Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Firefox and Xulrunner vulnerability
Informations
Name USN-957-2 First vendor Publication 2010-07-26
Vendor Ubuntu Last vendor Modification 2010-07-26
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS:
firefox-3.0 3.6.8+build1+nobinonly-0ubuntu0.8.04.1
xulrunner-1.9.2 1.9.2.8+build1+nobinonly-0ubuntu0.8.04.1

Ubuntu 10.04 LTS:
abrowser 3.6.8+build1+nobinonly-0ubuntu0.10.04.1
firefox 3.6.8+build1+nobinonly-0ubuntu0.10.04.1
xulrunner-1.9.2 1.9.2.8+build1+nobinonly-0ubuntu0.10.04.1

After a standard system update you need to restart Firefox to make all the necessary changes.

Details follow:

USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. (CVE-2010-2755)

This update fixes the problem.

Original advisory details:

Several flaws were discovered in the browser engine of Firefox. If a user
were tricked into viewing a malicious site, a remote attacker could use
this to crash the browser or possibly run arbitrary code as the user
invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211,
CVE-2010-1212)

An integer overflow was discovered in how Firefox processed plugin
parameters. An attacker could exploit this to crash the browser or possibly
run arbitrary code as the user invoking the program. (CVE-2010-1214)

A flaw was discovered in the Firefox JavaScript engine. If a user were
tricked into viewing a malicious site, a remote attacker code execute
arbitrary JavaScript with chrome privileges. (CVE-2010-1215)

An integer overflow was discovered in how Firefox processed CSS values. An
attacker could exploit this to crash the browser or possibly run arbitrary
code as the user invoking the program. (CVE-2010-2752)

An integer overflow was discovered in how Firefox interpreted the XUL
element. If a user were tricked into viewing a malicious site, a
remote attacker could use this to crash the browser or possibly run
arbitrary code as the user invoking the program. (CVE-2010-2753)

Aki Helin discovered that libpng did not properly handle certain malformed
PNG images. If a user were tricked into opening a crafted PNG file, an
attacker could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2010-1205)

Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin
check in Firefox could be bypassed by utilizing the importScripts Web
Worker method. If a user were tricked into viewing a malicious website, an
attacker could exploit this to read data from other domains.
(CVE-2010-1213, CVE-2010-1207)

O. Andersen that Firefox did not properly map undefined positions within
certain 8 bit encodings. An attacker could utilize this to perform
cross-site scripting attacks. (CVE-2010-1210)

Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no
content) code. An attacker could exploit this to spoof the location bar,
such as in a phishing attack. (CVE-2010-1206)

Jordi Chancel discovered that Firefox did not properly handle when a server
responds to an HTTPS request with plaintext and then processes JavaScript
history events. An attacker could exploit this to spoof the location bar,
such as in a phishing attack. (CVE-2010-2751)

Chris Evans discovered that Firefox did not properly process improper CSS
selectors. If a user were tricked into viewing a malicious website, an
attacker could exploit this to read data from other domains.
(CVE-2010-0654)

Soroush Dalili discovered that Firefox did not properly handle script error
output. An attacker could use this to access URL parameters from other
domains. (CVE-2010-2754)

Original Source

Url : http://www.ubuntu.com/usn/USN-957-2

CWE : Common Weakness Enumeration

% Id Name
18 % CWE-264 Permissions, Privileges, and Access Controls
12 % CWE-416 Use After Free
12 % CWE-399 Resource Management Errors
12 % CWE-200 Information Exposure
12 % CWE-189 Numeric Errors (CWE/SANS Top 25)
12 % CWE-20 Improper Input Validation
6 % CWE-190 Integer Overflow or Wraparound (CWE/SANS Top 25)
6 % CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25)
6 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
6 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10958
 
Oval ID: oval:org.mitre.oval:def:10958
Title: Mozilla Firefox, Thunderbird, and SeaMonkey 'nsTreeSelection' Remote Code Execution Vulnerability
Description: Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2753
Version: 25
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11055
 
Oval ID: oval:org.mitre.oval:def:11055
Title: Mozilla Firefox and SeaMonkey 'NodeIterator' Use-after-free Vulnerability
Description: Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and a javascript callback.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1209
Version: 21
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11527
 
Oval ID: oval:org.mitre.oval:def:11527
Title: Mozilla Firefox and Thunderbird Arbitrary code execution using SJOW and fast native function
Description: Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "access to an object from the chrome scope."
Family: windows Class: vulnerability
Reference(s): CVE-2010-1215
Version: 18
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11531
 
Oval ID: oval:org.mitre.oval:def:11531
Title: DSA-2075 xulrunner -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: Wladimir Palant discovered that security checks in XML processing were insufficiently enforced. Chris Evans discovered that insecure CSS handling could lead to reading data across domain boundaries. Aki Helin discovered a buffer overflow in the internal copy of libpng, which could lead to the execution of arbitrary code. "regenrecht" discovered that incorrect memory handling in DOM parsing could lead to the execution of arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert discovered crashes in the layout engine, which might allow the execution of arbitrary code. "JS3" discovered an integer overflow in the plugin code, which could lead to the execution of arbitrary code. Jordi Chancel discovered that the location could be spoofed to appear like a secured page. "regenrecht" discovered that incorrect memory handling in XUL parsing could lead to the execution of arbitrary code. Soroush Dalili discovered an information leak in script processing.
Family: unix Class: patch
Reference(s): DSA-2075
CVE-2010-0182
CVE-2010-0654
CVE-2010-1205
CVE-2010-1208
CVE-2010-1211
CVE-2010-1214
CVE-2010-2751
CVE-2010-2753
CVE-2010-2754
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11552
 
Oval ID: oval:org.mitre.oval:def:11552
Title: Mozilla Firefox/Thunderbird/SeaMonkey Memory Corruption Vulnerability
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1211
Version: 25
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11680
 
Oval ID: oval:org.mitre.oval:def:11680
Title: Mozilla Firefox, Thunderbird and SeaMonkey CSS Values Integer Overflow Vulnerability
Description: Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2752
Version: 25
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11685
 
Oval ID: oval:org.mitre.oval:def:11685
Title: Mozilla Firefox and SeaMonkey Plugin Parameter 'EnsureCachedAttrParamArrays' Remote Code Execution Vulnerability
Description: Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1214
Version: 20
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11688
 
Oval ID: oval:org.mitre.oval:def:11688
Title: Mozilla Firefox and SeaMonkey Location Bar Spoofing Vulnerability
Description: The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and the history.back and history.forward JavaScript functions.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2751
Version: 20
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11740
 
Oval ID: oval:org.mitre.oval:def:11740
Title: Mozilla Firefox and SeaMonkey DOM Attribute Cloning Remote Code Execution Vulnerability
Description: Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1208
Version: 20
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11770
 
Oval ID: oval:org.mitre.oval:def:11770
Title: Mozilla Firefox, Thunderbird, and SeaMonkey Cross-origin data leakage from script filename in error messages
Description: dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2754
Version: 25
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11771
 
Oval ID: oval:org.mitre.oval:def:11771
Title: Mozilla Firefox/Thunderbird/SeaMonkey Memory Corruption Vulnerability
Description: js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) propagation of deep aborts in the TraceRecorder::record_JSOP_BINDNAME function, (2) depth handling in the TraceRecorder::record_JSOP_GETELEM function, and (3) tracing of out-of-range arguments in the TraceRecorder::record_JSOP_ARGSUB function.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1212
Version: 23
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11811
 
Oval ID: oval:org.mitre.oval:def:11811
Title: Mozilla Firefox, Thunderbird and SeaMonkey Cross-domain Data Theft Using CSS Vulnerability
Description: Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.
Family: windows Class: vulnerability
Reference(s): CVE-2010-0654
Version: 25
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11835
 
Oval ID: oval:org.mitre.oval:def:11835
Title: Mozilla Firefox/Thunderbird/SeaMonkey Cross-origin data disclosure via Web Workers and importScripts
Description: The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1213
Version: 25
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11851
 
Oval ID: oval:org.mitre.oval:def:11851
Title: Mozilla Firefox/Thunderbird/SeaMonkey 'libpng' Buffer Overflow Vulnerability
Description: Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1205
Version: 25
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11863
 
Oval ID: oval:org.mitre.oval:def:11863
Title: Mozilla Firefox and Thunderbird Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish
Description: intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted 8-bit text.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1210
Version: 18
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11887
 
Oval ID: oval:org.mitre.oval:def:11887
Title: Mozilla Firefox and Thunderbird Same-origin Bypass Using Canvas Context Vulnerability
Description: Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote attackers to obtain sensitive cross-origin information via vectors involving reference retention and node deletion.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1207
Version: 18
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11961
 
Oval ID: oval:org.mitre.oval:def:11961
Title: Mozilla Firefox Plugin Parameter Reference Remote Code Execution Vulnerability
Description: layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2755
Version: 11
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13110
 
Oval ID: oval:org.mitre.oval:def:13110
Title: USN-958-1 -- thunderbird vulnerabilities
Description: Several flaws were discovered in the browser engine of Thunderbird. If a user were tricked into viewing malicious content, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Thunderbird processed CSS values. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Thunderbird interpreted the XUL element. If a user were tricked into viewing malicious content, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Yosuke Hasegawa discovered that the same-origin check in Thunderbird could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing malicious content, an attacker could exploit this to read data from other domains. Chris Evans discovered that Thunderbird did not properly process improper CSS selectors. If a user were tricked into viewing malicious content, an attacker could exploit this to read data from other domains. Soroush Dalili discovered that Thunderbird did not properly handle script error output. An attacker could use this to access URL parameters from other domains
Family: unix Class: patch
Reference(s): USN-958-1
CVE-2010-1211
CVE-2010-1212
CVE-2010-2752
CVE-2010-2753
CVE-2010-1205
CVE-2010-1213
CVE-2010-0654
CVE-2010-2754
Version: 5
Platform(s): Ubuntu 10.04
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13136
 
Oval ID: oval:org.mitre.oval:def:13136
Title: DSA-2075-1 xulrunner -- several
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0182 Wladimir Palant discovered that security checks in XML processing were insufficiently enforced. CVE-2010-0654 Chris Evans discovered that insecure CSS handling could lead to reading data across domain boundaries. CVE-2010-1205 Aki Helin discovered a buffer overflow in the internal copy of libpng, which could lead to the execution of arbitrary code. CVE-2010-1208 "regenrecht" discovered that incorrect memory handling in DOM parsing could lead to the execution of arbitrary code. CVE-2010-1211 Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2010-1214 "JS3" discovered an integer overflow in the plugin code, which could lead to the execution of arbitrary code. CVE-2010-2751 Jordi Chancel discovered that the location could be spoofed to appear like a secured page. CVE-2010-2753 "regenrecht" discovered that incorrect memory handling in XUL parsing could lead to the execution of arbitrary code. CVE-2010-2754 Soroush Dalili discovered an information leak in script processing. For the stable distribution, these problems have been fixed in version 1.9.0.19-3. For the unstable distribution, these problems have been fixed in version 1.9.1.11-1. For the experimental distribution, these problems have been fixed in version 1.9.2.7-1. We recommend that you upgrade your xulrunner packages.
Family: unix Class: patch
Reference(s): DSA-2075-1
CVE-2010-0182
CVE-2010-0654
CVE-2010-1205
CVE-2010-1208
CVE-2010-1211
CVE-2010-1214
CVE-2010-2751
CVE-2010-2753
CVE-2010-2754
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13256
 
Oval ID: oval:org.mitre.oval:def:13256
Title: USN-930-5 -- ant, apturl, epiphany-browser, gluezilla, gnome-python-extras, liferea, mozvoikko, openjdk-6, packagekit, ubufox, webfav, yelp update
Description: USN-930-4 fixed vulnerabilities in Firefox and Xulrunner on Ubuntu 9.04 and 9.10. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2. Original advisory details: If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. Ilja van Sprundel discovered that the "Content-Disposition: attachment" HTTP header was ignored when "Content-Type: multipart" was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different web sites. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Firefox interpreted the XUL <tree> element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. O. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. Jordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. Chris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. Soroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains
Family: unix Class: patch
Reference(s): USN-930-5
CVE-2010-1121
CVE-2010-1200
CVE-2010-1201
CVE-2010-1202
CVE-2010-1203
CVE-2010-1198
CVE-2010-1196
CVE-2010-1199
CVE-2010-1125
CVE-2010-1197
CVE-2008-5913
CVE-2010-1208
CVE-2010-1209
CVE-2010-1211
CVE-2010-1212
CVE-2010-1214
CVE-2010-1215
CVE-2010-2752
CVE-2010-2753
CVE-2010-1205
CVE-2010-1213
CVE-2010-1207
CVE-2010-1210
CVE-2010-1206
CVE-2010-2751
CVE-2010-0654
CVE-2010-2754
Version: 7
Platform(s): Ubuntu 9.04
Ubuntu 9.10
Product(s): ant
apturl
epiphany-browser
gluezilla
gnome-python-extras
liferea
mozvoikko
openjdk-6
packagekit
ubufox
webfav
yelp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13377
 
Oval ID: oval:org.mitre.oval:def:13377
Title: USN-957-1 -- firefox, firefox-3.0, xulrunner-1.9.2 vulnerabilities
Description: Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Firefox interpreted the XUL <tree> element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. O. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. Jordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. Chris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. Soroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains
Family: unix Class: patch
Reference(s): USN-957-1
CVE-2010-1208
CVE-2010-1209
CVE-2010-1211
CVE-2010-1212
CVE-2010-1214
CVE-2010-1215
CVE-2010-2752
CVE-2010-2753
CVE-2010-1205
CVE-2010-1213
CVE-2010-1207
CVE-2010-1210
CVE-2010-1206
CVE-2010-2751
CVE-2010-0654
CVE-2010-2754
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.04
Product(s): firefox
firefox-3.0
xulrunner-1.9.2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13437
 
Oval ID: oval:org.mitre.oval:def:13437
Title: USN-957-2 -- firefox, firefox-3.0, xulrunner-1.9.2 vulnerability
Description: USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. This update fixes the problem. Original advisory details: Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Firefox interpreted the XUL <tree> element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. O. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. Jordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. Chris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. Soroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains
Family: unix Class: patch
Reference(s): USN-957-2
CVE-2010-1214
CVE-2010-2755
CVE-2010-1208
CVE-2010-1209
CVE-2010-1211
CVE-2010-1212
CVE-2010-1215
CVE-2010-2752
CVE-2010-2753
CVE-2010-1205
CVE-2010-1213
CVE-2010-1207
CVE-2010-1210
CVE-2010-1206
CVE-2010-2751
CVE-2010-0654
CVE-2010-2754
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.04
Product(s): firefox
firefox-3.0
xulrunner-1.9.2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22242
 
Oval ID: oval:org.mitre.oval:def:22242
Title: RHSA-2010:0545: thunderbird security update (Critical)
Description: dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.
Family: unix Class: patch
Reference(s): RHSA-2010:0545-01
CESA-2010:0545
CVE-2010-0174
CVE-2010-0175
CVE-2010-0176
CVE-2010-0177
CVE-2010-1197
CVE-2010-1198
CVE-2010-1199
CVE-2010-1200
CVE-2010-1205
CVE-2010-1211
CVE-2010-1214
CVE-2010-2753
CVE-2010-2754
Version: 172
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22344
 
Oval ID: oval:org.mitre.oval:def:22344
Title: RHSA-2010:0547: firefox security update (Critical)
Description: dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.
Family: unix Class: patch
Reference(s): RHSA-2010:0547-01
CESA-2010:0547
CVE-2010-0654
CVE-2010-1205
CVE-2010-1206
CVE-2010-1207
CVE-2010-1208
CVE-2010-1209
CVE-2010-1210
CVE-2010-1211
CVE-2010-1212
CVE-2010-1213
CVE-2010-1214
CVE-2010-1215
CVE-2010-2751
CVE-2010-2752
CVE-2010-2753
CVE-2010-2754
Version: 211
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22353
 
Oval ID: oval:org.mitre.oval:def:22353
Title: RHSA-2010:0556: firefox security update (Critical)
Description: layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214.
Family: unix Class: patch
Reference(s): RHSA-2010:0556-01
CESA-2010:0556
CVE-2010-2755
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22925
 
Oval ID: oval:org.mitre.oval:def:22925
Title: ELSA-2010:0556: firefox security update (Critical)
Description: layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214.
Family: unix Class: patch
Reference(s): ELSA-2010:0556-01
CVE-2010-2755
Version: 6
Platform(s): Oracle Linux 5
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23023
 
Oval ID: oval:org.mitre.oval:def:23023
Title: ELSA-2010:0547: firefox security update (Critical)
Description: dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.
Family: unix Class: patch
Reference(s): ELSA-2010:0547-01
CVE-2010-0654
CVE-2010-1205
CVE-2010-1206
CVE-2010-1207
CVE-2010-1208
CVE-2010-1209
CVE-2010-1210
CVE-2010-1211
CVE-2010-1212
CVE-2010-1213
CVE-2010-1214
CVE-2010-1215
CVE-2010-2751
CVE-2010-2752
CVE-2010-2753
CVE-2010-2754
Version: 69
Platform(s): Oracle Linux 5
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23041
 
Oval ID: oval:org.mitre.oval:def:23041
Title: ELSA-2010:0545: thunderbird security update (Critical)
Description: dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.
Family: unix Class: patch
Reference(s): ELSA-2010:0545-01
CVE-2010-0174
CVE-2010-0175
CVE-2010-0176
CVE-2010-0177
CVE-2010-1197
CVE-2010-1198
CVE-2010-1199
CVE-2010-1200
CVE-2010-1205
CVE-2010-1211
CVE-2010-1214
CVE-2010-2753
CVE-2010-2754
Version: 57
Platform(s): Oracle Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28140
 
Oval ID: oval:org.mitre.oval:def:28140
Title: DEPRECATED: ELSA-2010-0556 -- firefox security update (critical)
Description: firefox: [3.6.7-3.0.1.el5] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat ones [3.6.7-3] - Rebuild xulrunner: [1.9.2.7-3.0.1.el5] - Added xulrunner-oracle-default-prefs.js and removed the corresponding RedHat one. [1.9.2.7-3] - Include fix for 575836
Family: unix Class: patch
Reference(s): ELSA-2010-0556
CVE-2010-2755
Version: 4
Platform(s): Oracle Linux 5
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8248
 
Oval ID: oval:org.mitre.oval:def:8248
Title: Mozilla Firefox Address Bar Spoofing Vulnerability
Description: The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vectors involving a window.stop call.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1206
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla SeaMonkey
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 263
Application 2
Application 196
Application 493
Application 567
Application 238
Application 60
Application 116
Application 27
Application 58
Os 93
Os 72
Os 67
Os 1
Os 5
Os 1
Os 2
Os 3
Os 2
Os 4
Os 2

ExploitDB Exploits

id Description
2010-09-25 MOAUB #25 - Mozilla Firefox CSS font-face Remote Code Execution Vulnerability
2010-09-17 MOAUB #17 - Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code ...
2010-07-20 libpng <= 1.4.2 Denial of Service Vulnerability

OpenVAS Exploits

Date Description
2011-09-07 Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)
File : nvt/gb_macosx_su10-007.nasl
2011-08-26 Name : Apple iTunes Multiple Vulnerabilities (Mac OS X)
File : nvt/secpod_itunes_mult_vuln_macosx.nasl
2011-08-09 Name : CentOS Update for libpng CESA-2010:0534 centos5 i386
File : nvt/gb_CESA-2010_0534_libpng_centos5_i386.nasl
2011-08-09 Name : CentOS Update for thunderbird CESA-2010:0545 centos5 i386
File : nvt/gb_CESA-2010_0545_thunderbird_centos5_i386.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2010:0556 centos5 i386
File : nvt/gb_CESA-2010_0556_firefox_centos5_i386.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2010:0547 centos5 i386
File : nvt/gb_CESA-2010_0547_firefox_centos5_i386.nasl
2011-03-09 Name : Gentoo Security Advisory GLSA 201010-01 (libpng)
File : nvt/glsa_201010_01.nasl
2010-11-17 Name : Debian Security Advisory DSA 2124-1 (xulrunner)
File : nvt/deb_2124_1.nasl
2010-11-16 Name : SuSE Update for MozillaFirefox,seamonkey,MozillaThunderbird SUSE-SA:2010:056
File : nvt/gb_suse_2010_056.nasl
2010-10-19 Name : SuSE Update for MozillaFirefox,MozillaThunderbird,seamonkey SUSE-SA:2010:049
File : nvt/gb_suse_2010_049.nasl
2010-09-14 Name : Mandriva Update for firefox MDVSA-2010:173 (firefox)
File : nvt/gb_mandriva_MDVSA_2010_173.nasl
2010-09-07 Name : Mandriva Update for mozilla-thunderbird MDVSA-2010:169 (mozilla-thunderbird)
File : nvt/gb_mandriva_MDVSA_2010_169.nasl
2010-08-21 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox49.nasl
2010-08-21 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox48.nasl
2010-08-21 Name : Debian Security Advisory DSA 2072-1 (libpng)
File : nvt/deb_2072_1.nasl
2010-08-21 Name : Debian Security Advisory DSA 2075-1 (xulrunner)
File : nvt/deb_2075_1.nasl
2010-08-20 Name : CentOS Update for seamonkey CESA-2010:0546 centos3 i386
File : nvt/gb_CESA-2010_0546_seamonkey_centos3_i386.nasl
2010-08-20 Name : CentOS Update for seamonkey CESA-2010:0557 centos3 i386
File : nvt/gb_CESA-2010_0557_seamonkey_centos3_i386.nasl
2010-08-20 Name : CentOS Update for libpng10 CESA-2010:0534 centos3 i386
File : nvt/gb_CESA-2010_0534_libpng10_centos3_i386.nasl
2010-08-13 Name : Mandriva Update for firefox MDVSA-2010:147 (firefox)
File : nvt/gb_mandriva_MDVSA_2010_147.nasl
2010-08-06 Name : SuSE Update for MozillaFirefox,MozillaThunderbird,seamonkey SUSE-SA:2010:032
File : nvt/gb_suse_2010_032.nasl
2010-07-30 Name : Fedora Update for mingw32-libpng FEDORA-2010-10793
File : nvt/gb_fedora_2010_10793_mingw32-libpng_fc13.nasl
2010-07-30 Name : Ubuntu Update for Firefox and Xulrunner vulnerability USN-957-2
File : nvt/gb_ubuntu_USN_957_2.nasl
2010-07-30 Name : Fedora Update for mingw32-libpng FEDORA-2010-10776
File : nvt/gb_fedora_2010_10776_mingw32-libpng_fc12.nasl
2010-07-30 Name : Fedora Update for xulrunner FEDORA-2010-11472
File : nvt/gb_fedora_2010_11472_xulrunner_fc13.nasl
2010-07-30 Name : Ubuntu Update for Firefox and Xulrunner vulnerability USN-930-6
File : nvt/gb_ubuntu_USN_930_6.nasl
2010-07-30 Name : Fedora Update for xulrunner FEDORA-2010-11452
File : nvt/gb_fedora_2010_11452_xulrunner_fc12.nasl
2010-07-30 Name : Ubuntu Update for thunderbird vulnerabilities USN-958-1
File : nvt/gb_ubuntu_USN_958_1.nasl
2010-07-26 Name : Ubuntu Update USN-930-5
File : nvt/gb_ubuntu_USN_930_5.nasl
2010-07-26 Name : Mozilla Products Multiple Vulnerabilitie july-10 (Windows)
File : nvt/gb_mozilla_prdts_mult_vuln_win01_jul10.nasl
2010-07-26 Name : Mozilla Products Multiple Vulnerabilitie jul-10 (Win)
File : nvt/gb_mozilla_prdts_mult_vuln_win02_jul10.nasl
2010-07-26 Name : Mozilla Products Multiple Vulnerabilities jul-10 (Windows)
File : nvt/gb_mozilla_prdts_mult_vuln_win_jul10.nasl
2010-07-26 Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-930-4
File : nvt/gb_ubuntu_USN_930_4.nasl
2010-07-26 Name : RedHat Update for firefox RHSA-2010:0558-01
File : nvt/gb_RHSA-2010_0558-01_firefox.nasl
2010-07-26 Name : RedHat Update for seamonkey RHSA-2010:0557-01
File : nvt/gb_RHSA-2010_0557-01_seamonkey.nasl
2010-07-26 Name : RedHat Update for firefox RHSA-2010:0556-01
File : nvt/gb_RHSA-2010_0556-01_firefox.nasl
2010-07-26 Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-957-1
File : nvt/gb_ubuntu_USN_957_1.nasl
2010-07-23 Name : Fedora Update for thunderbird FEDORA-2010-11361
File : nvt/gb_fedora_2010_11361_thunderbird_fc12.nasl
2010-07-23 Name : Fedora Update for thunderbird FEDORA-2010-11379
File : nvt/gb_fedora_2010_11379_thunderbird_fc13.nasl
2010-07-23 Name : Fedora Update for sunbird FEDORA-2010-11379
File : nvt/gb_fedora_2010_11379_sunbird_fc13.nasl
2010-07-23 Name : Fedora Update for xulrunner FEDORA-2010-11375
File : nvt/gb_fedora_2010_11375_xulrunner_fc12.nasl
2010-07-23 Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-11375
File : nvt/gb_fedora_2010_11375_perl-Gtk2-MozEmbed_fc12.nasl
2010-07-23 Name : Fedora Update for gnome-web-photo FEDORA-2010-11375
File : nvt/gb_fedora_2010_11375_gnome-web-photo_fc12.nasl
2010-07-23 Name : RedHat Update for thunderbird RHSA-2010:0544-01
File : nvt/gb_RHSA-2010_0544-01_thunderbird.nasl
2010-07-23 Name : RedHat Update for seamonkey RHSA-2010:0546-01
File : nvt/gb_RHSA-2010_0546-01_seamonkey.nasl
2010-07-23 Name : RedHat Update for firefox RHSA-2010:0547-01
File : nvt/gb_RHSA-2010_0547-01_firefox.nasl
2010-07-23 Name : Fedora Update for libpng10 FEDORA-2010-10823
File : nvt/gb_fedora_2010_10823_libpng10_fc13.nasl
2010-07-23 Name : Fedora Update for libpng10 FEDORA-2010-10833
File : nvt/gb_fedora_2010_10833_libpng10_fc12.nasl
2010-07-23 Name : Fedora Update for seamonkey FEDORA-2010-11327
File : nvt/gb_fedora_2010_11327_seamonkey_fc13.nasl
2010-07-23 Name : Fedora Update for firefox FEDORA-2010-11345
File : nvt/gb_fedora_2010_11345_firefox_fc13.nasl
2010-07-23 Name : Fedora Update for galeon FEDORA-2010-11345
File : nvt/gb_fedora_2010_11345_galeon_fc13.nasl
2010-07-23 Name : Fedora Update for gnome-python2-extras FEDORA-2010-11345
File : nvt/gb_fedora_2010_11345_gnome-python2-extras_fc13.nasl
2010-07-23 Name : Fedora Update for gnome-web-photo FEDORA-2010-11345
File : nvt/gb_fedora_2010_11345_gnome-web-photo_fc13.nasl
2010-07-23 Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-11345
File : nvt/gb_fedora_2010_11345_perl-Gtk2-MozEmbed_fc13.nasl
2010-07-23 Name : Fedora Update for mozvoikko FEDORA-2010-11375
File : nvt/gb_fedora_2010_11375_mozvoikko_fc12.nasl
2010-07-23 Name : Fedora Update for gnome-python2-extras FEDORA-2010-11375
File : nvt/gb_fedora_2010_11375_gnome-python2-extras_fc12.nasl
2010-07-23 Name : Fedora Update for galeon FEDORA-2010-11375
File : nvt/gb_fedora_2010_11375_galeon_fc12.nasl
2010-07-23 Name : Fedora Update for firefox FEDORA-2010-11375
File : nvt/gb_fedora_2010_11375_firefox_fc12.nasl
2010-07-23 Name : Fedora Update for seamonkey FEDORA-2010-11363
File : nvt/gb_fedora_2010_11363_seamonkey_fc12.nasl
2010-07-23 Name : Fedora Update for sunbird FEDORA-2010-11361
File : nvt/gb_fedora_2010_11361_sunbird_fc12.nasl
2010-07-23 Name : Fedora Update for xulrunner FEDORA-2010-11345
File : nvt/gb_fedora_2010_11345_xulrunner_fc13.nasl
2010-07-23 Name : Fedora Update for mozvoikko FEDORA-2010-11345
File : nvt/gb_fedora_2010_11345_mozvoikko_fc13.nasl
2010-07-16 Name : Mandriva Update for libpng MDVSA-2010:133 (libpng)
File : nvt/gb_mandriva_MDVSA_2010_133.nasl
2010-07-16 Name : RedHat Update for libpng RHSA-2010:0534-01
File : nvt/gb_RHSA-2010_0534-01_libpng.nasl
2010-07-12 Name : Ubuntu Update for libpng vulnerabilities USN-960-1
File : nvt/gb_ubuntu_USN_960_1.nasl
2010-07-06 Name : Fedora Update for libpng FEDORA-2010-10592
File : nvt/gb_fedora_2010_10592_libpng_fc12.nasl
2010-07-06 Name : FreeBSD Ports: png
File : nvt/freebsd_png4.nasl
2010-07-02 Name : Fedora Update for libpng FEDORA-2010-10557
File : nvt/gb_fedora_2010_10557_libpng_fc13.nasl
2010-07-02 Name : Mozilla Firefox Address Bar Spoofing Vulnerability june-10 (Win)
File : nvt/secpod_mozilla_firefox_spoofing_vuln_win_jun10.nasl
2010-04-30 Name : Mandriva Update for gdm MDVA-2010:133 (gdm)
File : nvt/gb_mandriva_MDVA_2010_133.nasl
2010-02-22 Name : Firefox Multiple Vulnerabilities Feb-10 (Linux)
File : nvt/secpod_firefox_mult_vuln_feb10_lin.nasl
2010-02-22 Name : Firefox Multiple Vulnerabilities Feb-10 (Win)
File : nvt/secpod_firefox_mult_vuln_feb10_win.nasl
0000-00-00 Name : Slackware Advisory SSA:2010-180-01 libpng
File : nvt/esoft_slk_ssa_2010_180_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
66786 Mozilla Firefox layout/generic/nsObjectFrame.cpp Plugin Instance Parameter Ar...

66605 Mozilla Multiple Products Unspecified Memory Corruption (2010-1211)

66604 Mozilla Multiple Products Browser Engine js/src/jstracer.cpp Memory Corruptio...

66603 Mozilla Multiple Products SJOW Arbitrary Javascript Execution

66602 Mozilla Multiple Products nsCSSValue::Array Overflow

66601 Mozilla Multiple Products nsTreeSelection Selection Range Calculation Overflow

66600 Mozilla Multiple Products PNG File Handling Overflow

66599 Mozilla Multiple Products importScripts Web Worker Method Cross-origin Data D...

66598 Mozilla Multiple Products Canvas Context Same-Origin Bypass

66597 Mozilla Multiple Products intl/uconv/util/nsUnicodeDecodeHelper.cpp 8-bit Cha...

66596 Mozilla Multiple Products CSS Selector Cross-Domain Information Disclosure

66595 Mozilla Multiple Products Script Error Cross-origin Data Leakage

66594 Mozilla Multiple Browsers EnsureCachedAttrParamArrays Overflow

66593 Mozilla Multiple Browsers DOM Attribute Cloning Arbitrary Code Execution

66592 Mozilla Multiple Browsers NodeIterator Interface Javascript Callback Use-Afte...

66591 Mozilla Multiple Browsers HTTP 204 Location Bar Spoofing

66590 Mozilla Multiple Browsers docshell/base/nsDocShell.cpp nsDocShell::OnRedirect...

65852 libpng pngpread.c PNG Image Data Height Overflow

65736 Mozilla Firefox browser/base/content/browser.js startDocumentLoad Function Sa...

62464 Mozilla Firefox CSS Stylesheet Cross-origin Information Disclosure

Snort® IPS/IDS

Date Description
2019-12-24 Mutiple products libpng extra row heap overflow attempt
RuleID : 52307 - Revision : 1 - Type : FILE-IMAGE
2019-12-24 Mutiple products libpng extra row heap overflow attempt
RuleID : 52306 - Revision : 1 - Type : FILE-IMAGE
2014-05-08 Mozilla Firefox nsTreeRange Use After Free attempt
RuleID : 30486 - Revision : 2 - Type : BROWSER-FIREFOX
2014-05-08 Mozilla Firefox nsTreeRange Use After Free attempt
RuleID : 30485 - Revision : 2 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Products nsCSSValue Array Index Integer Overflow
RuleID : 19321 - Revision : 11 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla EnsureCachedAttrParamArrays integer overflow attempt
RuleID : 18809 - Revision : 13 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2
RuleID : 17154 - Revision : 14 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1
RuleID : 17153 - Revision : 14 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

Date Description
2014-12-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-08.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-11.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaFirefox-100727.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaFirefox-100916.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaThunderbird-100721.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaThunderbird-100916.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaThunderbird-101021.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_mozilla-xulrunner191-100722.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_mozilla-xulrunner191-100917.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_seamonkey-100721.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_seamonkey-100917.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_seamonkey-101021.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0534.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0544.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0546.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0547.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0556.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0557.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0558.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0680.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0681.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0682.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0545.nasl - Type : ACT_GATHER_INFO
2013-01-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100714_libpng_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100720_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100720_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20100720_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20100720_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2011-08-11 Name : The remote Windows host has an application that is affected by multiple vulne...
File : blackberry_es_png_kb27244.nasl - Type : ACT_GATHER_INFO
2011-04-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0681.nasl - Type : ACT_GATHER_INFO
2011-03-10 Name : The remote host contains a web browser that is affected by several vulnerabil...
File : safari_5_0_4.nasl - Type : ACT_GATHER_INFO
2011-03-03 Name : The remote host contains an application that has multiple vulnerabilities.
File : itunes_10_2.nasl - Type : ACT_GATHER_INFO
2011-03-03 Name : The remote host contains a multimedia application that has multiple vulnerabi...
File : itunes_10_2_banner.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-100722.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-100921.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libpng-devel-100901.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO
2010-11-10 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO
2010-11-10 Name : The remote host is missing a Mac OS X update that fixes security issues.
File : macosx_SecUpd2010-007.nasl - Type : ACT_GATHER_INFO
2010-11-05 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-7208.nasl - Type : ACT_GATHER_INFO
2010-11-03 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2124.nasl - Type : ACT_GATHER_INFO
2010-11-03 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO
2010-11-03 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaThunderbird-101021.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_seamonkey-101021.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaThunderbird-101022.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_seamonkey-101021.nasl - Type : ACT_GATHER_INFO
2010-10-12 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaThunderbird-100916.nasl - Type : ACT_GATHER_INFO
2010-10-12 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_mozilla-xulrunner191-100917.nasl - Type : ACT_GATHER_INFO
2010-10-12 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaThunderbird-100917.nasl - Type : ACT_GATHER_INFO
2010-10-12 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_mozilla-xulrunner191-100917.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-7101.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libpng-7144.nasl - Type : ACT_GATHER_INFO
2010-10-06 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201010-01.nasl - Type : ACT_GATHER_INFO
2010-09-20 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-100916.nasl - Type : ACT_GATHER_INFO
2010-09-20 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_seamonkey-100917.nasl - Type : ACT_GATHER_INFO
2010-09-20 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaFirefox-100916.nasl - Type : ACT_GATHER_INFO
2010-09-20 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_seamonkey-100917.nasl - Type : ACT_GATHER_INFO
2010-09-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0680.nasl - Type : ACT_GATHER_INFO
2010-09-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0681.nasl - Type : ACT_GATHER_INFO
2010-09-12 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0682.nasl - Type : ACT_GATHER_INFO
2010-09-12 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-173.nasl - Type : ACT_GATHER_INFO
2010-09-12 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12642.nasl - Type : ACT_GATHER_INFO
2010-09-12 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libpng-devel-100901.nasl - Type : ACT_GATHER_INFO
2010-09-12 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libpng-devel-100901.nasl - Type : ACT_GATHER_INFO
2010-09-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-975-1.nasl - Type : ACT_GATHER_INFO
2010-09-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-978-1.nasl - Type : ACT_GATHER_INFO
2010-09-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0680.nasl - Type : ACT_GATHER_INFO
2010-09-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0682.nasl - Type : ACT_GATHER_INFO
2010-09-03 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-169.nasl - Type : ACT_GATHER_INFO
2010-08-24 Name : The remote host is missing a Mac OS X update that fixes security issues.
File : macosx_SecUpd2010-005.nasl - Type : ACT_GATHER_INFO
2010-08-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0546.nasl - Type : ACT_GATHER_INFO
2010-08-12 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-147.nasl - Type : ACT_GATHER_INFO
2010-08-10 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_c2eac2b59a7d11df8e32000f20797ede.nasl - Type : ACT_GATHER_INFO
2010-08-09 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0544.nasl - Type : ACT_GATHER_INFO
2010-08-09 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0558.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-133.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-100722.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaFirefox-100722.nasl - Type : ACT_GATHER_INFO
2010-07-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2075.nasl - Type : ACT_GATHER_INFO
2010-07-28 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0556.nasl - Type : ACT_GATHER_INFO
2010-07-28 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0557.nasl - Type : ACT_GATHER_INFO
2010-07-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0534.nasl - Type : ACT_GATHER_INFO
2010-07-28 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0544.nasl - Type : ACT_GATHER_INFO
2010-07-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0546.nasl - Type : ACT_GATHER_INFO
2010-07-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0547.nasl - Type : ACT_GATHER_INFO
2010-07-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0556.nasl - Type : ACT_GATHER_INFO
2010-07-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0557.nasl - Type : ACT_GATHER_INFO
2010-07-28 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0558.nasl - Type : ACT_GATHER_INFO
2010-07-28 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaThunderbird-100721.nasl - Type : ACT_GATHER_INFO
2010-07-27 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10776.nasl - Type : ACT_GATHER_INFO
2010-07-27 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10793.nasl - Type : ACT_GATHER_INFO
2010-07-27 Name : The remote Fedora host is missing a security update.
File : fedora_2010-11452.nasl - Type : ACT_GATHER_INFO
2010-07-27 Name : The remote Fedora host is missing a security update.
File : fedora_2010-11472.nasl - Type : ACT_GATHER_INFO
2010-07-27 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_seamonkey-100721.nasl - Type : ACT_GATHER_INFO
2010-07-27 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-930-6.nasl - Type : ACT_GATHER_INFO
2010-07-27 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-957-2.nasl - Type : ACT_GATHER_INFO
2010-07-27 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-958-1.nasl - Type : ACT_GATHER_INFO
2010-07-26 Name : The remote Windows host contains a web browser that may allow execution of re...
File : mozilla_firefox_368.nasl - Type : ACT_GATHER_INFO
2010-07-26 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-930-4.nasl - Type : ACT_GATHER_INFO
2010-07-26 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-930-5.nasl - Type : ACT_GATHER_INFO
2010-07-26 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-957-1.nasl - Type : ACT_GATHER_INFO
2010-07-23 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0545.nasl - Type : ACT_GATHER_INFO
2010-07-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0547.nasl - Type : ACT_GATHER_INFO
2010-07-23 Name : The remote Fedora host is missing a security update.
File : fedora_2010-11327.nasl - Type : ACT_GATHER_INFO
2010-07-23 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-11345.nasl - Type : ACT_GATHER_INFO
2010-07-23 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-11361.nasl - Type : ACT_GATHER_INFO
2010-07-23 Name : The remote Fedora host is missing a security update.
File : fedora_2010-11363.nasl - Type : ACT_GATHER_INFO
2010-07-23 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-11375.nasl - Type : ACT_GATHER_INFO
2010-07-23 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-11379.nasl - Type : ACT_GATHER_INFO
2010-07-22 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_8c2ea875949911df8e32000f20797ede.nasl - Type : ACT_GATHER_INFO
2010-07-22 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_3511.nasl - Type : ACT_GATHER_INFO
2010-07-22 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_367.nasl - Type : ACT_GATHER_INFO
2010-07-21 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2072.nasl - Type : ACT_GATHER_INFO
2010-07-21 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10823.nasl - Type : ACT_GATHER_INFO
2010-07-21 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10833.nasl - Type : ACT_GATHER_INFO
2010-07-21 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_306.nasl - Type : ACT_GATHER_INFO
2010-07-21 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_311.nasl - Type : ACT_GATHER_INFO
2010-07-21 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : seamonkey_206.nasl - Type : ACT_GATHER_INFO
2010-07-16 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0534.nasl - Type : ACT_GATHER_INFO
2010-07-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-960-1.nasl - Type : ACT_GATHER_INFO
2010-07-06 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10592.nasl - Type : ACT_GATHER_INFO
2010-07-02 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10557.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-180-01.nasl - Type : ACT_GATHER_INFO
2010-06-29 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_edef3f2f82cf11dfbcce0018f3e2eb82.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:06:55
  • Multiple Updates