Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title ant, apturl, Epiphany, gluezilla, gnome-python-extras, liferea, mozvoikko, OpenJDK, packagekit, ubufox, webfav, yelp update
Informations
Name USN-930-5 First vendor Publication 2010-07-23
Vendor Ubuntu Last vendor Modification 2010-07-23
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 9.04 Ubuntu 9.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 9.04:
ant 1.7.1-0ubuntu2.2
apturl 0.3.3ubuntu1.2
epiphany-browser 2.26.1-0ubuntu1.9.04.1
icedtea6-plugin 6b18-1.8-4ubuntu3~9.04.2
libgluezilla 2.0-1ubuntu1.9.04.1
liferea 1.4.26-0ubuntu1.9.04.1
mozilla-packagekit 0.3.14-0ubuntu5.9.04.1
mozvoikko 0.9.5-1ubuntu2.9.04.1
python-gnome2-extras 2.19.1-0ubuntu14.9.04.1
ubufox 0.9~rc2-0ubuntu0.9.04.2
webfav 1.11-0ubuntu1.9.04.1
yelp 2.25.1-0ubuntu5.9.04.1

Ubuntu 9.10:
ant 1.7.1-4ubuntu0.2
icedtea6-plugin 6b18-1.8-4ubuntu3~9.10.2
mozvoikko 1.0-1ubuntu3.9.10.1
python-gtkmozembed 2.25.3-3ubuntu1.9.10.1
ubufox 0.9~rc2-0ubuntu0.9.10.1
webfav 1.16-0ubuntu1.9.10.1
yelp 2.28.0-0ubuntu2.9.10.1

After a standard system upgrade you need to restart Firefox and any applications that use Xulrunner to effect the necessary changes.

Details follow:

USN-930-4 fixed vulnerabilities in Firefox and Xulrunner on Ubuntu 9.04 and 9.10. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2.

Original advisory details:

If was discovered that Firefox could be made to access freed memory. If a
user were tricked into viewing a malicious site, a remote attacker could
cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. This issue only affected
Ubuntu 8.04 LTS. (CVE-2010-1121)

Several flaws were discovered in the browser engine of Firefox. If a
user were tricked into viewing a malicious site, a remote attacker could
cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201,
CVE-2010-1202, CVE-2010-1203)

A flaw was discovered in the way plugin instances interacted. An attacker
could potentially exploit this and use one plugin to access freed memory from a
second plugin to execute arbitrary code with the privileges of the user
invoking the program. (CVE-2010-1198)

An integer overflow was discovered in Firefox. If a user were tricked into
viewing a malicious site, an attacker could overflow a buffer and cause a
denial of service or possibly execute arbitrary code with the privileges of
the user invoking the program. (CVE-2010-1196)

Martin Barbella discovered an integer overflow in an XSLT node sorting
routine. An attacker could exploit this to overflow a buffer and cause a
denial of service or possibly execute arbitrary code with the privileges of
the user invoking the program. (CVE-2010-1199)

Michal Zalewski discovered that the focus behavior of Firefox could be
subverted. If a user were tricked into viewing a malicious site, a remote
attacker could use this to capture keystrokes. (CVE-2010-1125)

Ilja van Sprundel discovered that the 'Content-Disposition: attachment'
HTTP header was ignored when 'Content-Type: multipart' was also present.
Under certain circumstances, this could potentially lead to cross-site
scripting attacks. (CVE-2010-1197)

Amit Klein discovered that Firefox did not seed its random number generator
often enough. An attacker could exploit this to identify and track users
across different web sites. (CVE-2008-5913)

Several flaws were discovered in the browser engine of Firefox. If a user
were tricked into viewing a malicious site, a remote attacker could use
this to crash the browser or possibly run arbitrary code as the user
invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211,
CVE-2010-1212)

An integer overflow was discovered in how Firefox processed plugin
parameters. An attacker could exploit this to crash the browser or possibly
run arbitrary code as the user invoking the program. (CVE-2010-1214)

A flaw was discovered in the Firefox JavaScript engine. If a user were
tricked into viewing a malicious site, a remote attacker code execute
arbitrary JavaScript with chrome privileges. (CVE-2010-1215)

An integer overflow was discovered in how Firefox processed CSS values. An
attacker could exploit this to crash the browser or possibly run arbitrary
code as the user invoking the program. (CVE-2010-2752)

An integer overflow was discovered in how Firefox interpreted the XUL
element. If a user were tricked into viewing a malicious site, a
remote attacker could use this to crash the browser or possibly run
arbitrary code as the user invoking the program. (CVE-2010-2753)

Aki Helin discovered that libpng did not properly handle certain malformed
PNG images. If a user were tricked into opening a crafted PNG file, an
attacker could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2010-1205)

Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin
check in Firefox could be bypassed by utilizing the importScripts Web
Worker method. If a user were tricked into viewing a malicious website, an
attacker could exploit this to read data from other domains.
(CVE-2010-1213, CVE-2010-1207)

O. Andersen that Firefox did not properly map undefined positions within
certain 8 bit encodings. An attacker could utilize this to perform
cross-site scripting attacks. (CVE-2010-1210)

Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no
content) code. An attacker could exploit this to spoof the location bar,
such as in a phishing attack. (CVE-2010-1206)

Jordi Chancel discovered that Firefox did not properly handle when a server
responds to an HTTPS request with plaintext and then processes JavaScript
history events. An attacker could exploit this to spoof the location bar,
such as in a phishing attack. (CVE-2010-2751)

Chris Evans discovered that Firefox did not properly process improper CSS
selectors. If a user were tricked into viewing a malicious website, an
attacker could exploit this to read data from other domains.
(CVE-2010-0654)

Soroush Dalili discovered that Firefox did not properly handle script error
output. An attacker could use this to access URL parameters from other
domains. (CVE-2010-2754)

Original Source

Url : http://www.ubuntu.com/usn/USN-930-5

CWE : Common Weakness Enumeration

% Id Name
18 % CWE-189 Numeric Errors (CWE/SANS Top 25)
14 % CWE-264 Permissions, Privileges, and Access Controls
14 % CWE-200 Information Exposure
9 % CWE-416 Use After Free
9 % CWE-399 Resource Management Errors
9 % CWE-94 Failure to Control Generation of Code ('Code Injection')
9 % CWE-20 Improper Input Validation
5 % CWE-190 Integer Overflow or Wraparound (CWE/SANS Top 25)
5 % CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25)
5 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
5 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10168
 
Oval ID: oval:org.mitre.oval:def:10168
Title: Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document.
Description: Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1197
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10386
 
Oval ID: oval:org.mitre.oval:def:10386
Title: The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method.
Description: The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1125
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10401
 
Oval ID: oval:org.mitre.oval:def:10401
Title: The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp.
Description: The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1203
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10816
 
Oval ID: oval:org.mitre.oval:def:10816
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1200
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10885
 
Oval ID: oval:org.mitre.oval:def:10885
Title: Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node.
Description: Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1199
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10889
 
Oval ID: oval:org.mitre.oval:def:10889
Title: Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description: Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1202
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10924
 
Oval ID: oval:org.mitre.oval:def:10924
Title: Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.
Description: Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1121
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10958
 
Oval ID: oval:org.mitre.oval:def:10958
Title: Mozilla Firefox, Thunderbird, and SeaMonkey 'nsTreeSelection' Remote Code Execution Vulnerability
Description: Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2753
Version: 25
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10990
 
Oval ID: oval:org.mitre.oval:def:10990
Title: Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances.
Description: Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1198
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11055
 
Oval ID: oval:org.mitre.oval:def:11055
Title: Mozilla Firefox and SeaMonkey 'NodeIterator' Use-after-free Vulnerability
Description: Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and a javascript callback.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1209
Version: 21
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11139
 
Oval ID: oval:org.mitre.oval:def:11139
Title: The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack."
Description: The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack."
Family: unix Class: vulnerability
Reference(s): CVE-2008-5913
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11424
 
Oval ID: oval:org.mitre.oval:def:11424
Title: Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow.
Description: Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2010-1196
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11527
 
Oval ID: oval:org.mitre.oval:def:11527
Title: Mozilla Firefox and Thunderbird Arbitrary code execution using SJOW and fast native function
Description: Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "access to an object from the chrome scope."
Family: windows Class: vulnerability
Reference(s): CVE-2010-1215
Version: 18
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11531
 
Oval ID: oval:org.mitre.oval:def:11531
Title: DSA-2075 xulrunner -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: Wladimir Palant discovered that security checks in XML processing were insufficiently enforced. Chris Evans discovered that insecure CSS handling could lead to reading data across domain boundaries. Aki Helin discovered a buffer overflow in the internal copy of libpng, which could lead to the execution of arbitrary code. "regenrecht" discovered that incorrect memory handling in DOM parsing could lead to the execution of arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert discovered crashes in the layout engine, which might allow the execution of arbitrary code. "JS3" discovered an integer overflow in the plugin code, which could lead to the execution of arbitrary code. Jordi Chancel discovered that the location could be spoofed to appear like a secured page. "regenrecht" discovered that incorrect memory handling in XUL parsing could lead to the execution of arbitrary code. Soroush Dalili discovered an information leak in script processing.
Family: unix Class: patch
Reference(s): DSA-2075
CVE-2010-0182
CVE-2010-0654
CVE-2010-1205
CVE-2010-1208
CVE-2010-1211
CVE-2010-1214
CVE-2010-2751
CVE-2010-2753
CVE-2010-2754
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11552
 
Oval ID: oval:org.mitre.oval:def:11552
Title: Mozilla Firefox/Thunderbird/SeaMonkey Memory Corruption Vulnerability
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1211
Version: 25
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11680
 
Oval ID: oval:org.mitre.oval:def:11680
Title: Mozilla Firefox, Thunderbird and SeaMonkey CSS Values Integer Overflow Vulnerability
Description: Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2752
Version: 25
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11685
 
Oval ID: oval:org.mitre.oval:def:11685
Title: Mozilla Firefox and SeaMonkey Plugin Parameter 'EnsureCachedAttrParamArrays' Remote Code Execution Vulnerability
Description: Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1214
Version: 20
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11688
 
Oval ID: oval:org.mitre.oval:def:11688
Title: Mozilla Firefox and SeaMonkey Location Bar Spoofing Vulnerability
Description: The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and the history.back and history.forward JavaScript functions.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2751
Version: 20
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11740
 
Oval ID: oval:org.mitre.oval:def:11740
Title: Mozilla Firefox and SeaMonkey DOM Attribute Cloning Remote Code Execution Vulnerability
Description: Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1208
Version: 20
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11770
 
Oval ID: oval:org.mitre.oval:def:11770
Title: Mozilla Firefox, Thunderbird, and SeaMonkey Cross-origin data leakage from script filename in error messages
Description: dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2754
Version: 25
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11771
 
Oval ID: oval:org.mitre.oval:def:11771
Title: Mozilla Firefox/Thunderbird/SeaMonkey Memory Corruption Vulnerability
Description: js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) propagation of deep aborts in the TraceRecorder::record_JSOP_BINDNAME function, (2) depth handling in the TraceRecorder::record_JSOP_GETELEM function, and (3) tracing of out-of-range arguments in the TraceRecorder::record_JSOP_ARGSUB function.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1212
Version: 23
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11811
 
Oval ID: oval:org.mitre.oval:def:11811
Title: Mozilla Firefox, Thunderbird and SeaMonkey Cross-domain Data Theft Using CSS Vulnerability
Description: Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.
Family: windows Class: vulnerability
Reference(s): CVE-2010-0654
Version: 25
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11835
 
Oval ID: oval:org.mitre.oval:def:11835
Title: Mozilla Firefox/Thunderbird/SeaMonkey Cross-origin data disclosure via Web Workers and importScripts
Description: The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1213
Version: 25
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11851
 
Oval ID: oval:org.mitre.oval:def:11851
Title: Mozilla Firefox/Thunderbird/SeaMonkey 'libpng' Buffer Overflow Vulnerability
Description: Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1205
Version: 25
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11863
 
Oval ID: oval:org.mitre.oval:def:11863
Title: Mozilla Firefox and Thunderbird Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish
Description: intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted 8-bit text.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1210
Version: 18
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11887
 
Oval ID: oval:org.mitre.oval:def:11887
Title: Mozilla Firefox and Thunderbird Same-origin Bypass Using Canvas Context Vulnerability
Description: Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote attackers to obtain sensitive cross-origin information via vectors involving reference retention and node deletion.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1207
Version: 18
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11917
 
Oval ID: oval:org.mitre.oval:def:11917
Title: DSA-2064 xulrunner -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: "wushi" discovered that incorrect pointer handling in the frame processing code could lead to the execution of arbitrary code. "Nils" discovered that an integer overflow in DOM node parsing could lead to the execution of arbitrary code. Ilja von Sprundel discovered that incorrect parsing of Content-Disposition headers could lead to cross-site scripting. Microsoft engineers discovered that incorrect memory handling in the interaction of browser plugins could lead to the execution of arbitrary code. Martin Barbella discovered that an integer overflow in XSLT node parsing could lead to the execution of arbitrary code. Olli Pettay, Martijn Wargers, Justin Lebar, Jesse Ruderman, Ben Turner, Jonathan Kew and David Humphrey discovered crashes in the layout engine, which might allow the execution of arbitrary code. "boardraider" and "stedenon" discovered crashes in the layout engine, which might allow the execution of arbitrary code. Bob Clary, Igor Bukanov, Gary Kwong and Andreas Gal discovered crashes in the Javascript engine, which might allow the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-2064
CVE-2010-0183
CVE-2010-1196
CVE-2010-1197
CVE-2010-1198
CVE-2010-1199
CVE-2010-1200
CVE-2010-1201
CVE-2010-1202
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12521
 
Oval ID: oval:org.mitre.oval:def:12521
Title: USN-930-6 -- firefox, firefox-3.0, xulrunner-1.9.2 vulnerability
Description: USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. This update fixes the problem. Original advisory details: If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. Ilja van Sprundel discovered that the "Content-Disposition: attachment" HTTP header was ignored when "Content-Type: multipart" was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different web sites
Family: unix Class: patch
Reference(s): USN-930-6
CVE-2010-1214
CVE-2010-2755
CVE-2010-1121
CVE-2010-1200
CVE-2010-1201
CVE-2010-1202
CVE-2010-1203
CVE-2010-1198
CVE-2010-1196
CVE-2010-1199
CVE-2010-1125
CVE-2010-1197
CVE-2008-5913
Version: 5
Platform(s): Ubuntu 9.04
Ubuntu 9.10
Product(s): firefox
firefox-3.0
xulrunner-1.9.2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12671
 
Oval ID: oval:org.mitre.oval:def:12671
Title: Denial of service vulnerability in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5
Description: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1201
Version: 21
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Mozilla Firefox
Mozilla SeaMonkey
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12712
 
Oval ID: oval:org.mitre.oval:def:12712
Title: USN-930-1 -- firefox, firefox-3.0, xulrunner-1.9.2 vulnerabilities
Description: If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. Ilja van Sprundel discovered that the "Content-Disposition: attachment" HTTP header was ignored when "Content-Type: multipart" was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different web sites
Family: unix Class: patch
Reference(s): USN-930-1
CVE-2010-1121
CVE-2010-1200
CVE-2010-1201
CVE-2010-1202
CVE-2010-1203
CVE-2010-1198
CVE-2010-1196
CVE-2010-1199
CVE-2010-1125
CVE-2010-1197
CVE-2008-5913
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.04
Product(s): firefox
firefox-3.0
xulrunner-1.9.2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13110
 
Oval ID: oval:org.mitre.oval:def:13110
Title: USN-958-1 -- thunderbird vulnerabilities
Description: Several flaws were discovered in the browser engine of Thunderbird. If a user were tricked into viewing malicious content, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Thunderbird processed CSS values. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Thunderbird interpreted the XUL element. If a user were tricked into viewing malicious content, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Yosuke Hasegawa discovered that the same-origin check in Thunderbird could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing malicious content, an attacker could exploit this to read data from other domains. Chris Evans discovered that Thunderbird did not properly process improper CSS selectors. If a user were tricked into viewing malicious content, an attacker could exploit this to read data from other domains. Soroush Dalili discovered that Thunderbird did not properly handle script error output. An attacker could use this to access URL parameters from other domains
Family: unix Class: patch
Reference(s): USN-958-1
CVE-2010-1211
CVE-2010-1212
CVE-2010-2752
CVE-2010-2753
CVE-2010-1205
CVE-2010-1213
CVE-2010-0654
CVE-2010-2754
Version: 5
Platform(s): Ubuntu 10.04
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13136
 
Oval ID: oval:org.mitre.oval:def:13136
Title: DSA-2075-1 xulrunner -- several
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0182 Wladimir Palant discovered that security checks in XML processing were insufficiently enforced. CVE-2010-0654 Chris Evans discovered that insecure CSS handling could lead to reading data across domain boundaries. CVE-2010-1205 Aki Helin discovered a buffer overflow in the internal copy of libpng, which could lead to the execution of arbitrary code. CVE-2010-1208 "regenrecht" discovered that incorrect memory handling in DOM parsing could lead to the execution of arbitrary code. CVE-2010-1211 Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2010-1214 "JS3" discovered an integer overflow in the plugin code, which could lead to the execution of arbitrary code. CVE-2010-2751 Jordi Chancel discovered that the location could be spoofed to appear like a secured page. CVE-2010-2753 "regenrecht" discovered that incorrect memory handling in XUL parsing could lead to the execution of arbitrary code. CVE-2010-2754 Soroush Dalili discovered an information leak in script processing. For the stable distribution, these problems have been fixed in version 1.9.0.19-3. For the unstable distribution, these problems have been fixed in version 1.9.1.11-1. For the experimental distribution, these problems have been fixed in version 1.9.2.7-1. We recommend that you upgrade your xulrunner packages.
Family: unix Class: patch
Reference(s): DSA-2075-1
CVE-2010-0182
CVE-2010-0654
CVE-2010-1205
CVE-2010-1208
CVE-2010-1211
CVE-2010-1214
CVE-2010-2751
CVE-2010-2753
CVE-2010-2754
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13144
 
Oval ID: oval:org.mitre.oval:def:13144
Title: USN-930-4 -- firefox-3.0, firefox-3.5, xulrunner-1.9.2 vulnerabilities
Description: USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides the corresponding updates for Ubuntu 9.04 and 9.10, along with additional updates affecting Firefox 3.6.6. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Firefox interpreted the XUL <tree> element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. O. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. Jordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. Chris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. Soroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains. Original advisory details: If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. Ilja van Sprundel discovered that the "Content-Disposition: attachment" HTTP header was ignored when "Content-Type: multipart" was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different web sites
Family: unix Class: patch
Reference(s): USN-930-4
CVE-2010-1208
CVE-2010-1209
CVE-2010-1211
CVE-2010-1212
CVE-2010-1214
CVE-2010-1215
CVE-2010-2752
CVE-2010-2753
CVE-2010-1205
CVE-2010-1213
CVE-2010-1207
CVE-2010-1210
CVE-2010-1206
CVE-2010-2751
CVE-2010-0654
CVE-2010-2754
CVE-2010-1121
CVE-2010-1200
CVE-2010-1201
CVE-2010-1202
CVE-2010-1203
CVE-2010-1198
CVE-2010-1196
CVE-2010-1199
CVE-2010-1125
CVE-2010-1197
CVE-2008-5913
Version: 6
Platform(s): Ubuntu 9.04
Ubuntu 9.10
Product(s): firefox-3.0
firefox-3.5
xulrunner-1.9.2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13152
 
Oval ID: oval:org.mitre.oval:def:13152
Title: USN-943-1 -- thunderbird vulnerabilities
Description: Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. An integer overflow was discovered in Thunderbird. If a user were tricked into viewing malicious content, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Several flaws were discovered in the browser engine of Thunderbird. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. If was discovered that Thunderbird could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program
Family: unix Class: patch
Reference(s): USN-943-1
CVE-2010-1199
CVE-2010-1196
CVE-2010-1200
CVE-2010-1201
CVE-2010-1202
CVE-2010-1203
CVE-2010-1121
Version: 5
Platform(s): Ubuntu 10.04
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13237
 
Oval ID: oval:org.mitre.oval:def:13237
Title: USN-930-3 -- firefox regression
Description: USN-930-1 fixed vulnerabilities in Firefox. Due to a software packaging problem, the Firefox 3.6 update could not be installed when the firefox-2 package was also installed. This update fixes the problem and updates apturl for the change. Original advisory details: If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. Ilja van Sprundel discovered that the "Content-Disposition: attachment" HTTP header was ignored when "Content-Type: multipart" was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different web sites
Family: unix Class: patch
Reference(s): USN-930-3
CVE-2010-1121
CVE-2010-1200
CVE-2010-1201
CVE-2010-1202
CVE-2010-1203
CVE-2010-1198
CVE-2010-1196
CVE-2010-1199
CVE-2010-1125
CVE-2010-1197
CVE-2008-5913
Version: 7
Platform(s): Ubuntu 8.04
Product(s): firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13256
 
Oval ID: oval:org.mitre.oval:def:13256
Title: USN-930-5 -- ant, apturl, epiphany-browser, gluezilla, gnome-python-extras, liferea, mozvoikko, openjdk-6, packagekit, ubufox, webfav, yelp update
Description: USN-930-4 fixed vulnerabilities in Firefox and Xulrunner on Ubuntu 9.04 and 9.10. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2. Original advisory details: If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. Ilja van Sprundel discovered that the "Content-Disposition: attachment" HTTP header was ignored when "Content-Type: multipart" was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different web sites. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Firefox interpreted the XUL <tree> element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. O. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. Jordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. Chris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. Soroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains
Family: unix Class: patch
Reference(s): USN-930-5
CVE-2010-1121
CVE-2010-1200
CVE-2010-1201
CVE-2010-1202
CVE-2010-1203
CVE-2010-1198
CVE-2010-1196
CVE-2010-1199
CVE-2010-1125
CVE-2010-1197
CVE-2008-5913
CVE-2010-1208
CVE-2010-1209
CVE-2010-1211
CVE-2010-1212
CVE-2010-1214
CVE-2010-1215
CVE-2010-2752
CVE-2010-2753
CVE-2010-1205
CVE-2010-1213
CVE-2010-1207
CVE-2010-1210
CVE-2010-1206
CVE-2010-2751
CVE-2010-0654
CVE-2010-2754
Version: 7
Platform(s): Ubuntu 9.04
Ubuntu 9.10
Product(s): ant
apturl
epiphany-browser
gluezilla
gnome-python-extras
liferea
mozvoikko
openjdk-6
packagekit
ubufox
webfav
yelp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13287
 
Oval ID: oval:org.mitre.oval:def:13287
Title: Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node.
Description: Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1199
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Thunderbird
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13333
 
Oval ID: oval:org.mitre.oval:def:13333
Title: DSA-2064-1 xulrunner -- several
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0183 "wushi" discovered that incorrect pointer handling in the frame processing code could lead to the execution of arbitrary code. CVE-2010-1196 "Nils" discovered that an integer overflow in DOM node parsing could lead to the execution of arbitrary code. CVE-2010-1197 Ilja von Sprundel discovered that incorrect parsing of Content-Disposition headers could lead to cross-site scripting. CVE-2010-1198 Microsoft engineers discovered that incorrect memory handling in the interaction of browser plugins could lead to the execution of arbitrary code. CVE-2010-1199 Martin Barbella discovered that an integer overflow in XSLT node parsing could lead to the execution of arbitrary code. CVE-2010-1200 Olli Pettay, Martijn Wargers, Justin Lebar, Jesse Ruderman, Ben Turner, Jonathan Kew and David Humphrey discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2010-1201 "boardraider" and "stedenon" discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2010-1202 Bob Clary, Igor Bukanov, Gary Kwong and Andreas Gal discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. For the stable distribution, these problems have been fixed in version 1.9.0.19-2. For the unstable distribution, these problems have been fixed in version 1.9.1.10-1 For the experimental distribution, these problems have been fixed in version 1.9.2.4-1. We recommend that you upgrade your xulrunner packages.
Family: unix Class: patch
Reference(s): DSA-2064-1
CVE-2010-0183
CVE-2010-1196
CVE-2010-1197
CVE-2010-1198
CVE-2010-1199
CVE-2010-1200
CVE-2010-1201
CVE-2010-1202
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13377
 
Oval ID: oval:org.mitre.oval:def:13377
Title: USN-957-1 -- firefox, firefox-3.0, xulrunner-1.9.2 vulnerabilities
Description: Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Firefox interpreted the XUL <tree> element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. O. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. Jordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. Chris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. Soroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains
Family: unix Class: patch
Reference(s): USN-957-1
CVE-2010-1208
CVE-2010-1209
CVE-2010-1211
CVE-2010-1212
CVE-2010-1214
CVE-2010-1215
CVE-2010-2752
CVE-2010-2753
CVE-2010-1205
CVE-2010-1213
CVE-2010-1207
CVE-2010-1210
CVE-2010-1206
CVE-2010-2751
CVE-2010-0654
CVE-2010-2754
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.04
Product(s): firefox
firefox-3.0
xulrunner-1.9.2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13437
 
Oval ID: oval:org.mitre.oval:def:13437
Title: USN-957-2 -- firefox, firefox-3.0, xulrunner-1.9.2 vulnerability
Description: USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. This update fixes the problem. Original advisory details: Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Firefox interpreted the XUL <tree> element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. O. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. Jordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. Chris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. Soroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains
Family: unix Class: patch
Reference(s): USN-957-2
CVE-2010-1214
CVE-2010-2755
CVE-2010-1208
CVE-2010-1209
CVE-2010-1211
CVE-2010-1212
CVE-2010-1215
CVE-2010-2752
CVE-2010-2753
CVE-2010-1205
CVE-2010-1213
CVE-2010-1207
CVE-2010-1210
CVE-2010-1206
CVE-2010-2751
CVE-2010-0654
CVE-2010-2754
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.04
Product(s): firefox
firefox-3.0
xulrunner-1.9.2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13567
 
Oval ID: oval:org.mitre.oval:def:13567
Title: USN-930-2 -- apturl, epiphany-browser, gecko-sharp, gnome-python-extras, liferea, rhythmbox, totem, ubufox, yelp update
Description: USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2 on Ubuntu 8.04 LTS. Original advisory details: If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. Ilja van Sprundel discovered that the "Content-Disposition: attachment" HTTP header was ignored when "Content-Type: multipart" was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different web sites
Family: unix Class: patch
Reference(s): USN-930-2
CVE-2010-1121
CVE-2010-1200
CVE-2010-1201
CVE-2010-1202
CVE-2010-1203
CVE-2010-1198
CVE-2010-1196
CVE-2010-1199
CVE-2010-1125
CVE-2010-1197
CVE-2008-5913
Version: 7
Platform(s): Ubuntu 8.04
Product(s): apturl
epiphany-browser
gecko-sharp
gnome-python-extras
liferea
rhythmbox
totem
ubufox
yelp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13962
 
Oval ID: oval:org.mitre.oval:def:13962
Title: The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method.
Description: The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1125
Version: 16
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14017
 
Oval ID: oval:org.mitre.oval:def:14017
Title: Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow.
Description: Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1196
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Thunderbird
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14176
 
Oval ID: oval:org.mitre.oval:def:14176
Title: Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances.
Description: Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1198
Version: 16
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14186
 
Oval ID: oval:org.mitre.oval:def:14186
Title: Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document.
Description: Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1197
Version: 16
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14308
 
Oval ID: oval:org.mitre.oval:def:14308
Title: Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description: Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1202
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Thunderbird
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14326
 
Oval ID: oval:org.mitre.oval:def:14326
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1200
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Thunderbird
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21689
 
Oval ID: oval:org.mitre.oval:def:21689
Title: RHSA-2010:0501: firefox security, bug fix, and enhancement update (Critical)
Description: The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp.
Family: unix Class: patch
Reference(s): RHSA-2010:0501-02
CESA-2010:0501
CVE-2008-5913
CVE-2009-5017
CVE-2010-0182
CVE-2010-1121
CVE-2010-1125
CVE-2010-1196
CVE-2010-1197
CVE-2010-1198
CVE-2010-1199
CVE-2010-1200
CVE-2010-1202
CVE-2010-1203
Version: 159
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): devhelp
esc
firefox
gnome-python2-extras
totem
xulrunner
yelp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22242
 
Oval ID: oval:org.mitre.oval:def:22242
Title: RHSA-2010:0545: thunderbird security update (Critical)
Description: dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.
Family: unix Class: patch
Reference(s): RHSA-2010:0545-01
CESA-2010:0545
CVE-2010-0174
CVE-2010-0175
CVE-2010-0176
CVE-2010-0177
CVE-2010-1197
CVE-2010-1198
CVE-2010-1199
CVE-2010-1200
CVE-2010-1205
CVE-2010-1211
CVE-2010-1214
CVE-2010-2753
CVE-2010-2754
Version: 172
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22344
 
Oval ID: oval:org.mitre.oval:def:22344
Title: RHSA-2010:0547: firefox security update (Critical)
Description: dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.
Family: unix Class: patch
Reference(s): RHSA-2010:0547-01
CESA-2010:0547
CVE-2010-0654
CVE-2010-1205
CVE-2010-1206
CVE-2010-1207
CVE-2010-1208
CVE-2010-1209
CVE-2010-1210
CVE-2010-1211
CVE-2010-1212
CVE-2010-1213
CVE-2010-1214
CVE-2010-1215
CVE-2010-2751
CVE-2010-2752
CVE-2010-2753
CVE-2010-2754
Version: 211
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22794
 
Oval ID: oval:org.mitre.oval:def:22794
Title: ELSA-2010:0501: firefox security, bug fix, and enhancement update (Critical)
Description: The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp.
Family: unix Class: patch
Reference(s): ELSA-2010:0501-02
CVE-2008-5913
CVE-2009-5017
CVE-2010-0182
CVE-2010-1121
CVE-2010-1125
CVE-2010-1196
CVE-2010-1197
CVE-2010-1198
CVE-2010-1199
CVE-2010-1200
CVE-2010-1202
CVE-2010-1203
Version: 53
Platform(s): Oracle Linux 5
Product(s): devhelp
esc
firefox
gnome-python2-extras
totem
xulrunner
yelp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23023
 
Oval ID: oval:org.mitre.oval:def:23023
Title: ELSA-2010:0547: firefox security update (Critical)
Description: dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.
Family: unix Class: patch
Reference(s): ELSA-2010:0547-01
CVE-2010-0654
CVE-2010-1205
CVE-2010-1206
CVE-2010-1207
CVE-2010-1208
CVE-2010-1209
CVE-2010-1210
CVE-2010-1211
CVE-2010-1212
CVE-2010-1213
CVE-2010-1214
CVE-2010-1215
CVE-2010-2751
CVE-2010-2752
CVE-2010-2753
CVE-2010-2754
Version: 69
Platform(s): Oracle Linux 5
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23041
 
Oval ID: oval:org.mitre.oval:def:23041
Title: ELSA-2010:0545: thunderbird security update (Critical)
Description: dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.
Family: unix Class: patch
Reference(s): ELSA-2010:0545-01
CVE-2010-0174
CVE-2010-0175
CVE-2010-0176
CVE-2010-0177
CVE-2010-1197
CVE-2010-1198
CVE-2010-1199
CVE-2010-1200
CVE-2010-1205
CVE-2010-1211
CVE-2010-1214
CVE-2010-2753
CVE-2010-2754
Version: 57
Platform(s): Oracle Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27902
 
Oval ID: oval:org.mitre.oval:def:27902
Title: DEPRECATED: ELSA-2010-0501 -- firefox security, bug fix, and enhancement update (critical)
Description: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203) A flaw was found in the way browser plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Firefox. (CVE-2010-1198) Several integer overflow flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1196, CVE-2010-1199) A focus stealing flaw was found in the way Firefox handled focus changes. A malicious website could use this flaw to steal sensitive data from a user, such as usernames and passwords. (CVE-2010-1125) A flaw was found in the way Firefox handled the "Content-Disposition: attachment" HTTP header when the "Content-Type: multipart" HTTP header was also present. A website that allows arbitrary uploads and relies on the "Content-Disposition: attachment" HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A flaw was found in the Firefox Math.random() function. This function could be used to identify a browsing session and track a user across different websites. (CVE-2008-5913) A flaw was found in the Firefox XML document loading security checks. Certain security checks were not being called when an XML document was loaded. This could possibly be leveraged later by an attacker to load certain resources that violate the security policies of the browser or its add-ons. Note that this issue cannot be exploited by only loading an XML document. (CVE-2010-0182)
Family: unix Class: patch
Reference(s): ELSA-2010-0501
CVE-2009-5017
CVE-2010-0182
CVE-2010-1121
CVE-2010-1125
CVE-2010-1196
CVE-2010-1197
CVE-2010-1198
CVE-2010-1199
CVE-2010-1200
CVE-2010-1202
CVE-2010-1203
CVE-2008-5913
Version: 4
Platform(s): Oracle Linux 5
Product(s): devhelp
esc
firefox
gnome-python2-extras
totem
xulrunner
yelp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6844
 
Oval ID: oval:org.mitre.oval:def:6844
Title: Mozilla Firefox DOM Node Moving Use-After-Free Remote Code Execution Vulnerability
Description: Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1121
Version: 11
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8248
 
Oval ID: oval:org.mitre.oval:def:8248
Title: Mozilla Firefox Address Bar Spoofing Vulnerability
Description: The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vectors involving a window.stop call.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1206
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8317
 
Oval ID: oval:org.mitre.oval:def:8317
Title: Mozilla Firefox jstracer.cpp Memory Corruption Vulnerability
Description: The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1203
Version: 11
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 263
Application 2
Application 196
Application 493
Application 567
Application 237
Application 60
Application 116
Application 27
Application 58
Os 93
Os 72
Os 67
Os 1
Os 5
Os 1
Os 2
Os 3
Os 2
Os 4
Os 2

ExploitDB Exploits

id Description
2010-09-25 MOAUB #25 - Mozilla Firefox CSS font-face Remote Code Execution Vulnerability
2010-09-17 MOAUB #17 - Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code ...
2010-09-09 MOAUB #9 - Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability
2010-07-20 libpng <= 1.4.2 Denial of Service Vulnerability

OpenVAS Exploits

Date Description
2011-09-07 Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)
File : nvt/gb_macosx_su10-007.nasl
2011-08-26 Name : Apple iTunes Multiple Vulnerabilities (Mac OS X)
File : nvt/secpod_itunes_mult_vuln_macosx.nasl
2011-08-09 Name : CentOS Update for devhelp CESA-2010:0501 centos5 i386
File : nvt/gb_CESA-2010_0501_devhelp_centos5_i386.nasl
2011-08-09 Name : CentOS Update for libpng CESA-2010:0534 centos5 i386
File : nvt/gb_CESA-2010_0534_libpng_centos5_i386.nasl
2011-08-09 Name : CentOS Update for thunderbird CESA-2010:0545 centos5 i386
File : nvt/gb_CESA-2010_0545_thunderbird_centos5_i386.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2010:0547 centos5 i386
File : nvt/gb_CESA-2010_0547_firefox_centos5_i386.nasl
2011-03-09 Name : Gentoo Security Advisory GLSA 201010-01 (libpng)
File : nvt/glsa_201010_01.nasl
2010-11-17 Name : Debian Security Advisory DSA 2124-1 (xulrunner)
File : nvt/deb_2124_1.nasl
2010-11-16 Name : SuSE Update for MozillaFirefox,seamonkey,MozillaThunderbird SUSE-SA:2010:056
File : nvt/gb_suse_2010_056.nasl
2010-10-19 Name : SuSE Update for MozillaFirefox,MozillaThunderbird,seamonkey SUSE-SA:2010:049
File : nvt/gb_suse_2010_049.nasl
2010-09-14 Name : Mandriva Update for firefox MDVSA-2010:173 (firefox)
File : nvt/gb_mandriva_MDVSA_2010_173.nasl
2010-09-07 Name : Mandriva Update for mozilla-thunderbird MDVSA-2010:169 (mozilla-thunderbird)
File : nvt/gb_mandriva_MDVSA_2010_169.nasl
2010-08-21 Name : Debian Security Advisory DSA 2072-1 (libpng)
File : nvt/deb_2072_1.nasl
2010-08-21 Name : Debian Security Advisory DSA 2075-1 (xulrunner)
File : nvt/deb_2075_1.nasl
2010-08-21 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox48.nasl
2010-08-21 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox49.nasl
2010-08-20 Name : CentOS Update for seamonkey CESA-2010:0499 centos3 i386
File : nvt/gb_CESA-2010_0499_seamonkey_centos3_i386.nasl
2010-08-20 Name : CentOS Update for libpng10 CESA-2010:0534 centos3 i386
File : nvt/gb_CESA-2010_0534_libpng10_centos3_i386.nasl
2010-08-20 Name : CentOS Update for seamonkey CESA-2010:0546 centos3 i386
File : nvt/gb_CESA-2010_0546_seamonkey_centos3_i386.nasl
2010-08-13 Name : Mandriva Update for firefox MDVSA-2010:147 (firefox)
File : nvt/gb_mandriva_MDVSA_2010_147.nasl
2010-08-06 Name : SuSE Update for MozillaFirefox,MozillaThunderbird,seamonkey SUSE-SA:2010:032
File : nvt/gb_suse_2010_032.nasl
2010-07-30 Name : Fedora Update for mingw32-libpng FEDORA-2010-10776
File : nvt/gb_fedora_2010_10776_mingw32-libpng_fc12.nasl
2010-07-30 Name : Fedora Update for mingw32-libpng FEDORA-2010-10793
File : nvt/gb_fedora_2010_10793_mingw32-libpng_fc13.nasl
2010-07-30 Name : Ubuntu Update for Firefox and Xulrunner vulnerability USN-930-6
File : nvt/gb_ubuntu_USN_930_6.nasl
2010-07-30 Name : Ubuntu Update for Firefox and Xulrunner vulnerability USN-957-2
File : nvt/gb_ubuntu_USN_957_2.nasl
2010-07-30 Name : Ubuntu Update for thunderbird vulnerabilities USN-958-1
File : nvt/gb_ubuntu_USN_958_1.nasl
2010-07-26 Name : Mozilla Products Multiple Vulnerabilitie july-10 (Windows)
File : nvt/gb_mozilla_prdts_mult_vuln_win01_jul10.nasl
2010-07-26 Name : Mozilla Products Multiple Vulnerabilitie jul-10 (Win)
File : nvt/gb_mozilla_prdts_mult_vuln_win02_jul10.nasl
2010-07-26 Name : Mozilla Products Multiple Vulnerabilities jul-10 (Windows)
File : nvt/gb_mozilla_prdts_mult_vuln_win_jul10.nasl
2010-07-26 Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-930-4
File : nvt/gb_ubuntu_USN_930_4.nasl
2010-07-26 Name : Ubuntu Update USN-930-5
File : nvt/gb_ubuntu_USN_930_5.nasl
2010-07-26 Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-957-1
File : nvt/gb_ubuntu_USN_957_1.nasl
2010-07-23 Name : RedHat Update for thunderbird RHSA-2010:0544-01
File : nvt/gb_RHSA-2010_0544-01_thunderbird.nasl
2010-07-23 Name : RedHat Update for seamonkey RHSA-2010:0546-01
File : nvt/gb_RHSA-2010_0546-01_seamonkey.nasl
2010-07-23 Name : RedHat Update for firefox RHSA-2010:0547-01
File : nvt/gb_RHSA-2010_0547-01_firefox.nasl
2010-07-23 Name : Fedora Update for libpng10 FEDORA-2010-10823
File : nvt/gb_fedora_2010_10823_libpng10_fc13.nasl
2010-07-23 Name : Fedora Update for libpng10 FEDORA-2010-10833
File : nvt/gb_fedora_2010_10833_libpng10_fc12.nasl
2010-07-23 Name : Fedora Update for seamonkey FEDORA-2010-11327
File : nvt/gb_fedora_2010_11327_seamonkey_fc13.nasl
2010-07-23 Name : Fedora Update for firefox FEDORA-2010-11345
File : nvt/gb_fedora_2010_11345_firefox_fc13.nasl
2010-07-23 Name : Fedora Update for galeon FEDORA-2010-11345
File : nvt/gb_fedora_2010_11345_galeon_fc13.nasl
2010-07-23 Name : Fedora Update for gnome-python2-extras FEDORA-2010-11345
File : nvt/gb_fedora_2010_11345_gnome-python2-extras_fc13.nasl
2010-07-23 Name : Fedora Update for gnome-web-photo FEDORA-2010-11345
File : nvt/gb_fedora_2010_11345_gnome-web-photo_fc13.nasl
2010-07-23 Name : Fedora Update for mozvoikko FEDORA-2010-11345
File : nvt/gb_fedora_2010_11345_mozvoikko_fc13.nasl
2010-07-23 Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-11345
File : nvt/gb_fedora_2010_11345_perl-Gtk2-MozEmbed_fc13.nasl
2010-07-23 Name : Fedora Update for xulrunner FEDORA-2010-11345
File : nvt/gb_fedora_2010_11345_xulrunner_fc13.nasl
2010-07-23 Name : Fedora Update for sunbird FEDORA-2010-11361
File : nvt/gb_fedora_2010_11361_sunbird_fc12.nasl
2010-07-23 Name : Fedora Update for thunderbird FEDORA-2010-11361
File : nvt/gb_fedora_2010_11361_thunderbird_fc12.nasl
2010-07-23 Name : Fedora Update for seamonkey FEDORA-2010-11363
File : nvt/gb_fedora_2010_11363_seamonkey_fc12.nasl
2010-07-23 Name : Fedora Update for firefox FEDORA-2010-11375
File : nvt/gb_fedora_2010_11375_firefox_fc12.nasl
2010-07-23 Name : Fedora Update for galeon FEDORA-2010-11375
File : nvt/gb_fedora_2010_11375_galeon_fc12.nasl
2010-07-23 Name : Fedora Update for gnome-python2-extras FEDORA-2010-11375
File : nvt/gb_fedora_2010_11375_gnome-python2-extras_fc12.nasl
2010-07-23 Name : Fedora Update for gnome-web-photo FEDORA-2010-11375
File : nvt/gb_fedora_2010_11375_gnome-web-photo_fc12.nasl
2010-07-23 Name : Fedora Update for mozvoikko FEDORA-2010-11375
File : nvt/gb_fedora_2010_11375_mozvoikko_fc12.nasl
2010-07-23 Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-11375
File : nvt/gb_fedora_2010_11375_perl-Gtk2-MozEmbed_fc12.nasl
2010-07-23 Name : Fedora Update for xulrunner FEDORA-2010-11375
File : nvt/gb_fedora_2010_11375_xulrunner_fc12.nasl
2010-07-23 Name : Fedora Update for sunbird FEDORA-2010-11379
File : nvt/gb_fedora_2010_11379_sunbird_fc13.nasl
2010-07-23 Name : Fedora Update for thunderbird FEDORA-2010-11379
File : nvt/gb_fedora_2010_11379_thunderbird_fc13.nasl
2010-07-23 Name : SuSE Update for MozillaFirefox,mozilla-xulrunner191 SUSE-SA:2010:030
File : nvt/gb_suse_2010_030.nasl
2010-07-16 Name : RedHat Update for libpng RHSA-2010:0534-01
File : nvt/gb_RHSA-2010_0534-01_libpng.nasl
2010-07-16 Name : Mandriva Update for libpng MDVSA-2010:133 (libpng)
File : nvt/gb_mandriva_MDVSA_2010_133.nasl
2010-07-12 Name : Ubuntu Update for thunderbird vulnerabilities USN-943-1
File : nvt/gb_ubuntu_USN_943_1.nasl
2010-07-12 Name : Ubuntu Update for libpng vulnerabilities USN-960-1
File : nvt/gb_ubuntu_USN_960_1.nasl
2010-07-06 Name : Debian Security Advisory DSA 2064-1 (xulrunner)
File : nvt/deb_2064_1.nasl
2010-07-06 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox47.nasl
2010-07-06 Name : FreeBSD Ports: png
File : nvt/freebsd_png4.nasl
2010-07-06 Name : Fedora Update for libpng FEDORA-2010-10592
File : nvt/gb_fedora_2010_10592_libpng_fc12.nasl
2010-07-02 Name : Fedora Update for libpng FEDORA-2010-10557
File : nvt/gb_fedora_2010_10557_libpng_fc13.nasl
2010-07-02 Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-930-1
File : nvt/gb_ubuntu_USN_930_1.nasl
2010-07-02 Name : Ubuntu Update for apturl, Epiphany, gecko-sharp, gnome-python-extras, liferea...
File : nvt/gb_ubuntu_USN_930_2.nasl
2010-07-02 Name : Ubuntu Update for firefox regression USN-930-3
File : nvt/gb_ubuntu_USN_930_3.nasl
2010-07-02 Name : Mozilla Firefox Address Bar Spoofing Vulnerability june-10 (Win)
File : nvt/secpod_mozilla_firefox_spoofing_vuln_win_jun10.nasl
2010-07-01 Name : Mozilla Firefox Multiple Unspecified Vulnerabilities june-10 (Win)
File : nvt/secpod_mozilla_firefox_mult_unspecified_vuln_win.nasl
2010-07-01 Name : Mozilla Products Firefox/Seamonkey Multiple Vulnerabilities june-10 (Win)
File : nvt/secpod_mozilla_prdts_mult_vuln_win01_jun10.nasl
2010-07-01 Name : Mozilla Products Multiple Vulnerabilities june-10 (Windows)
File : nvt/secpod_mozilla_prdts_mult_vuln_win_jun10.nasl
2010-07-01 Name : Mozilla Products Unspecified Vulnerability june-10 (Win)
File : nvt/secpod_mozilla_prdts_unspecified_vuln_win_jun10.nasl
2010-06-28 Name : RedHat Update for seamonkey RHSA-2010:0499-01
File : nvt/gb_RHSA-2010_0499-01_seamonkey.nasl
2010-06-28 Name : RedHat Update for firefox RHSA-2010:0501-01
File : nvt/gb_RHSA-2010_0501-01_firefox.nasl
2010-06-25 Name : RedHat Update for firefox RHSA-2010:0500-01
File : nvt/gb_RHSA-2010_0500-01_firefox.nasl
2010-06-25 Name : Fedora Update for seamonkey FEDORA-2010-10329
File : nvt/gb_fedora_2010_10329_seamonkey_fc12.nasl
2010-06-25 Name : Fedora Update for firefox FEDORA-2010-10344
File : nvt/gb_fedora_2010_10344_firefox_fc12.nasl
2010-06-25 Name : Fedora Update for galeon FEDORA-2010-10344
File : nvt/gb_fedora_2010_10344_galeon_fc12.nasl
2010-06-25 Name : Fedora Update for gnome-python2-extras FEDORA-2010-10344
File : nvt/gb_fedora_2010_10344_gnome-python2-extras_fc12.nasl
2010-06-25 Name : Fedora Update for gnome-web-photo FEDORA-2010-10344
File : nvt/gb_fedora_2010_10344_gnome-web-photo_fc12.nasl
2010-06-25 Name : Fedora Update for mozvoikko FEDORA-2010-10344
File : nvt/gb_fedora_2010_10344_mozvoikko_fc12.nasl
2010-06-25 Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-10344
File : nvt/gb_fedora_2010_10344_perl-Gtk2-MozEmbed_fc12.nasl
2010-06-25 Name : Fedora Update for xulrunner FEDORA-2010-10344
File : nvt/gb_fedora_2010_10344_xulrunner_fc12.nasl
2010-06-25 Name : Fedora Update for firefox FEDORA-2010-10361
File : nvt/gb_fedora_2010_10361_firefox_fc13.nasl
2010-06-25 Name : Fedora Update for galeon FEDORA-2010-10361
File : nvt/gb_fedora_2010_10361_galeon_fc13.nasl
2010-06-25 Name : Fedora Update for gnome-python2-extras FEDORA-2010-10361
File : nvt/gb_fedora_2010_10361_gnome-python2-extras_fc13.nasl
2010-06-25 Name : Fedora Update for gnome-web-photo FEDORA-2010-10361
File : nvt/gb_fedora_2010_10361_gnome-web-photo_fc13.nasl
2010-06-25 Name : Fedora Update for mozvoikko FEDORA-2010-10361
File : nvt/gb_fedora_2010_10361_mozvoikko_fc13.nasl
2010-06-25 Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-10361
File : nvt/gb_fedora_2010_10361_perl-Gtk2-MozEmbed_fc13.nasl
2010-06-25 Name : Fedora Update for xulrunner FEDORA-2010-10361
File : nvt/gb_fedora_2010_10361_xulrunner_fc13.nasl
2010-06-25 Name : Fedora Update for seamonkey FEDORA-2010-10363
File : nvt/gb_fedora_2010_10363_seamonkey_fc13.nasl
2010-06-25 Name : Mandriva Update for firefox MDVSA-2010:125 (firefox)
File : nvt/gb_mandriva_MDVSA_2010_125.nasl
2010-06-25 Name : Mandriva Update for mozilla-thunderbird MDVSA-2010:126 (mozilla-thunderbird)
File : nvt/gb_mandriva_MDVSA_2010_126.nasl
2010-04-30 Name : Mandriva Update for gdm MDVA-2010:133 (gdm)
File : nvt/gb_mandriva_MDVA_2010_133.nasl
2010-04-29 Name : Mandriva Update for ldetect-lst MDVA-2010:125 (ldetect-lst)
File : nvt/gb_mandriva_MDVA_2010_125.nasl
2010-04-29 Name : Mandriva Update for totem MDVA-2010:126 (totem)
File : nvt/gb_mandriva_MDVA_2010_126.nasl
2010-04-21 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox46.nasl
2010-03-30 Name : Mozilla Firefox 'JavaScript' Security Bypass Vulnerability
File : nvt/secpod_firefox_javascript_sec_bypass_vuln_win.nasl
2010-02-22 Name : Firefox Multiple Vulnerabilities Feb-10 (Linux)
File : nvt/secpod_firefox_mult_vuln_feb10_lin.nasl
2010-02-22 Name : Firefox Multiple Vulnerabilities Feb-10 (Win)
File : nvt/secpod_firefox_mult_vuln_feb10_win.nasl
2009-01-28 Name : Firefox Information Disclosure Vulnerability Jan09 (Win)
File : nvt/secpod_firefox_js_info_disc_vuln_win.nasl
0000-00-00 Name : Slackware Advisory SSA:2010-180-01 libpng
File : nvt/esoft_slk_ssa_2010_180_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
66605 Mozilla Multiple Products Unspecified Memory Corruption (2010-1211)

66604 Mozilla Multiple Products Browser Engine js/src/jstracer.cpp Memory Corruptio...

66603 Mozilla Multiple Products SJOW Arbitrary Javascript Execution

66602 Mozilla Multiple Products nsCSSValue::Array Overflow

66601 Mozilla Multiple Products nsTreeSelection Selection Range Calculation Overflow

66600 Mozilla Multiple Products PNG File Handling Overflow

66599 Mozilla Multiple Products importScripts Web Worker Method Cross-origin Data D...

66598 Mozilla Multiple Products Canvas Context Same-Origin Bypass

66597 Mozilla Multiple Products intl/uconv/util/nsUnicodeDecodeHelper.cpp 8-bit Cha...

66596 Mozilla Multiple Products CSS Selector Cross-Domain Information Disclosure

66595 Mozilla Multiple Products Script Error Cross-origin Data Leakage

66594 Mozilla Multiple Browsers EnsureCachedAttrParamArrays Overflow

66593 Mozilla Multiple Browsers DOM Attribute Cloning Arbitrary Code Execution

66592 Mozilla Multiple Browsers NodeIterator Interface Javascript Callback Use-Afte...

66591 Mozilla Multiple Browsers HTTP 204 Location Bar Spoofing

66590 Mozilla Multiple Browsers docshell/base/nsDocShell.cpp nsDocShell::OnRedirect...

65852 libpng pngpread.c PNG Image Data Height Overflow

65752 Mozilla Multiple Products JavaScript Engine Unspecified Remote DoS (2010-1203)

65751 Mozilla Multiple Products JavaScript Engine Unspecified Remote DoS (2010-1202)

65750 Mozilla Multiple Products Browser Engine Unspecified Remote DoS (2010-1201)

65749 Mozilla Multiple Products Browser Engine Unspecified Remote DoS (2010-1200)

65744 Mozilla Multiple Products XSLT Node Sorting Implementation Node Text Value Ov...

65742 Mozilla Multiple Products Multiple Plugin Instances Use-after-free Arbitrary ...

65739 Mozilla Multiple Products Content-Disposition: attachment / Content-Type: mul...

65736 Mozilla Firefox browser/base/content/browser.js startDocumentLoad Function Sa...

65735 Mozilla Multiple Products nsGenericDOMDataNode::SetTextInternal function DOM ...

63479 Mozilla Firefox JavaScript Implementation Hidden Frame Form Field Clickjacking

63457 Mozilla Firefox Cross Document DOM Node Moving Arbitrary Code Execution (PWN2...

62464 Mozilla Firefox CSS Stylesheet Cross-origin Information Disclosure

53341 Mozilla Firefox JavaScript Implementation Web Site Temporary Footprint Spoofi...

Snort® IPS/IDS

Date Description
2019-12-24 Mutiple products libpng extra row heap overflow attempt
RuleID : 52307 - Revision : 1 - Type : FILE-IMAGE
2019-12-24 Mutiple products libpng extra row heap overflow attempt
RuleID : 52306 - Revision : 1 - Type : FILE-IMAGE
2014-05-08 Mozilla Firefox nsTreeRange Use After Free attempt
RuleID : 30486 - Revision : 2 - Type : BROWSER-FIREFOX
2014-05-08 Mozilla Firefox nsTreeRange Use After Free attempt
RuleID : 30485 - Revision : 2 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Products nsCSSValue Array Index Integer Overflow
RuleID : 19321 - Revision : 11 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla EnsureCachedAttrParamArrays integer overflow attempt
RuleID : 18809 - Revision : 13 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

Date Description
2014-12-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-08.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-11.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaFirefox-100727.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaFirefox-100916.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaThunderbird-100721.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaThunderbird-100916.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaThunderbird-101021.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_mozilla-xulrunner191-100722.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_mozilla-xulrunner191-100917.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_seamonkey-100721.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_seamonkey-100917.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_seamonkey-101021.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0499.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0500.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0501.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0534.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0544.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0546.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0547.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0680.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0681.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0682.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0545.nasl - Type : ACT_GATHER_INFO
2013-01-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20100622_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100622_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100622_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100714_libpng_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100720_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100720_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20100720_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20100720_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2011-08-11 Name : The remote Windows host has an application that is affected by multiple vulne...
File : blackberry_es_png_kb27244.nasl - Type : ACT_GATHER_INFO
2011-04-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0681.nasl - Type : ACT_GATHER_INFO
2011-03-10 Name : The remote host contains a web browser that is affected by several vulnerabil...
File : safari_5_0_4.nasl - Type : ACT_GATHER_INFO
2011-03-03 Name : The remote host contains an application that has multiple vulnerabilities.
File : itunes_10_2.nasl - Type : ACT_GATHER_INFO
2011-03-03 Name : The remote host contains a multimedia application that has multiple vulnerabi...
File : itunes_10_2_banner.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-100628.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-100722.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-100921.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libpng-devel-100901.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO
2010-11-10 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO
2010-11-10 Name : The remote host is missing a Mac OS X update that fixes security issues.
File : macosx_SecUpd2010-007.nasl - Type : ACT_GATHER_INFO
2010-11-05 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-7208.nasl - Type : ACT_GATHER_INFO
2010-11-03 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2124.nasl - Type : ACT_GATHER_INFO
2010-11-03 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO
2010-11-03 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaThunderbird-101021.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_seamonkey-101021.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaThunderbird-101022.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_seamonkey-101021.nasl - Type : ACT_GATHER_INFO
2010-10-12 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaThunderbird-100916.nasl - Type : ACT_GATHER_INFO
2010-10-12 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_mozilla-xulrunner191-100917.nasl - Type : ACT_GATHER_INFO
2010-10-12 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaThunderbird-100917.nasl - Type : ACT_GATHER_INFO
2010-10-12 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_mozilla-xulrunner191-100917.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-7083.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-7101.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libpng-7144.nasl - Type : ACT_GATHER_INFO
2010-10-06 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201010-01.nasl - Type : ACT_GATHER_INFO
2010-09-20 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-100916.nasl - Type : ACT_GATHER_INFO
2010-09-20 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_seamonkey-100917.nasl - Type : ACT_GATHER_INFO
2010-09-20 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaFirefox-100916.nasl - Type : ACT_GATHER_INFO
2010-09-20 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_seamonkey-100917.nasl - Type : ACT_GATHER_INFO
2010-09-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0680.nasl - Type : ACT_GATHER_INFO
2010-09-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0681.nasl - Type : ACT_GATHER_INFO
2010-09-12 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0682.nasl - Type : ACT_GATHER_INFO
2010-09-12 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-173.nasl - Type : ACT_GATHER_INFO
2010-09-12 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12642.nasl - Type : ACT_GATHER_INFO
2010-09-12 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libpng-devel-100901.nasl - Type : ACT_GATHER_INFO
2010-09-12 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libpng-devel-100901.nasl - Type : ACT_GATHER_INFO
2010-09-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-975-1.nasl - Type : ACT_GATHER_INFO
2010-09-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-978-1.nasl - Type : ACT_GATHER_INFO
2010-09-08 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_369.nasl - Type : ACT_GATHER_INFO
2010-09-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0680.nasl - Type : ACT_GATHER_INFO
2010-09-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0682.nasl - Type : ACT_GATHER_INFO
2010-09-03 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-169.nasl - Type : ACT_GATHER_INFO
2010-08-24 Name : The remote host is missing a Mac OS X update that fixes security issues.
File : macosx_SecUpd2010-005.nasl - Type : ACT_GATHER_INFO
2010-08-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0546.nasl - Type : ACT_GATHER_INFO
2010-08-12 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-147.nasl - Type : ACT_GATHER_INFO
2010-08-09 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0500.nasl - Type : ACT_GATHER_INFO
2010-08-09 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0544.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-133.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-100722.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaFirefox-100722.nasl - Type : ACT_GATHER_INFO
2010-07-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2075.nasl - Type : ACT_GATHER_INFO
2010-07-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0534.nasl - Type : ACT_GATHER_INFO
2010-07-28 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0544.nasl - Type : ACT_GATHER_INFO
2010-07-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0546.nasl - Type : ACT_GATHER_INFO
2010-07-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0547.nasl - Type : ACT_GATHER_INFO
2010-07-28 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaThunderbird-100721.nasl - Type : ACT_GATHER_INFO
2010-07-27 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10776.nasl - Type : ACT_GATHER_INFO
2010-07-27 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10793.nasl - Type : ACT_GATHER_INFO
2010-07-27 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_seamonkey-100721.nasl - Type : ACT_GATHER_INFO
2010-07-27 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-930-6.nasl - Type : ACT_GATHER_INFO
2010-07-27 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-957-2.nasl - Type : ACT_GATHER_INFO
2010-07-27 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-958-1.nasl - Type : ACT_GATHER_INFO
2010-07-26 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-930-4.nasl - Type : ACT_GATHER_INFO
2010-07-26 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-930-5.nasl - Type : ACT_GATHER_INFO
2010-07-26 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-957-1.nasl - Type : ACT_GATHER_INFO
2010-07-23 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0545.nasl - Type : ACT_GATHER_INFO
2010-07-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0547.nasl - Type : ACT_GATHER_INFO
2010-07-23 Name : The remote Fedora host is missing a security update.
File : fedora_2010-11327.nasl - Type : ACT_GATHER_INFO
2010-07-23 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-11345.nasl - Type : ACT_GATHER_INFO
2010-07-23 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-11361.nasl - Type : ACT_GATHER_INFO
2010-07-23 Name : The remote Fedora host is missing a security update.
File : fedora_2010-11363.nasl - Type : ACT_GATHER_INFO
2010-07-23 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-11375.nasl - Type : ACT_GATHER_INFO
2010-07-23 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-11379.nasl - Type : ACT_GATHER_INFO
2010-07-22 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0499.nasl - Type : ACT_GATHER_INFO
2010-07-22 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_8c2ea875949911df8e32000f20797ede.nasl - Type : ACT_GATHER_INFO
2010-07-22 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_3511.nasl - Type : ACT_GATHER_INFO
2010-07-22 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_367.nasl - Type : ACT_GATHER_INFO
2010-07-21 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2072.nasl - Type : ACT_GATHER_INFO
2010-07-21 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10823.nasl - Type : ACT_GATHER_INFO
2010-07-21 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10833.nasl - Type : ACT_GATHER_INFO
2010-07-21 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_306.nasl - Type : ACT_GATHER_INFO
2010-07-21 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_311.nasl - Type : ACT_GATHER_INFO
2010-07-21 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : seamonkey_206.nasl - Type : ACT_GATHER_INFO
2010-07-16 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0534.nasl - Type : ACT_GATHER_INFO
2010-07-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaFirefox-100625.nasl - Type : ACT_GATHER_INFO
2010-07-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-100628.nasl - Type : ACT_GATHER_INFO
2010-07-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaFirefox-100625.nasl - Type : ACT_GATHER_INFO
2010-07-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-960-1.nasl - Type : ACT_GATHER_INFO
2010-07-07 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-943-1.nasl - Type : ACT_GATHER_INFO
2010-07-06 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10592.nasl - Type : ACT_GATHER_INFO
2010-07-02 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10557.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-180-01.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10329.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-10344.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-10361.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10363.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-6204.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-930-3.nasl - Type : ACT_GATHER_INFO
2010-06-30 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-930-1.nasl - Type : ACT_GATHER_INFO
2010-06-30 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-930-2.nasl - Type : ACT_GATHER_INFO
2010-06-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2064.nasl - Type : ACT_GATHER_INFO
2010-06-29 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_edef3f2f82cf11dfbcce0018f3e2eb82.nasl - Type : ACT_GATHER_INFO
2010-06-25 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0501.nasl - Type : ACT_GATHER_INFO
2010-06-25 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_99858b7c7ece11dfa007000f20797ede.nasl - Type : ACT_GATHER_INFO
2010-06-25 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-125.nasl - Type : ACT_GATHER_INFO
2010-06-25 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-126.nasl - Type : ACT_GATHER_INFO
2010-06-23 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_3510.nasl - Type : ACT_GATHER_INFO
2010-06-23 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_364.nasl - Type : ACT_GATHER_INFO
2010-06-23 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_305.nasl - Type : ACT_GATHER_INFO
2010-06-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0499.nasl - Type : ACT_GATHER_INFO
2010-06-23 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0500.nasl - Type : ACT_GATHER_INFO
2010-06-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0501.nasl - Type : ACT_GATHER_INFO
2010-06-23 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : seamonkey_205.nasl - Type : ACT_GATHER_INFO
2010-04-09 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_ec8f449f40ed11df9edc000f20797ede.nasl - Type : ACT_GATHER_INFO
2010-04-02 Name : The remote Windows host contains a web browser that is affected by a remote c...
File : mozilla_firefox_363.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:06:47
  • Multiple Updates