ID CVE-2008-0017
Summary The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.
References
Vulnerable Configurations
  • Mozilla Firefox 2.0
    cpe:2.3:a:mozilla:firefox:2.0
  • Mozilla Firefox 2.0.0.1
    cpe:2.3:a:mozilla:firefox:2.0.0.1
  • Mozilla Firefox 2.0.0.2
    cpe:2.3:a:mozilla:firefox:2.0.0.2
  • Mozilla Firefox 2.0.0.3
    cpe:2.3:a:mozilla:firefox:2.0.0.3
  • Mozilla Firefox 2.0.0.4
    cpe:2.3:a:mozilla:firefox:2.0.0.4
  • Mozilla Firefox 2.0.0.5
    cpe:2.3:a:mozilla:firefox:2.0.0.5
  • Mozilla Firefox 2.0.0.6
    cpe:2.3:a:mozilla:firefox:2.0.0.6
  • Mozilla Firefox 2.0.0.7
    cpe:2.3:a:mozilla:firefox:2.0.0.7
  • Mozilla Firefox 2.0.0.8
    cpe:2.3:a:mozilla:firefox:2.0.0.8
  • Mozilla Firefox 2.0.0.9
    cpe:2.3:a:mozilla:firefox:2.0.0.9
  • Mozilla Firefox 2.0.0.10
    cpe:2.3:a:mozilla:firefox:2.0.0.10
  • Mozilla Firefox 2.0.0.11
    cpe:2.3:a:mozilla:firefox:2.0.0.11
  • Mozilla Firefox 2.0.0.12
    cpe:2.3:a:mozilla:firefox:2.0.0.12
  • Mozilla Firefox 2.0.0.13
    cpe:2.3:a:mozilla:firefox:2.0.0.13
  • Mozilla Firefox 2.0.0.14
    cpe:2.3:a:mozilla:firefox:2.0.0.14
  • Mozilla Firefox 2.0.0.15
    cpe:2.3:a:mozilla:firefox:2.0.0.15
  • Mozilla Firefox 2.0.0.16
    cpe:2.3:a:mozilla:firefox:2.0.0.16
  • Mozilla Firefox 2.0.0.17
    cpe:2.3:a:mozilla:firefox:2.0.0.17
  • Mozilla Firefox 3.0
    cpe:2.3:a:mozilla:firefox:3.0
  • Mozilla Firefox 3.0.1
    cpe:2.3:a:mozilla:firefox:3.0.1
  • Mozilla Firefox 3.0.2
    cpe:2.3:a:mozilla:firefox:3.0.2
  • Mozilla Firefox 3.0.3
    cpe:2.3:a:mozilla:firefox:3.0.3
  • Mozilla SeaMonkey 1.0
    cpe:2.3:a:mozilla:seamonkey:1.0
  • Mozilla SeaMonkey 1.0 alpha
    cpe:2.3:a:mozilla:seamonkey:1.0:alpha
  • Mozilla SeaMonkey 1.0 beta
    cpe:2.3:a:mozilla:seamonkey:1.0:beta
  • Mozilla SeaMonkey 1.0.1
    cpe:2.3:a:mozilla:seamonkey:1.0.1
  • Mozilla SeaMonkey 1.0.2
    cpe:2.3:a:mozilla:seamonkey:1.0.2
  • Mozilla SeaMonkey 1.0.3
    cpe:2.3:a:mozilla:seamonkey:1.0.3
  • Mozilla SeaMonkey 1.0.4
    cpe:2.3:a:mozilla:seamonkey:1.0.4
  • Mozilla SeaMonkey 1.0.5
    cpe:2.3:a:mozilla:seamonkey:1.0.5
  • Mozilla SeaMonkey 1.0.6
    cpe:2.3:a:mozilla:seamonkey:1.0.6
  • Mozilla SeaMonkey 1.0.7
    cpe:2.3:a:mozilla:seamonkey:1.0.7
  • Mozilla SeaMonkey 1.0.8
    cpe:2.3:a:mozilla:seamonkey:1.0.8
  • Mozilla SeaMonkey 1.0.9
    cpe:2.3:a:mozilla:seamonkey:1.0.9
  • Mozilla SeaMonkey 1.1
    cpe:2.3:a:mozilla:seamonkey:1.1
  • Mozilla SeaMonkey 1.1 alpha
    cpe:2.3:a:mozilla:seamonkey:1.1:-:alpha
  • Mozilla SeaMonkey 1.1 alpha
    cpe:2.3:a:mozilla:seamonkey:1.1:-:beta
  • Mozilla SeaMonkey 1.1 alpha
    cpe:2.3:a:mozilla:seamonkey:1.1:alpha
  • Mozilla SeaMonkey 1.1 beta
    cpe:2.3:a:mozilla:seamonkey:1.1:beta
  • Mozilla Seamonkey 1.1.1
    cpe:2.3:a:mozilla:seamonkey:1.1.1
  • Mozilla Seamonkey 1.1.2
    cpe:2.3:a:mozilla:seamonkey:1.1.2
  • Mozilla Seamonkey 1.1.3
    cpe:2.3:a:mozilla:seamonkey:1.1.3
  • Mozilla Seamonkey 1.1.4
    cpe:2.3:a:mozilla:seamonkey:1.1.4
  • Mozilla Seamonkey 1.1.5
    cpe:2.3:a:mozilla:seamonkey:1.1.5
  • Mozilla Seamonkey 1.1.6
    cpe:2.3:a:mozilla:seamonkey:1.1.6
  • Mozilla Seamonkey 1.1.7
    cpe:2.3:a:mozilla:seamonkey:1.1.7
  • Mozilla SeaMonkey 1.1.8
    cpe:2.3:a:mozilla:seamonkey:1.1.8
  • Mozilla SeaMonkey 1.1.9
    cpe:2.3:a:mozilla:seamonkey:1.1.9
  • Mozilla SeaMonkey 1.1.10
    cpe:2.3:a:mozilla:seamonkey:1.1.10
  • Mozilla SeaMonkey 1.1.11
    cpe:2.3:a:mozilla:seamonkey:1.1.11
  • Mozilla SeaMonkey 1.1.12
    cpe:2.3:a:mozilla:seamonkey:1.1.12
  • Canonical Ubuntu Linux 6.06 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:6.06:-:-:-:lts
  • Canonical Ubuntu Linux 7.10
    cpe:2.3:o:canonical:ubuntu_linux:7.10
  • Canonical Ubuntu Linux 8.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:8.04:-:-:-:lts
  • Canonical Ubuntu Linux 8.10
    cpe:2.3:o:canonical:ubuntu_linux:8.10
  • Debian GNU/Linux 4.0
    cpe:2.3:o:debian:debian_linux:4.0
  • Debian GNU/Linux 5.0
    cpe:2.3:o:debian:debian_linux:5.0
CVSS
Base: 9.3 (as of 13-11-2008 - 13:21)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLAFIREFOX-5826.NASL
    description This update brings the Mozilla Firefox browser to version 2.0.0.18. It fixes following security issues : - The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. (CVE-2008-0017 / MFSA 2008-54) - Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. (CVE-2008-5012 / MFSA 2008-48) - Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that 'dynamically unloads itself from an outside JavaScript function,' which triggers an access of an expired memory address. (CVE-2008-5013 / MFSA 2008-49) CVE-2008-5014 / MFSA 2008-50 jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function. - Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system. (CVE-2008-5015 / MFSA 2008-51) - The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences. (CVE-2008-5016 / MFSA 2008-52) - Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors. (CVE-2008-5017 / MFSA 2008-52) - The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to 'insufficient class checking' in the Date class. CVE-2008-5019 / MFSA 2008-53: The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors. CVE-2008-5021 / MFSA 2008-55: nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. (CVE-2008-5018 / MFSA 2008-52) - The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check. (CVE-2008-5022 / MFSA 2008-56) - Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file. (CVE-2008-5023 / MFSA 2008-57) - Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document. (CVE-2008-5024 / MFSA 2008-58) - The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js. (CVE-2008-5052 / MFSA 2008-52) This update also changes a previous security fix that removed functionality required by customers. This issue was MFSA 2007-34 'Possible file stealing through sftp protocol', where the fix just disabled sftp:// and smb:// blindly. Those protocols can now reenabled selectively by changing the gconf property /apps/firefox/general/allowed_indirect_gnomevfs_loads to include smb:,sftp :
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 41465
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41465
    title SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5826)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_F29FEA8FB19F11DDA55E00163E000016.NASL
    description The Mozilla Foundation reports : MFSA 2008-58 Parsing error in E4X default namespace MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation MFSA 2008-55 Crash and remote code execution in nsFrameManager MFSA 2008-54 Buffer overflow in http-index-format parser MFSA 2008-53 XSS and JavaScript privilege escalation via session restore MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18) MFSA 2008-51 file: URIs inherit chrome privileges when opened from chrome MFSA 2008-50 Crash and remote code execution via __proto__ tampering MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading MFSA 2008-48 Image stealing via canvas and HTTP redirect MFSA 2008-47 Information stealing via local shortcut files MFSA 2008-46 Heap overflow when canceling newsgroup message MFSA 2008-44 resource: traversal vulnerabilities MFSA 2008-43 BOM characters stripped from JavaScript before execution MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17) MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation MFSA 2008-37 UTF-8 URL stack-based buffer overflow
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 34771
    published 2008-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34771
    title FreeBSD : mozilla -- multiple vulnerabilities (f29fea8f-b19f-11dd-a55e-00163e000016)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-667-1.NASL
    description Liu Die Yu discovered an information disclosure vulnerability in Firefox when using saved .url shortcut files. If a user were tricked into downloading a crafted .url file and a crafted HTML file, an attacker could steal information from the user's cache. (CVE-2008-4582) Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the same-origin check in Firefox could be bypassed. If a user were tricked into opening a malicious website, an attacker could obtain private information from data stored in the images, or discover information about software on the user's computer. This issue only affects Firefox 2. (CVE-2008-5012) It was discovered that Firefox did not properly check if the Flash module was properly unloaded. By tricking a user into opening a crafted SWF file, an attacker could cause Firefox to crash and possibly execute arbitrary code with user privileges. This issue only affects Firefox 2. (CVE-2008-5013) Jesse Ruderman discovered that Firefox did not properly guard locks on non-native objects. If a user were tricked into opening a malicious website, an attacker could cause a browser crash and possibly execute arbitrary code with user privileges. This issue only affects Firefox 2. (CVE-2008-5014) Luke Bryan discovered that Firefox sometimes opened file URIs with chrome privileges. If a user saved malicious code locally, then opened the file in the same tab as a privileged document, an attacker could run arbitrary JavaScript code with chrome privileges. This issue only affects Firefox 3.0. (CVE-2008-5015) Several problems were discovered in the browser, layout and JavaScript engines. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. (CVE-2008-5016, CVE-2008-5017, CVE-2008-5018) David Bloom discovered that the same-origin check in Firefox could be bypassed by utilizing the session restore feature. An attacker could exploit this to run JavaScript in the context of another site or execute arbitrary JavaScript code with chrome privileges. (CVE-2008-5019) Justin Schuh discovered a flaw in Firefox's mime-type parsing. If a user were tricked into opening a malicious website, an attacker could send a crafted header in the HTTP index response, causing a browser crash and execute arbitrary code with user privileges. (CVE-2008-0017) A flaw was discovered in Firefox's DOM constructing code. If a user were tricked into opening a malicious website, an attacker could cause the browser to crash and potentially execute arbitrary code with user privileges. (CVE-2008-5021) It was discovered that the same-origin check in Firefox could be bypassed. If a user were tricked into opening a malicious website, an attacker could execute JavaScript in the context of a different website. (CVE-2008-5022) Collin Jackson discovered various flaws in Firefox when processing stylesheets which allowed JavaScript to be injected into signed JAR files. If a user were tricked into opening malicious web content, an attacker could execute arbitrary code with the privileges of the signed JAR or of a different website. (CVE-2008-5023) Chris Evans discovered that Firefox did not properly parse E4X documents, leading to quote characters in the namespace not being properly escaped. (CVE-2008-5024). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 36711
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36711
    title Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : firefox, firefox-3.0, xulrunner-1.9 vulnerabilities (USN-667-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1697.NASL
    description Several remote vulnerabilities have been discovered in Iceape an unbranded version of the SeaMonkey internet suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0016 Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. (MFSA 2008-37) - CVE-2008-0304 It was discovered that a buffer overflow in MIME decoding can lead to the execution of arbitrary code. (MFSA 2008-26) - CVE-2008-2785 It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code. (MFSA 2008-34) - CVE-2008-2798 Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. (MFSA 2008-21) - CVE-2008-2799 Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. (MFSA 2008-21) - CVE-2008-2800 'moz_bug_r_a4' discovered several cross-site scripting vulnerabilities. (MFSA 2008-22) - CVE-2008-2801 Collin Jackson and Adam Barth discovered that JavaScript code could be executed in the context or signed JAR archives. (MFSA 2008-23) - CVE-2008-2802 'moz_bug_r_a4' discovered that XUL documements can escalate privileges by accessing the pre-compiled 'fastload' file. (MFSA 2008-24) - CVE-2008-2803 'moz_bug_r_a4' discovered that missing input sanitising in the mozIJSSubScriptLoader.loadSubScript() function could lead to the execution of arbitrary code. Iceape itself is not affected, but some addons are. (MFSA 2008-25) - CVE-2008-2805 Claudio Santambrogio discovered that missing access validation in DOM parsing allows malicious websites to force the browser to upload local files to the server, which could lead to information disclosure. (MFSA 2008-27) - CVE-2008-2807 Daniel Glazman discovered that a programming error in the code for parsing .properties files could lead to memory content being exposed to addons, which could lead to information disclosure. (MFSA 2008-29) - CVE-2008-2808 Masahiro Yamada discovered that file URLs in directory listings were insufficiently escaped. (MFSA 2008-30) - CVE-2008-2809 John G. Myers, Frank Benkstein and Nils Toedtmann discovered that alternate names on self-signed certificates were handled insufficiently, which could lead to spoofings of secure connections. (MFSA 2008-31) - CVE-2008-2810 It was discovered that URL shortcut files could be used to bypass the same-origin restrictions. This issue does not affect current Iceape, but might occur with additional extensions installed. (MFSA 2008-32) - CVE-2008-2811 Greg McManus discovered a crash in the block reflow code, which might allow the execution of arbitrary code. (MFSA 2008-33) - CVE-2008-2933 Billy Rios discovered that passing an URL containing a pipe symbol to Iceape can lead to Chrome privilege escalation. (MFSA 2008-35) - CVE-2008-3835 'moz_bug_r_a4' discovered that the same-origin check in nsXMLDocument::OnChannelRedirect() could be bypassed. (MFSA 2008-38) - CVE-2008-3836 'moz_bug_r_a4' discovered that several vulnerabilities in feedWriter could lead to Chrome privilege escalation. (MFSA 2008-39) - CVE-2008-3837 Paul Nickerson discovered that an attacker could move windows during a mouse click, resulting in unwanted action triggered by drag-and-drop. (MFSA 2008-40) - CVE-2008-4058 'moz_bug_r_a4' discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41) - CVE-2008-4059 'moz_bug_r_a4' discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41) - CVE-2008-4060 Olli Pettay and 'moz_bug_r_a4' discovered a Chrome privilege escalation vulnerability in XSLT handling. (MFSA 2008-41) - CVE-2008-4061 Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. (MFSA 2008-42) - CVE-2008-4062 Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. (MFSA 2008-42) - CVE-2008-4065 Dave Reed discovered that some Unicode byte order marks are stripped from JavaScript code before execution, which can result in code being executed, which were otherwise part of a quoted string. (MFSA 2008-43) - CVE-2008-4067 Boris Zbarsky discovered that resource: URLs allow directory traversal when using URL-encoded slashes. (MFSA 2008-44) - CVE-2008-4068 Georgi Guninski discovered that resource: URLs could bypass local access restrictions. (MFSA 2008-44) - CVE-2008-4069 Billy Hoffman discovered that the XBM decoder could reveal uninitialised memory. (MFSA 2008-45) - CVE-2008-4070 It was discovered that a buffer overflow could be triggered via a long header in a news article, which could lead to arbitrary code execution. (MFSA 2008-46) - CVE-2008-5012 Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. (MFSA 2008-48) - CVE-2008-5013 It was discovered that insufficient checks in the Flash plugin glue code could lead to arbitrary code execution. (MFSA 2008-49) - CVE-2008-5014 Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. (MFSA 2008-50) - CVE-2008-5017 It was discovered that crashes in the layout engine could lead to arbitrary code execution. (MFSA 2008-52) - CVE-2008-0017 Justin Schuh discovered that a buffer overflow in http-index-format parser could lead to arbitrary code execution. (MFSA 2008-54) - CVE-2008-5021 It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. (MFSA 2008-55) - CVE-2008-5022 'moz_bug_r_a4' discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners() could be bypassed. (MFSA 2008-56) - CVE-2008-5024 Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. (MFSA 2008-58) - CVE-2008-4582 Liu Die Yu discovered an information leak through local shortcut files. (MFSA 2008-59) - CVE-2008-5500 Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. (MFSA 2008-60) - CVE-2008-5503 Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. (MFSA 2008-61) - CVE-2008-5506 Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. (MFSA 2008-64) - CVE-2008-5507 Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. (MFSA 2008-65) - CVE-2008-5508 Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. (MFSA 2008-66) - CVE-2008-5511 It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an 'unloaded document.' (MFSA 2008-68) - CVE-2008-5512 It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. (MFSA 2008-68)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 35314
    published 2009-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35314
    title Debian DSA-1697-1 : iceape - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLAFIREFOX-5786.NASL
    description This update brings the Mozilla Firefox browser to version 2.0.0.18. It fixes following security issues : - The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. (CVE-2008-0017 / MFSA 2008-54) - Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. (CVE-2008-5012 / MFSA 2008-48) - Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that 'dynamically unloads itself from an outside JavaScript function,' which triggers an access of an expired memory address. (CVE-2008-5013 / MFSA 2008-49) CVE-2008-5014 / MFSA 2008-50 jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function. - Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system. (CVE-2008-5015 / MFSA 2008-51) - The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences. (CVE-2008-5016 / MFSA 2008-52) - Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors. (CVE-2008-5017 / MFSA 2008-52) - The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to 'insufficient class checking' in the Date class. CVE-2008-5019 / MFSA 2008-53: The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors. (CVE-2008-5018 / MFSA 2008-52) - nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. (CVE-2008-5021 / MFSA 2008-55) - The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check. (CVE-2008-5022 / MFSA 2008-56) - Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file. (CVE-2008-5023 / MFSA 2008-57) - Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document. (CVE-2008-5024 / MFSA 2008-58) - The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js. (CVE-2008-5052 / MFSA 2008-52)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 34941
    published 2008-11-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34941
    title SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5786)
  • NASL family Windows
    NASL id SEAMONKEY_1113.NASL
    description The installed version of SeaMonkey is earlier than 1.1.13. Such versions are potentially affected by the following security issues : - Locally saved '.url' shortcut files can be used to read information stored in the local cache. (MFSA 2008-47) - The canvas element can be used in conjunction with an HTTP redirect to bypass same-origin restrictions and gain access to the content in arbitrary images from other domains. (MFSA 2008-48) - Arbitrary code execution is possible via Flash Player dynamic module unloading. (MFSA 2008-49) - By tampering with the window.__proto__.__proto__ object, one can cause the browser to place a lock on a non- native object, leading to a crash and possible code execution. (MFSA 2008-50) - There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption. (MFSA 2008-52) - There is a buffer overflow that can be triggered by sending a specially crafted 200 header line in the HTTP index response. (MFSA 2008-54) - Crashes and remote code execution in nsFrameManager are possible by modifying certain properties of a file input element before it has finished initializing. (MFSA 2008-55) - The same-origin check in 'nsXMLHttpRequest::NotifyEventListeners()' can be bypassed. (MFSA 2008-56) - The '-moz-binding' CSS property can be used to bypass security checks which validate codebase principals. (MFSA 2008-57) - There is an error in the method used to parse the default namespace in an E4X document caused by quote characters in the namespace not being properly escaped. (MFSA 2008-58) - Scripts in a malicous mail message can access the .document URI and .textContext. DOM properties. (MFSA 2008-59)
    last seen 2019-02-21
    modified 2018-09-17
    plugin id 34768
    published 2008-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34768
    title SeaMonkey < 1.1.13 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_MOZILLAFIREFOX-081124.NASL
    description This update brings the Mozilla Firefox browser to version 3.0.4. It fixes following security issues : CVE-2008-0017 / MFSA 2008-54 : The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. CVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. CVE-2008-5013 / MFSA 2008-49 : Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that 'dynamically unloads itself from an outside JavaScript function,' which triggers an access of an expired memory address. CVE-2008-5014 / MFSA 2008-50 jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function. CVE-2008-5015 / MFSA 2008-51 : Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system. CVE-2008-5016 / MFSA 2008-52 : The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences. CVE-2008-5017 / MFSA 2008-52: Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors. CVE-2008-5018 / MFSA 2008-52: The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to 'insufficient class checking' in the Date class. CVE-2008-5019 / MFSA 2008-53: The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors. CVE-2008-5021 / MFSA 2008-55: nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. CVE-2008-5022 / MFSA 2008-56: The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check. CVE-2008-5023 / MFSA 2008-57: Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file. CVE-2008-5024 / MFSA 2008-58: Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document. CVE-2008-5052 / MFSA 2008-52: The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 39884
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39884
    title openSUSE Security Update : MozillaFirefox (MozillaFirefox-334)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_20018.NASL
    description The installed version of Firefox is earlier than 2.0.0.18. Such versions are potentially affected by the following security issues : - Locally saved '.url' shortcut files can be used to read information stored in the local cache. (MFSA 2008-47) - The canvas element can be used in conjunction with an HTTP redirect to bypass same-origin restrictions and gain access to the content in arbitrary images from other domains. (MFSA 2008-48) - Arbitrary code execution is possible via Flash Player dynamic module unloading. (MFSA 2008-49) - By tampering with the window.__proto__.__proto__ object, one can cause the browser to place a lock on a non- native object, leading to a crash and possible code execution. (MFSA 2008-50) - There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption. (MFSA 2008-52) - The browser's session restore feature can be used to violate the same-origin policy and run JavaScript in the context of another site. (MFSA 2008-53) - There is a buffer overflow that can be triggered by sending a specially crafted 200 header line in the HTTP index response. (MFSA 2008-54) - Crashes and remote code execution in nsFrameManager are possible by modifying certain properties of a file input element before it has finished initializing. (MFSA 2008-55) - The same-origin check in 'nsXMLHttpRequest::NotifyEventListeners()' can be bypassed. (MFSA 2008-56) - The '-moz-binding' CSS property can be used to bypass security checks which validate codebase principals. (MFSA 2008-57) - There is an error in the method used to parse the default namespace in an E4X document caused by quote characters in the namespace not being properly escaped. (MFSA 2008-58)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 34766
    published 2008-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34766
    title Firefox < 2.0.0.18 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLAFIREFOX-5812.NASL
    description This update brings the Mozilla Firefox browser to version 2.0.0.18. It fixes following security issues : CVE-2008-0017 / MFSA 2008-54 : The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. CVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. CVE-2008-5013 / MFSA 2008-49 : Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that 'dynamically unloads itself from an outside JavaScript function,' which triggers an access of an expired memory address. CVE-2008-5014 / MFSA 2008-50 jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function. CVE-2008-5015 / MFSA 2008-51 : Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system. CVE-2008-5016 / MFSA 2008-52 : The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences. CVE-2008-5017 / MFSA 2008-52: Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors. CVE-2008-5018 / MFSA 2008-52: The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to 'insufficient class checking' in the Date class. CVE-2008-5019 / MFSA 2008-53: The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors. CVE-2008-5021 / MFSA 2008-55: nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. CVE-2008-5022 / MFSA 2008-56: The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check. CVE-2008-5023 / MFSA 2008-57: Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file. CVE-2008-5024 / MFSA 2008-58: Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document. CVE-2008-5052 / MFSA 2008-52: The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js.
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 34957
    published 2008-11-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34957
    title openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-5812)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0978.NASL
    description From Red Hat Security Advisory 2008:0978 : An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-0017, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021) Several flaws were found in the way malformed content was processed. A web site containing specially crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-5022, CVE-2008-5023, CVE-2008-5024) A flaw was found in the way Firefox opened 'file:' URIs. If a file: URI was loaded in the same tab as a chrome or privileged 'about:' page, the file: URI could execute arbitrary code with the permissions of the user running Firefox. (CVE-2008-5015) For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.4. You can find a link to the Mozilla advisories in the References section. All firefox users should upgrade to these updated packages, which contain backported patches that correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67766
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67766
    title Oracle Linux 5 : firefox (ELSA-2008-0978)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0978.NASL
    description An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-0017, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021) Several flaws were found in the way malformed content was processed. A web site containing specially crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-5022, CVE-2008-5023, CVE-2008-5024) A flaw was found in the way Firefox opened 'file:' URIs. If a file: URI was loaded in the same tab as a chrome or privileged 'about:' page, the file: URI could execute arbitrary code with the permissions of the user running Firefox. (CVE-2008-5015) For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.4. You can find a link to the Mozilla advisories in the References section. All firefox users should upgrade to these updated packages, which contain backported patches that correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43715
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43715
    title CentOS 4 / 5 : firefox (CESA-2008:0978)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20081112_FIREFOX_ON_SL4_X.NASL
    description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-0017, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021) Several flaws were found in the way malformed content was processed. A web site containing specially crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-5022, CVE-2008-5023, CVE-2008-5024) A flaw was found in the way Firefox opened 'file:' URIs. If a file: URI was loaded in the same tab as a chrome or privileged 'about:' page, the file: URI could execute arbitrary code with the permissions of the user running Firefox. (CVE-2008-5015) For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.4.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60494
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60494
    title Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201301-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 63402
    published 2013-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63402
    title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLA-XULRUNNER181-5820.NASL
    description This update backports security fixes to the Mozilla XULRunner engine. It fixes following security issues : CVE-2008-0017 / MFSA 2008-54: The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. CVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. CVE-2008-5013 / MFSA 2008-49: Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that 'dynamically unloads itself from an outside JavaScript function,' which triggers an access of an expired memory address. CVE-2008-5014 / MFSA 2008-50: jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function. CVE-2008-5016 / MFSA 2008-52: The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences. CVE-2008-5017 / MFSA 2008-52: Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors. CVE-2008-5018 / MFSA 2008-52: The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to 'insufficient class checking' in the Date class. CVE-2008-5021 / MFSA 2008-55: nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. CVE-2008-5022 / MFSA 2008-56: The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check. CVE-2008-5023 / MFSA 2008-57: Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file. CVE-2008-5024 / MFSA 2008-58: Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document. CVE-2008-5052 / MFSA 2008-52: The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js.
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 34960
    published 2008-11-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34960
    title openSUSE 10 Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-5820)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GECKO-SDK-5813.NASL
    description This update backports the latest security fixes to the Mozilla XULRunner engine. It fixes following security issues : - The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. (CVE-2008-0017 / MFSA 2008-54) - Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. (CVE-2008-5012 / MFSA 2008-48) - Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that 'dynamically unloads itself from an outside JavaScript function,' which triggers an access of an expired memory address. (CVE-2008-5013 / MFSA 2008-49) - jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function. (CVE-2008-5014 / MFSA 2008-50) - The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences. (CVE-2008-5016 / MFSA 2008-52) - Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors. (CVE-2008-5017 / MFSA 2008-52) - The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to 'insufficient class checking' in the Date class. (CVE-2008-5018 / MFSA 2008-52) - nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. (CVE-2008-5021 / MFSA 2008-55) - The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check. (CVE-2008-5022 / MFSA 2008-56) - Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file. (CVE-2008-5023 / MFSA 2008-57) - Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document. (CVE-2008-5024 / MFSA 2008-58) - The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js. (CVE-2008-5052 / MFSA 2008-52)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 41511
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41511
    title SuSE 10 Security Update : gecko-sdk and mozilla-xulrunner (ZYPP Patch Number 5813)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_304.NASL
    description The installed version of Firefox 3.0 is earlier than 3.0.4. Such versions are potentially affected by the following security issues : - Locally saved '.url' shortcut files can be used to read information stored in the local cache. (MFSA 2008-47) - 'file:' URIs are given chrome privileges when opened in the same tab as a chrome page or privileged 'about:' page, which could allow an attacker to run arbitrary JavaScript with chrome privileges. (MFSA 2008-51) - There are several stability bugs in the browser engine that could lead to crashes with evidence of memory corruption. (MFSA 2008-52) - The browser's session restore feature can be used to violate the same-origin policy and run JavaScript in the context of another site. (MFSA 2008-53) - There is a buffer overflow that can be triggered by sending a specially crafted 200 header line in the HTTP index response. (MFSA 2008-54) - Crashes and remote code execution in nsFrameManager are possible by modifying certain properties of a file input element before it has finished initializing. (MFSA 2008-55) - The same-origin check in 'nsXMLHttpRequest::NotifyEventListeners()' can be bypassed. (MFSA 2008-56) - The '-moz-binding' CSS property can be used to bypass security checks which validate codebase principals. (MFSA 2008-57) - There is an error in the method used to parse the default namespace in an E4X document caused by quote characters in the namespace not being properly escaped. (MFSA 2008-58)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 34767
    published 2008-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34767
    title Firefox 3.0.x < 3.0.4 Multiple Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1669.NASL
    description Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0016 Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. - CVE-2008-3835 'moz_bug_r_a4' discovered that the same-origin check in nsXMLDocument::OnChannelRedirect() could by bypassed. - CVE-2008-3836 'moz_bug_r_a4' discovered that several vulnerabilities in feedWriter could lead to Chrome privilege escalation. - CVE-2008-3837 Paul Nickerson discovered that an attacker could move windows during a mouse click, resulting in unwanted action triggered by drag-and-drop. - CVE-2008-4058 'moz_bug_r_a4' discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. - CVE-2008-4059 'moz_bug_r_a4' discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. - CVE-2008-4060 Olli Pettay and 'moz_bug_r_a4' discovered a Chrome privilege escalation vulnerability in XSLT handling. - CVE-2008-4061 Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. - CVE-2008-4062 Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. - CVE-2008-4065 Dave Reed discovered that some Unicode byte order marks are stripped from JavaScript code before execution, which can result in code being executed, which were otherwise part of a quoted string. - CVE-2008-4066 Gareth Heyes discovered that some Unicode surrogate characters are ignored by the HTML parser. - CVE-2008-4067 Boris Zbarsky discovered that resource: URls allow directory traversal when using URL-encoded slashes. - CVE-2008-4068 Georgi Guninski discovered that resource: URLs could bypass local access restrictions. - CVE-2008-4069 Billy Hoffman discovered that the XBM decoder could reveal uninitialised memory. - CVE-2008-4582 Liu Die Yu discovered an information leak through local shortcut files. - CVE-2008-5012 Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. - CVE-2008-5013 It was discovered that insufficient checks in the Flash plugin glue code could lead to arbitrary code execution. - CVE-2008-5014 Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. - CVE-2008-5017 It was discovered that crashes in the layout engine could lead to arbitrary code execution. - CVE-2008-5018 It was discovered that crashes in the JavaScript engine could lead to arbitrary code execution. - CVE-2008-0017 Justin Schuh discovered that a buffer overflow in http-index-format parser could lead to arbitrary code execution. - CVE-2008-5021 It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. - CVE-2008-5022 'moz_bug_r_a4' discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners() could be bypassed. - CVE-2008-5023 Collin Jackson discovered that the -moz-binding property bypasses security checks on codebase principals. - CVE-2008-5024 Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 34938
    published 2008-11-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34938
    title Debian DSA-1669-1 : xulrunner - several vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0977.NASL
    description Updated SeaMonkey packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-0017, CVE-2008-5013, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021) Several flaws were found in the way malformed content was processed. A web site containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-5012, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024) All SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 34763
    published 2008-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34763
    title RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0977)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SEAMONKEY-5815.NASL
    description This update brings the Mozilla SeaMonkey browser to version 1.1.13. It fixes following security issues : CVE-2008-0017 / MFSA 2008-54 : The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. CVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. CVE-2008-5013 / MFSA 2008-49 : Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that 'dynamically unloads itself from an outside JavaScript function,' which triggers an access of an expired memory address. CVE-2008-5014 / MFSA 2008-50 jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function. CVE-2008-5016 / MFSA 2008-52 : The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences. CVE-2008-5017 / MFSA 2008-52: Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors. CVE-2008-5018 / MFSA 2008-52: The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to 'insufficient class checking' in the Date class. CVE-2008-5021 / MFSA 2008-55: nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. CVE-2008-5022 / MFSA 2008-56: The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check. CVE-2008-5023 / MFSA 2008-57: Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file. CVE-2008-5024 / MFSA 2008-58: Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document. CVE-2008-5052 / MFSA 2008-52: The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js.
    last seen 2019-02-21
    modified 2016-12-27
    plugin id 34961
    published 2008-11-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34961
    title openSUSE 10 Security Update : seamonkey (seamonkey-5815)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1671.NASL
    description Several remote vulnerabilities have been discovered in the Iceweasel webbrowser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0017 Justin Schuh discovered that a buffer overflow in the http-index-format parser could lead to arbitrary code execution. - CVE-2008-4582 Liu Die Yu discovered an information leak through local shortcut files. - CVE-2008-5012 Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. - CVE-2008-5013 It was discovered that insufficient checks in the Flash plugin glue code could lead to arbitrary code execution. - CVE-2008-5014 Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. - CVE-2008-5017 It was discovered that crashes in the layout engine could lead to arbitrary code execution. - CVE-2008-5018 It was discovered that crashes in the JavaScript engine could lead to arbitrary code execution. - CVE-2008-5021 It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. - CVE-2008-5022 'moz_bug_r_a4' discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners() could be bypassed. - CVE-2008-5023 Collin Jackson discovered that the -moz-binding property bypasses security checks on codebase principals. - CVE-2008-5024 Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 34950
    published 2008-11-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34950
    title Debian DSA-1671-1 : iceweasel - several vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0977.NASL
    description From Red Hat Security Advisory 2008:0977 : Updated SeaMonkey packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-0017, CVE-2008-5013, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021) Several flaws were found in the way malformed content was processed. A web site containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-5012, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024) All SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67765
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67765
    title Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0977)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-9669.NASL
    description Updated firefox and xulrunner packages that fix various security issues are now available for Fedora Core 9. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-0017, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-5022, CVE-2008-5023, CVE-2008-5024) A flaw was found in the way Firefox opened 'file:' URIs. If a file: URI was loaded in the same tab as a chrome or privileged 'about:' page, the file: URI could execute arbitrary code with the permissions of the user running Firefox. (CVE-2008-5015) For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.4[1]. All firefox users and users of packages depending on xulrunner[2] should upgrade to these updated packages, which contain patches that correct these issues. [1] http://www.mozilla.org/security/known- vulnerabilities/firefox30.html#firefox3.0.4 [2] cairo-dock chmsee devhelp epiphany epiphany-extensions evolution-rss galeon gnome-python2-extras gnome- web-photo google-gadgets gtkmozembedmm kazehakase Miro mozvoikko mugshot ruby- gnome2 totem yelp Provides Python bindings for libgdl on PPC64. This update fixes a build break. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 34778
    published 2008-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34778
    title Fedora 9 : Miro-1.2.7-2.fc9 / cairo-dock-1.6.3.1-1.fc9.1 / chmsee-1.0.1-6.fc9 / devhelp-0.19.1-6.fc9 / etc (2008-9669)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0977.NASL
    description Updated SeaMonkey packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-0017, CVE-2008-5013, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021) Several flaws were found in the way malformed content was processed. A web site containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-5012, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024) All SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 36485
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36485
    title CentOS 3 / 4 : seamonkey (CESA-2008:0977)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GECKO-SDK-5811.NASL
    description This update backports the latest security fixes to the Mozilla XULRunner engine. It fixes following security issues : - The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. (CVE-2008-0017 / MFSA 2008-54) - Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. (CVE-2008-5012 / MFSA 2008-48) - Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that 'dynamically unloads itself from an outside JavaScript function,' which triggers an access of an expired memory address. (CVE-2008-5013 / MFSA 2008-49) - jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function. (CVE-2008-5014 / MFSA 2008-50) - The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences. (CVE-2008-5016 / MFSA 2008-52) - Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors. (CVE-2008-5017 / MFSA 2008-52) - The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to 'insufficient class checking' in the Date class. (CVE-2008-5018 / MFSA 2008-52) - nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. (CVE-2008-5021 / MFSA 2008-55) - The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check. (CVE-2008-5022 / MFSA 2008-56) - Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file. (CVE-2008-5023 / MFSA 2008-57) - Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document. (CVE-2008-5024 / MFSA 2008-58) - The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js. (CVE-2008-5052 / MFSA 2008-52)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 34967
    published 2008-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34967
    title SuSE 10 Security Update : gecko-sdk and mozilla-xulrunner (ZYPP Patch Number 5811)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-9667.NASL
    description Updated firefox and xulrunner packages that fix various security issues are now available for Fedora Core 8. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-0017, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-5022, CVE-2008-5023, CVE-2008-5024) A flaw was found in the way Firefox opened 'file:' URIs. If a file: URI was loaded in the same tab as a chrome or privileged 'about:' page, the file: URI could execute arbitrary code with the permissions of the user running Firefox. (CVE-2008-5015) For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 2.0.0.18[1]. All firefox users and users of packages depending on firefox[2] should upgrade to these updated packages, which correct these issues. [1] http://www.mozilla.org/security/known- vulnerabilities/firefox20.html#firefox2.0.0.18 [2] blam cairo-dock chmsee devhelp epiphany epiphany-extensions evolution-rss galeon gnome-python2-extras gnome-web-photo kazehakase liferea Miro openvrml ruby-gnome2 yelp Provides Python bindings for libgdl on PPC64. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 34777
    published 2008-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34777
    title Fedora 8 : Miro-1.2.7-2.fc8 / blam-1.8.3-19.fc8 / cairo-dock-1.6.3.1-1.fc8.1 / chmsee-1.0.0-5.31.fc8 / etc (2008-9667)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-230.NASL
    description Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 3.x, version 3.0.4 (CVE-2008-0017, CVE-2008-5014, CVE-2008-5015, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024). This update provides the latest Mozilla Firefox 3.x to correct these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 37572
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37572
    title Mandriva Linux Security Advisory : firefox (MDVSA-2008:230)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0978.NASL
    description An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-0017, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021) Several flaws were found in the way malformed content was processed. A web site containing specially crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-5022, CVE-2008-5023, CVE-2008-5024) A flaw was found in the way Firefox opened 'file:' URIs. If a file: URI was loaded in the same tab as a chrome or privileged 'about:' page, the file: URI could execute arbitrary code with the permissions of the user running Firefox. (CVE-2008-5015) For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.4. You can find a link to the Mozilla advisories in the References section. All firefox users should upgrade to these updated packages, which contain backported patches that correct these issues.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 34764
    published 2008-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34764
    title RHEL 4 / 5 : firefox (RHSA-2008:0978)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_MOZILLA-XULRUNNER181-081122.NASL
    description This update backports security fixes to the Mozilla XULRunner engine. It fixes following security issues : CVE-2008-0017 / MFSA 2008-54: The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. CVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. CVE-2008-5013 / MFSA 2008-49: Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that 'dynamically unloads itself from an outside JavaScript function,' which triggers an access of an expired memory address. CVE-2008-5014 / MFSA 2008-50: jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function. CVE-2008-5016 / MFSA 2008-52: The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences. CVE-2008-5017 / MFSA 2008-52: Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors. CVE-2008-5018 / MFSA 2008-52: The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to 'insufficient class checking' in the Date class. CVE-2008-5021 / MFSA 2008-55: nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. CVE-2008-5022 / MFSA 2008-56: The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check. CVE-2008-5023 / MFSA 2008-57: Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file. CVE-2008-5024 / MFSA 2008-58: Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document. CVE-2008-5052 / MFSA 2008-52: The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 40072
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40072
    title openSUSE Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-329)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-228.NASL
    description Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 2.x, version 2.0.0.18 (CVE-2008-0017, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024, CVE-2008-5052). This update provides the latest Mozilla Firefox 2.x to correct these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 37285
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37285
    title Mandriva Linux Security Advisory : mozilla-firefox (MDVSA-2008:228)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_SEAMONKEY-081122.NASL
    description This update brings the Mozilla SeaMonkey browser to version 1.1.13. It fixes following security issues : CVE-2008-0017 / MFSA 2008-54 : The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. CVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. CVE-2008-5013 / MFSA 2008-49 : Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that 'dynamically unloads itself from an outside JavaScript function,' which triggers an access of an expired memory address. CVE-2008-5014 / MFSA 2008-50 jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function. CVE-2008-5016 / MFSA 2008-52 : The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences. CVE-2008-5017 / MFSA 2008-52: Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors. CVE-2008-5018 / MFSA 2008-52: The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to 'insufficient class checking' in the Date class. CVE-2008-5021 / MFSA 2008-55: nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. CVE-2008-5022 / MFSA 2008-56: The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check. CVE-2008-5023 / MFSA 2008-57: Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file. CVE-2008-5024 / MFSA 2008-58: Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document. CVE-2008-5052 / MFSA 2008-52: The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 40131
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40131
    title openSUSE Security Update : seamonkey (seamonkey-326)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20081112_SEAMONKEY_ON_SL3_X.NASL
    description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-0017, CVE-2008-5013, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021) Several flaws were found in the way malformed content was processed. A web site containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-5012, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60495
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60495
    title Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
oval via4
accepted 2013-04-29T04:10:38.893-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.
family unix
id oval:org.mitre.oval:def:11005
status accepted
submitted 2010-07-09T03:56:16-04:00
title The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.
version 24
redhat via4
advisories
  • rhsa
    id RHSA-2008:0977
  • rhsa
    id RHSA-2008:0978
rpms
  • seamonkey-0:1.0.9-0.25.el3
  • seamonkey-chat-0:1.0.9-0.25.el3
  • seamonkey-devel-0:1.0.9-0.25.el3
  • seamonkey-dom-inspector-0:1.0.9-0.25.el3
  • seamonkey-js-debugger-0:1.0.9-0.25.el3
  • seamonkey-mail-0:1.0.9-0.25.el3
  • seamonkey-nspr-0:1.0.9-0.25.el3
  • seamonkey-nspr-devel-0:1.0.9-0.25.el3
  • seamonkey-nss-0:1.0.9-0.25.el3
  • seamonkey-nss-devel-0:1.0.9-0.25.el3
  • seamonkey-0:1.0.9-28.el4
  • seamonkey-chat-0:1.0.9-28.el4
  • seamonkey-devel-0:1.0.9-28.el4
  • seamonkey-dom-inspector-0:1.0.9-28.el4
  • seamonkey-js-debugger-0:1.0.9-28.el4
  • seamonkey-mail-0:1.0.9-28.el4
  • firefox-0:3.0.4-1.el4
  • nss-0:3.12.1.1-3.el4
  • nss-devel-0:3.12.1.1-3.el4
  • firefox-0:3.0.4-1.el5
  • xulrunner-0:1.9.0.4-1.el5
  • xulrunner-devel-0:1.9.0.4-1.el5
  • xulrunner-devel-unstable-0:1.9.0.4-1.el5
  • nss-0:3.12.1.1-3.el5
  • nss-devel-0:3.12.1.1-3.el5
  • nss-pkcs11-devel-0:3.12.1.1-3.el5
  • nss-tools-0:3.12.1.1-3.el5
  • devhelp-0:0.12-20.el5
  • devhelp-devel-0:0.12-20.el5
  • yelp-0:2.16.0-22.el5
refmap via4
bid 32281
cert TA08-319A
confirm http://www.mozilla.org/security/announce/2008/mfsa2008-54.html
debian
  • DSA-1669
  • DSA-1671
  • DSA-1697
fedora
  • FEDORA-2008-9667
  • FEDORA-2008-9669
iss 20081113 Mozilla Unchecked Allocation Remote Code Execution
mandriva
  • MDVSA-2008:228
  • MDVSA-2008:230
misc https://bugzilla.mozilla.org/show_bug.cgi?id=443299
sectrack 1021185
secunia
  • 32684
  • 32693
  • 32694
  • 32695
  • 32713
  • 32714
  • 32721
  • 32778
  • 32845
  • 32853
  • 33433
  • 34501
sunalert 256408
suse SUSE-SA:2008:055
ubuntu USN-667-1
vupen
  • ADV-2008-3146
  • ADV-2009-0977
Last major update 30-10-2012 - 22:50
Published 13-11-2008 - 06:30
Last modified 26-10-2018 - 10:19
Back to Top