9.3 - VU#879056

Executive Summary

Summary
Title	Mozilla browsers fail to properly handle images

Informations
Name	VU#879056	First vendor Publication	2008-02-11
Vendor	VU-CERT	Last vendor Modification	2008-02-11
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#879056

Mozilla browsers fail to properly handle images

Overview

A vulnerability exists in Mozilla products that may allow a remote attacker to view browser history or cause a denial of service.

I. Description

Mozilla products contain a vulnerability in the browser engine that may result in information disclosure or a denial of service when handling malicious image files when a user leaves a page with designMode frames. According to the Mozilla Foundation Security Advisory 2008-06:

The reported issue can be used to steal a user's navigation history, forward navigation information, and crash the user's browser. The crash showed evidence of memory corruption and might be exploitable to run arbitrary code.

Note that JavaScript must be enabled in order for this vulnerability to exist. JavaScript is enabled by default in the Firefox and Mozilla web browsers. Exploitation can occur by accessing a specially crafted web page with Firefox.

II. Impact

A remote, unauthorized attacker may be able to view browser history information or cause a denial of service.

III. Solution

Apply an update

According to the Mozilla Foundation Security Advisory 2008-06 this vulnerability is addressed in Firefox 2.0.0.12 and SeaMonkey 1.1.8

Disable JavaScript

For instructions on how to disable JavaScript in Firefox, please refer to the Firefox section of the Securing Your Web Browser document.

Use NoScript

Using the Mozilla Firefox NoScript extension to whitelist web sites that can run scripts and access installed plugins will mitigate this vulnerability.

Systems Affected

Vendor	Status	Date Updated
Mozilla	Vulnerable	11-Feb-2008

References

http://www.mozilla.org/security/announce/2008/mfsa2008-06.html
https://bugzilla.mozilla.org/show_bug.cgi?id=400556

Credit

This vulnerability is addressed in Mozilla Foundation Security Advisory 2008-06. Mozilla credits David Bloom for reporting this issue.

This document was written by Chris Taschner.

Other Information

Date Public	02/07/2008
Date First Published	02/11/2008 08:11:32 AM
Date Last Updated	02/11/2008
CERT Advisory
CVE Name	CVE-2008-0419
US-CERT Technical Alerts
Metric	5.94
Document Revision	21

Original Source

Url : http://www.kb.cert.org/vuls/id/879056

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-399	Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11652

Oval ID:	oval:org.mitre.oval:def:11652
Title:	Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles.
Description:	Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-0419	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.9-0.9.el3 AND seamonkey-js-debugger is earlier than 0:1.0.9-0.9.el3 AND seamonkey-nss-devel is earlier than 0:1.0.9-0.9.el3 AND seamonkey is earlier than 0:1.0.9-0.9.el3 AND seamonkey-nspr-devel is earlier than 0:1.0.9-0.9.el3 AND seamonkey-mail is earlier than 0:1.0.9-0.9.el3 AND seamonkey-chat is earlier than 0:1.0.9-0.9.el3 AND seamonkey-devel is earlier than 0:1.0.9-0.9.el3 AND seamonkey-dom-inspector is earlier than 0:1.0.9-0.9.el3 AND seamonkey-nss is earlier than 0:1.0.9-0.9.el3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.9-9.el4 AND seamonkey-js-debugger is earlier than 0:1.0.9-9.el4 AND thunderbird is earlier than 0:1.5.0.12-8.el4 AND seamonkey-nss-devel is earlier than 0:1.0.9-9.el4 AND seamonkey is earlier than 0:1.0.9-9.el4 AND seamonkey-nspr-devel is earlier than 0:1.0.9-9.el4 AND firefox is earlier than 0:1.5.0.12-0.10.el4 AND seamonkey-mail is earlier than 0:1.0.9-9.el4 AND seamonkey-chat is earlier than 0:1.0.9-9.el4 AND seamonkey-nss is earlier than 0:1.0.9-9.el4 AND seamonkey-devel is earlier than 0:1.0.9-9.el4 AND seamonkey-dom-inspector is earlier than 0:1.0.9-9.el4 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section firefox-devel is earlier than 0:1.5.0.12-9.el5 AND firefox is earlier than 0:1.5.0.12-9.el5 AND thunderbird is earlier than 0:1.5.0.12-8.el5

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mozilla Firefox cpe:2.3:a:mozilla:firefox:2.0.0.9:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.9:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.9:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.8:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.8:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.8:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.7:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.7:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.7:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.6:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.6:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.6:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.5:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.5:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.5:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.4:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.4:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.4:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.3:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.3:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.3:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.2:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.2:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.2:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.11:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.11:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.11:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.10:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.10:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.10:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.1:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.1:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.1:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0:::::::* cpe:2.3:a:mozilla:firefox:2.0:beta1:::::: cpe:2.3:a:mozilla:firefox:2.0:beta_1:::::: cpe:2.3:a:mozilla:firefox:2.0:rc3:::::: cpe:2.3:a:mozilla:firefox:2.0:rc2:::::: cpe:2.3:a:mozilla:firefox:2.0:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:1.8:::::::* cpe:2.3:a:mozilla:firefox:1.5.8:::::::* cpe:2.3:a:mozilla:firefox:1.5.7:::::::* cpe:2.3:a:mozilla:firefox:1.5.6:::::::* cpe:2.3:a:mozilla:firefox:1.5.5:::::::* cpe:2.3:a:mozilla:firefox:1.5.4:::::::* cpe:2.3:a:mozilla:firefox:1.5.3:::::::* cpe:2.3:a:mozilla:firefox:1.5.2:::::::* cpe:2.3:a:mozilla:firefox:1.5.1:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.9:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.8:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.7:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.6:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.5:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.12:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.11:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.10:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::* cpe:2.3:a:mozilla:firefox:1.5:-:::::: cpe:2.3:a:mozilla:firefox:1.5:beta2:::::: cpe:2.3:a:mozilla:firefox:1.5:beta1:::::: cpe:2.3:a:mozilla:firefox:1.4.1:::::::* cpe:2.3:a:mozilla:firefox:1.0.8:::::::* cpe:2.3:a:mozilla:firefox:1.0.7:::::::* cpe:2.3:a:mozilla:firefox:1.0.6:::::::* cpe:2.3:a:mozilla:firefox:1.0.6::linux::::: cpe:2.3:a:mozilla:firefox:1.0.5:::::::* cpe:2.3:a:mozilla:firefox:1.0.4:::::::* cpe:2.3:a:mozilla:firefox:1.0.3:::::::* cpe:2.3:a:mozilla:firefox:1.0.2:::::::* cpe:2.3:a:mozilla:firefox:1.0.1:::::::* cpe:2.3:a:mozilla:firefox:1.0:preview_release:::::: cpe:2.3:a:mozilla:firefox:1.0:-:::::: cpe:2.3:a:mozilla:firefox:0.9.3:::::::* cpe:2.3:a:mozilla:firefox:0.9.2:::::::* cpe:2.3:a:mozilla:firefox:0.9.1:::::::* cpe:2.3:a:mozilla:firefox:0.9_rc:::::::* cpe:2.3:a:mozilla:firefox:0.9:rc:::::: cpe:2.3:a:mozilla:firefox:0.9:::::::* cpe:2.3:a:mozilla:firefox:0.8:::::::* cpe:2.3:a:mozilla:firefox:0.7.1:::::::* cpe:2.3:a:mozilla:firefox:0.7:::::::* cpe:2.3:a:mozilla:firefox:0.6.1:::::::* cpe:2.3:a:mozilla:firefox:0.6:::::::* cpe:2.3:a:mozilla:firefox:0.5:::::::* cpe:2.3:a:mozilla:firefox:0.4:::::::* cpe:2.3:a:mozilla:firefox:0.3:::::::* cpe:2.3:a:mozilla:firefox:0.2:::::::* cpe:2.3:a:mozilla:firefox:0.10.1:::::::* cpe:2.3:a:mozilla:firefox:0.10:::::::* cpe:2.3:a:mozilla:firefox:0.1:::::::* cpe:2.3:a:mozilla:firefox:::::::: cpe:2.3:a:mozilla:firefox:::::::x86:* cpe:2.3:a:mozilla:firefox::::::x86::* cpe:2.3:a:mozilla:firefox::::::iphone_os::* cpe:2.3:a:mozilla:firefox::::::-::* cpe:2.3:a:mozilla:firefox::::::android::* cpe:2.3:a:mozilla:firefox:::::android:::* cpe:2.3:a:mozilla:firefox:-:::::::* cpe:2.3:a:mozilla:firefox:-:::::iphone_os::	103
Application	Mozilla Seamonkey cpe:2.3:a:mozilla:seamonkey:1.1.7:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.6:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.5:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.5:1.1.10:::::: cpe:2.3:a:mozilla:seamonkey:1.1.4:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.3:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.2:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.1:::::::* cpe:2.3:a:mozilla:seamonkey:1.1:beta:::::: cpe:2.3:a:mozilla:seamonkey:1.1:alpha:::::: cpe:2.3:a:mozilla:seamonkey:1.1:::::::* cpe:2.3:a:mozilla:seamonkey:1.0.99:::::::* cpe:2.3:a:mozilla:seamonkey:1.0.9:::::::* cpe:2.3:a:mozilla:seamonkey:1.0.8:::::::* cpe:2.3:a:mozilla:seamonkey:1.0.7:::::::* cpe:2.3:a:mozilla:seamonkey:1.0.6:::::::* cpe:2.3:a:mozilla:seamonkey:1.0.5:::::::* cpe:2.3:a:mozilla:seamonkey:1.0.4:::::::* cpe:2.3:a:mozilla:seamonkey:1.0.3:::::::* cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::* cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::* cpe:2.3:a:mozilla:seamonkey:1.0:alpha:::::: cpe:2.3:a:mozilla:seamonkey:1.0:beta:::::: cpe:2.3:a:mozilla:seamonkey:1.0:::::::* cpe:2.3:a:mozilla:seamonkey:1.0::dev::::: cpe:2.3:a:mozilla:seamonkey:1.0::alpha::::: cpe:2.3:a:mozilla:seamonkey:1.0::beta::::: cpe:2.3:a:mozilla:seamonkey:::::::: cpe:2.3:a:mozilla:seamonkey:-:::::::*	29

OpenVAS Exploits

Date	Description
2009-10-10	Name : SLES9: Security update for Mozilla File : nvt/sles9p5021982.nasl
2009-04-09	Name : Mandriva Update for mozilla-firefox MDVSA-2008:048 (mozilla-firefox) File : nvt/gb_mandriva_MDVSA_2008_048.nasl
2009-03-23	Name : Ubuntu Update for firefox vulnerabilities USN-576-1 File : nvt/gb_ubuntu_USN_576_1.nasl
2009-03-06	Name : RedHat Update for thunderbird RHSA-2008:0105-02 File : nvt/gb_RHSA-2008_0105-02_thunderbird.nasl
2009-03-06	Name : RedHat Update for thunderbird RHSA-2008:0105-01 File : nvt/gb_RHSA-2008_0105-01_thunderbird.nasl
2009-03-06	Name : RedHat Update for seamonkey RHSA-2008:0104-01 File : nvt/gb_RHSA-2008_0104-01_seamonkey.nasl
2009-03-06	Name : RedHat Update for firefox RHSA-2008:0103-01 File : nvt/gb_RHSA-2008_0103-01_firefox.nasl
2009-02-27	Name : CentOS Update for thunderbird CESA-2008:0105 centos5 i386 File : nvt/gb_CESA-2008_0105_thunderbird_centos5_i386.nasl
2009-02-27	Name : CentOS Update for thunderbird CESA-2008:0105 centos5 x86_64 File : nvt/gb_CESA-2008_0105_thunderbird_centos5_x86_64.nasl
2009-02-27	Name : CentOS Update for thunderbird CESA-2008:0105 centos4 x86_64 File : nvt/gb_CESA-2008_0105_thunderbird_centos4_x86_64.nasl
2009-02-27	Name : CentOS Update for thunderbird CESA-2008:0105 centos4 i386 File : nvt/gb_CESA-2008_0105_thunderbird_centos4_i386.nasl
2009-02-27	Name : CentOS Update for seamonkey CESA-2008:0104 centos4 x86_64 File : nvt/gb_CESA-2008_0104_seamonkey_centos4_x86_64.nasl
2009-02-27	Name : CentOS Update for seamonkey CESA-2008:0104 centos4 i386 File : nvt/gb_CESA-2008_0104_seamonkey_centos4_i386.nasl
2009-02-27	Name : CentOS Update for seamonkey CESA-2008:0104 centos3 x86_64 File : nvt/gb_CESA-2008_0104_seamonkey_centos3_x86_64.nasl
2009-02-27	Name : CentOS Update for seamonkey CESA-2008:0104-01 centos2 i386 File : nvt/gb_CESA-2008_0104-01_seamonkey_centos2_i386.nasl
2009-02-27	Name : CentOS Update for firefox CESA-2008:0103 centos3 i386 File : nvt/gb_CESA-2008_0103_firefox_centos3_i386.nasl
2009-02-27	Name : CentOS Update for firefox CESA-2008:0103 centos3 x86_64 File : nvt/gb_CESA-2008_0103_firefox_centos3_x86_64.nasl
2009-02-27	Name : CentOS Update for seamonkey CESA-2008:0104 centos3 i386 File : nvt/gb_CESA-2008_0104_seamonkey_centos3_i386.nasl
2009-02-27	Name : CentOS Update for firefox CESA-2008:0103 centos4 i386 File : nvt/gb_CESA-2008_0103_firefox_centos4_i386.nasl
2009-02-27	Name : CentOS Update for firefox CESA-2008:0103 centos4 x86_64 File : nvt/gb_CESA-2008_0103_firefox_centos4_x86_64.nasl
2009-02-27	Name : CentOS Update for firefox CESA-2008:0103 centos5 i386 File : nvt/gb_CESA-2008_0103_firefox_centos5_i386.nasl
2009-02-27	Name : CentOS Update for firefox CESA-2008:0103 centos5 x86_64 File : nvt/gb_CESA-2008_0103_firefox_centos5_x86_64.nasl
2009-02-16	Name : Fedora Update for blam FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_blam_fc8.nasl
2009-02-16	Name : Fedora Update for chmsee FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_chmsee_fc8.nasl
2009-02-16	Name : Fedora Update for devhelp FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_devhelp_fc8.nasl
2009-02-16	Name : Fedora Update for epiphany-extensions FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_epiphany-extensions_fc8.nasl
2009-02-16	Name : Fedora Update for epiphany FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_epiphany_fc8.nasl
2009-02-16	Name : Fedora Update for firefox FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_firefox_fc8.nasl
2009-02-16	Name : Fedora Update for galeon FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_galeon_fc8.nasl
2009-02-16	Name : Fedora Update for gnome-python2-extras FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_gnome-python2-extras_fc8.nasl
2009-02-16	Name : Fedora Update for gnome-web-photo FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_gnome-web-photo_fc8.nasl
2009-02-16	Name : Fedora Update for gtkmozembedmm FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_gtkmozembedmm_fc8.nasl
2009-02-16	Name : Fedora Update for kazehakase FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_kazehakase_fc8.nasl
2009-02-16	Name : Fedora Update for liferea FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_liferea_fc8.nasl
2009-02-16	Name : Fedora Update for openvrml FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_openvrml_fc8.nasl
2009-02-16	Name : Fedora Update for ruby-gnome2 FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_ruby-gnome2_fc8.nasl
2009-02-16	Name : Fedora Update for yelp FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_yelp_fc8.nasl
2009-02-16	Name : Fedora Update for thunderbird FEDORA-2008-2118 File : nvt/gb_fedora_2008_2118_thunderbird_fc7.nasl
2009-02-16	Name : Fedora Update for thunderbird FEDORA-2008-2060 File : nvt/gb_fedora_2008_2060_thunderbird_fc8.nasl
2009-02-16	Name : Fedora Update for seamonkey FEDORA-2008-1669 File : nvt/gb_fedora_2008_1669_seamonkey_fc7.nasl
2009-02-16	Name : Fedora Update for galeon FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_galeon_fc7.nasl
2009-02-16	Name : Fedora Update for seamonkey FEDORA-2008-1459 File : nvt/gb_fedora_2008_1459_seamonkey_fc8.nasl
2009-02-16	Name : Fedora Update for Miro FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_Miro_fc7.nasl
2009-02-16	Name : Fedora Update for chmsee FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_chmsee_fc7.nasl
2009-02-16	Name : Fedora Update for devhelp FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_devhelp_fc7.nasl
2009-02-16	Name : Fedora Update for epiphany-extensions FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_epiphany-extensions_fc7.nasl
2009-02-16	Name : Fedora Update for epiphany FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_epiphany_fc7.nasl
2009-02-16	Name : Fedora Update for firefox FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_firefox_fc7.nasl
2009-02-16	Name : Fedora Update for gnome-python2-extras FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_gnome-python2-extras_fc7.nasl
2009-02-16	Name : Fedora Update for gtkmozembedmm FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_gtkmozembedmm_fc7.nasl
2009-02-16	Name : Fedora Update for kazehakase FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_kazehakase_fc7.nasl
2009-02-16	Name : Fedora Update for liferea FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_liferea_fc7.nasl
2009-02-16	Name : Fedora Update for openvrml FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_openvrml_fc7.nasl
2009-02-16	Name : Fedora Update for ruby-gnome2 FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_ruby-gnome2_fc7.nasl
2009-02-16	Name : Fedora Update for yelp FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_yelp_fc7.nasl
2009-02-16	Name : Fedora Update for Miro FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_Miro_fc8.nasl
2009-01-23	Name : SuSE Update for MozillaFirefox,seamonkey SUSE-SA:2008:008 File : nvt/gb_suse_2008_008.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200805-18 (mozilla ...) File : nvt/glsa_200805_18.nasl
2008-09-04	Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox31.nasl
2008-03-27	Name : Debian Security Advisory DSA 1506-2 (iceape) File : nvt/deb_1506_2.nasl
2008-03-19	Name : Debian Security Advisory DSA 1485-2 (icedove) File : nvt/deb_1485_2.nasl
2008-02-28	Name : Debian Security Advisory DSA 1506-1 (iceape) File : nvt/deb_1506_1.nasl
2008-02-15	Name : Debian Security Advisory DSA 1484-1 (xulrunner) File : nvt/deb_1484_1.nasl
2008-02-15	Name : Debian Security Advisory DSA 1489-1 (iceweasel) File : nvt/deb_1489_1.nasl
2008-02-15	Name : Debian Security Advisory DSA 1485-1 (icedove) File : nvt/deb_1485_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
41218	Mozilla Multiple Browsers designMode Frame Forward Navigation Information Dis... Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles.

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2008-0105.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0104.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0103.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing a security update. File : sl_20080207_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080207_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080207_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-048.nasl - Type : ACT_GATHER_INFO
2008-05-22	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200805-18.nasl - Type : ACT_GATHER_INFO
2008-03-28	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner-5118.nasl - Type : ACT_GATHER_INFO
2008-03-28	Name : The remote openSUSE host is missing a security update. File : suse_mozilla-xulrunner-5123.nasl - Type : ACT_GATHER_INFO
2008-03-19	Name : The remote openSUSE host is missing a security update. File : suse_epiphany-5102.nasl - Type : ACT_GATHER_INFO
2008-03-19	Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-5095.nasl - Type : ACT_GATHER_INFO
2008-03-17	Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-5098.nasl - Type : ACT_GATHER_INFO
2008-02-29	Name : The remote Fedora host is missing a security update. File : fedora_2008-2060.nasl - Type : ACT_GATHER_INFO
2008-02-29	Name : The remote Fedora host is missing a security update. File : fedora_2008-2118.nasl - Type : ACT_GATHER_INFO
2008-02-25	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_810a5197e0d911dc891a02061b08fc24.nasl - Type : ACT_GATHER_INFO
2008-02-25	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1506.nasl - Type : ACT_GATHER_INFO
2008-02-22	Name : The remote Windows host contains a web browser that is affected by multiple v... File : netscape_browser_9006.nasl - Type : ACT_GATHER_INFO
2008-02-18	Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-5012.nasl - Type : ACT_GATHER_INFO
2008-02-18	Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-5011.nasl - Type : ACT_GATHER_INFO
2008-02-14	Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-1535.nasl - Type : ACT_GATHER_INFO
2008-02-14	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-5001.nasl - Type : ACT_GATHER_INFO
2008-02-14	Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-5002.nasl - Type : ACT_GATHER_INFO
2008-02-14	Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-1435.nasl - Type : ACT_GATHER_INFO
2008-02-14	Name : The remote Fedora host is missing a security update. File : fedora_2008-1669.nasl - Type : ACT_GATHER_INFO
2008-02-14	Name : The remote Fedora host is missing a security update. File : fedora_2008-1459.nasl - Type : ACT_GATHER_INFO
2008-02-11	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-576-1.nasl - Type : ACT_GATHER_INFO
2008-02-11	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0103.nasl - Type : ACT_GATHER_INFO
2008-02-11	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0105.nasl - Type : ACT_GATHER_INFO
2008-02-11	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0104.nasl - Type : ACT_GATHER_INFO
2008-02-11	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0103.nasl - Type : ACT_GATHER_INFO
2008-02-11	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1489.nasl - Type : ACT_GATHER_INFO
2008-02-11	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1485.nasl - Type : ACT_GATHER_INFO
2008-02-11	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1484.nasl - Type : ACT_GATHER_INFO
2008-02-11	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2008-0105.nasl - Type : ACT_GATHER_INFO
2008-02-11	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0104.nasl - Type : ACT_GATHER_INFO
2008-02-08	Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_118.nasl - Type : ACT_GATHER_INFO
2008-02-08	Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_20012.nasl - Type : ACT_GATHER_INFO

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	1
CPE ID(s)	132
osvdb(s)	1
Openvas Exploit(s)	65
Nessus® Exploit(s)	38

	Related
9.3	SUN-238492
9.3	CVE-2008-0419
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)