : Fedora Update for thunderbird FEDORA-2010-3230 File : nvt/gb_fedora_2010_3230_thunderbird_fc12.nasl |
2010-03-02 | Name : Fedora Update for evolution-rss FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_evolution-rss_fc11.nasl |
2010-03-02 | Name : Fedora Update for chmsee FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_chmsee_fc11.nasl |
2010-03-02 | Name : Fedora Update for firefox FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_firefox_fc11.nasl |
2010-03-02 | Name : Fedora Update for galeon FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_galeon_fc11.nasl |
2010-03-02 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_gnome-python2-extras_fc11.nasl |
2010-03-02 | Name : Fedora Update for gnome-web-photo FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_gnome-web-photo_fc11.nasl |
2010-03-02 | Name : Fedora Update for google-gadgets FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_google-gadgets_fc11.nasl |
2010-03-02 | Name : Fedora Update for hulahop FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_hulahop_fc11.nasl |
2010-03-02 | Name : Fedora Update for kazehakase FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_kazehakase_fc11.nasl |
2010-03-02 | Name : Fedora Update for monodevelop FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_monodevelop_fc11.nasl |
2010-03-02 | Name : Fedora Update for mozvoikko FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_mozvoikko_fc11.nasl |
2010-03-02 | Name : Fedora Update for pcmanx-gtk2 FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_pcmanx-gtk2_fc11.nasl |
2010-03-02 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_perl-Gtk2-MozEmbed_fc11.nasl |
2010-03-02 | Name : Fedora Update for ruby-gnome2 FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_ruby-gnome2_fc11.nasl |
2010-03-02 | Name : Fedora Update for xulrunner FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_xulrunner_fc11.nasl |
2010-03-02 | Name : Fedora Update for yelp FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_yelp_fc11.nasl |
2010-03-02 | Name : Fedora Update for epiphany-extensions FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_epiphany-extensions_fc11.nasl |
2010-03-02 | Name : Fedora Update for blam FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_blam_fc12.nasl |
2010-03-02 | Name : Fedora Update for firefox FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_firefox_fc12.nasl |
2010-03-02 | Name : Fedora Update for galeon FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_galeon_fc12.nasl |
2010-03-02 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_gnome-python2-extras_fc12.nasl |
2010-03-02 | Name : Fedora Update for gnome-web-photo FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_gnome-web-photo_fc12.nasl |
2010-03-02 | Name : Fedora Update for mozvoikko FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_mozvoikko_fc12.nasl |
2010-03-02 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_perl-Gtk2-MozEmbed_fc12.nasl |
2010-03-02 | Name : Fedora Update for xulrunner FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_xulrunner_fc12.nasl |
2010-03-02 | Name : Fedora Update for seamonkey FEDORA-2010-1932 File : nvt/gb_fedora_2010_1932_seamonkey_fc12.nasl |
2010-03-02 | Name : Fedora Update for Miro FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_Miro_fc11.nasl |
2010-03-02 | Name : Fedora Update for blam FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_blam_fc11.nasl |
2010-03-02 | Name : Fedora Update for eclipse FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_eclipse_fc11.nasl |
2010-03-02 | Name : Fedora Update for epiphany FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_epiphany_fc11.nasl |
2010-02-26 | Name : Mozilla Products Multiple Vulnerabilities feb-10 (Win) File : nvt/secpod_mozilla_prdts_mult_vuln_feb10_win01.nasl |
2010-02-26 | Name : Mozilla Products Multiple Vulnerabilities feb-10 (Linux) File : nvt/secpod_mozilla_prdts_mult_vuln_feb10_lin.nasl |
2010-02-26 | Name : Mozilla Products Multiple Vulnerabilities feb-10 (Lin) File : nvt/secpod_mozilla_prdts_mult_vuln_feb10_lin01.nasl |
2010-02-26 | Name : Mozilla Products Multiple Vulnerabilities feb-10 (Windows) File : nvt/secpod_mozilla_prdts_mult_vuln_feb10_win.nasl |
2010-02-25 | Name : Debian Security Advisory DSA 1999-1 (xulrunner) File : nvt/deb_1999_1.nasl |
2010-02-22 | Name : Mandriva Update for firefox MDVSA-2010:042 (firefox) File : nvt/gb_mandriva_MDVSA_2010_042.nasl |
2010-02-19 | Name : RedHat Update for seamonkey RHSA-2010:0113-01 File : nvt/gb_RHSA-2010_0113-01_seamonkey.nasl |
2010-02-19 | Name : RedHat Update for firefox RHSA-2010:0112-01 File : nvt/gb_RHSA-2010_0112-01_firefox.nasl |
2010-02-19 | Name : CentOS Update for seamonkey CESA-2010:0113 centos4 i386 File : nvt/gb_CESA-2010_0113_seamonkey_centos4_i386.nasl |
2010-02-19 | Name : Ubuntu Update for Firefox 3.0 and Xulrunner 1.9 vulnerabilities USN-895-1 File : nvt/gb_ubuntu_USN_895_1.nasl |
2010-02-19 | Name : Ubuntu Update for Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities USN-896-1 File : nvt/gb_ubuntu_USN_896_1.nasl |
2010-02-19 | Name : CentOS Update for seamonkey CESA-2010:0113 centos3 i386 File : nvt/gb_CESA-2010_0113_seamonkey_centos3_i386.nasl |
2010-02-19 | Name : CentOS Update for firefox CESA-2010:0112 centos4 i386 File : nvt/gb_CESA-2010_0112_firefox_centos4_i386.nasl |
2010-02-18 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox44.nasl |
2010-02-15 | Name : Mandriva Update for mmc-web-base MDVA-2010:051 (mmc-web-base) File : nvt/gb_mandriva_MDVA_2010_051.nasl |
2010-01-29 | Name : Mandriva Update for urpmi MDVA-2010:042 (urpmi) File : nvt/gb_mandriva_MDVA_2010_042.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62428 | Mozilla Multiple Browsers Web Worker Array Handling Heap Corruption |
62427 | Mozilla Multiple Browsers window.dialogArguments Same-origin Policy Bypass XSS |
62426 | Mozilla Multiple Browsers SVG Document Binary Content-Type Header XSS Weakness |
62425 | Mozilla Multiple Browsers HTML Parser Use-after-free Memory Corruption |
62424 | Mozilla Multiple Browsers Unspecified Memory Corruption (534082) |
62423 | Mozilla Multiple Browsers Unspecified Memory Corruption (501934) |
62422 | Mozilla Multiple Browsers Unspecified Memory Corruption (528300) |
62421 | Mozilla Multiple Browsers Unspecified Memory Corruption (528134) |
62420 | Mozilla Multiple Browsers Unspecified Memory Corruption (527567) |
62419 | Mozilla Multiple Browsers Unspecified Memory Corruption (467005) |
62418 | Mozilla Multiple Browsers Unspecified Memory Corruption (530880) |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0113.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0112.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100217_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100317_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6867.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6866.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1932.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-1936.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-3230.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-3267.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-1727.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
2010-04-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-071.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
2010-03-11 | Name : The remote SuSE system is missing a security patch for MozillaThunderbird File : suse_11_2_MozillaThunderbird-100305.nasl - Type : ACT_GATHER_INFO |
2010-03-02 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-051.nasl - Type : ACT_GATHER_INFO |
2010-03-02 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_302.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-100223.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-100223.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-100219.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-100218.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-100218.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-100219.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6863.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6871.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1999.nasl - Type : ACT_GATHER_INFO |
2010-02-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-042.nasl - Type : ACT_GATHER_INFO |
2010-02-19 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_f82c85d81c6e11dfabb2000f20797ede.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-895-1.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0112.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-896-1.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_203.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0113.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0112.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_358.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3018.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0113.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:06:34 |
|