ID CVE-2008-2785
Summary Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349.
References
Vulnerable Configurations
  • Mozilla Firefox 2.0
    cpe:2.3:a:mozilla:firefox:2.0
  • Mozilla Firefox 2.0.0.1
    cpe:2.3:a:mozilla:firefox:2.0.0.1
  • Mozilla Firefox 2.0.0.2
    cpe:2.3:a:mozilla:firefox:2.0.0.2
  • Mozilla Firefox 2.0.0.3
    cpe:2.3:a:mozilla:firefox:2.0.0.3
  • Mozilla Firefox 2.0.0.4
    cpe:2.3:a:mozilla:firefox:2.0.0.4
  • Mozilla Firefox 2.0.0.5
    cpe:2.3:a:mozilla:firefox:2.0.0.5
  • Mozilla Firefox 2.0.0.6
    cpe:2.3:a:mozilla:firefox:2.0.0.6
  • Mozilla Firefox 2.0.0.7
    cpe:2.3:a:mozilla:firefox:2.0.0.7
  • Mozilla Firefox 2.0.0.8
    cpe:2.3:a:mozilla:firefox:2.0.0.8
  • Mozilla Firefox 2.0.0.9
    cpe:2.3:a:mozilla:firefox:2.0.0.9
  • Mozilla Firefox 2.0.0.10
    cpe:2.3:a:mozilla:firefox:2.0.0.10
  • Mozilla Firefox 2.0.0.11
    cpe:2.3:a:mozilla:firefox:2.0.0.11
  • Mozilla Firefox 2.0.0.12
    cpe:2.3:a:mozilla:firefox:2.0.0.12
  • Mozilla Firefox 2.0.0.13
    cpe:2.3:a:mozilla:firefox:2.0.0.13
  • Mozilla Firefox 2.0.0.14
    cpe:2.3:a:mozilla:firefox:2.0.0.14
  • Mozilla Firefox 2.0.0.15
    cpe:2.3:a:mozilla:firefox:2.0.0.15
  • Mozilla Firefox 3.0
    cpe:2.3:a:mozilla:firefox:3.0
  • Mozilla SeaMonkey 1.0
    cpe:2.3:a:mozilla:seamonkey:1.0
  • Mozilla SeaMonkey 1.0 alpha
    cpe:2.3:a:mozilla:seamonkey:1.0:alpha
  • Mozilla SeaMonkey 1.0 beta
    cpe:2.3:a:mozilla:seamonkey:1.0:beta
  • Mozilla SeaMonkey 1.0.1
    cpe:2.3:a:mozilla:seamonkey:1.0.1
  • Mozilla SeaMonkey 1.0.2
    cpe:2.3:a:mozilla:seamonkey:1.0.2
  • Mozilla SeaMonkey 1.0.3
    cpe:2.3:a:mozilla:seamonkey:1.0.3
  • Mozilla SeaMonkey 1.0.4
    cpe:2.3:a:mozilla:seamonkey:1.0.4
  • Mozilla SeaMonkey 1.0.5
    cpe:2.3:a:mozilla:seamonkey:1.0.5
  • Mozilla SeaMonkey 1.0.6
    cpe:2.3:a:mozilla:seamonkey:1.0.6
  • Mozilla SeaMonkey 1.0.7
    cpe:2.3:a:mozilla:seamonkey:1.0.7
  • Mozilla SeaMonkey 1.0.8
    cpe:2.3:a:mozilla:seamonkey:1.0.8
  • Mozilla SeaMonkey 1.0.9
    cpe:2.3:a:mozilla:seamonkey:1.0.9
  • Mozilla SeaMonkey 1.1
    cpe:2.3:a:mozilla:seamonkey:1.1
  • Mozilla SeaMonkey 1.1 alpha
    cpe:2.3:a:mozilla:seamonkey:1.1:alpha
  • Mozilla SeaMonkey 1.1 beta
    cpe:2.3:a:mozilla:seamonkey:1.1:beta
  • Mozilla Seamonkey 1.1.1
    cpe:2.3:a:mozilla:seamonkey:1.1.1
  • Mozilla Seamonkey 1.1.2
    cpe:2.3:a:mozilla:seamonkey:1.1.2
  • Mozilla Seamonkey 1.1.3
    cpe:2.3:a:mozilla:seamonkey:1.1.3
  • Mozilla Seamonkey 1.1.4
    cpe:2.3:a:mozilla:seamonkey:1.1.4
  • Mozilla Seamonkey 1.1.5
    cpe:2.3:a:mozilla:seamonkey:1.1.5
  • Mozilla Seamonkey 1.1.6
    cpe:2.3:a:mozilla:seamonkey:1.1.6
  • Mozilla Seamonkey 1.1.7
    cpe:2.3:a:mozilla:seamonkey:1.1.7
  • Mozilla SeaMonkey 1.1.8
    cpe:2.3:a:mozilla:seamonkey:1.1.8
  • Mozilla SeaMonkey 1.1.9
    cpe:2.3:a:mozilla:seamonkey:1.1.9
  • Mozilla SeaMonkey 1.1.10
    cpe:2.3:a:mozilla:seamonkey:1.1.10
  • Mozilla Thunderbird 0.1
    cpe:2.3:a:mozilla:thunderbird:0.1
  • Mozilla Thunderbird 0.2
    cpe:2.3:a:mozilla:thunderbird:0.2
  • Mozilla Thunderbird 0.3
    cpe:2.3:a:mozilla:thunderbird:0.3
  • Mozilla Thunderbird 0.4
    cpe:2.3:a:mozilla:thunderbird:0.4
  • Mozilla Thunderbird 0.5
    cpe:2.3:a:mozilla:thunderbird:0.5
  • Mozilla Thunderbird 0.6
    cpe:2.3:a:mozilla:thunderbird:0.6
  • Mozilla Thunderbird 0.7
    cpe:2.3:a:mozilla:thunderbird:0.7
  • Mozilla Thunderbird 0.8
    cpe:2.3:a:mozilla:thunderbird:0.8
  • Mozilla Thunderbird 0.9
    cpe:2.3:a:mozilla:thunderbird:0.9
  • Mozilla Thunderbird 1.0
    cpe:2.3:a:mozilla:thunderbird:1.0
  • Mozilla Thunderbird 1.0.2
    cpe:2.3:a:mozilla:thunderbird:1.0.2
  • Mozilla Thunderbird 1.0.5
    cpe:2.3:a:mozilla:thunderbird:1.0.5
  • Mozilla Thunderbird 1.0.6
    cpe:2.3:a:mozilla:thunderbird:1.0.6
  • Mozilla Thunderbird 1.0.7
    cpe:2.3:a:mozilla:thunderbird:1.0.7
  • Mozilla Thunderbird 1.0.8
    cpe:2.3:a:mozilla:thunderbird:1.0.8
  • Mozilla Thunderbird 1.5
    cpe:2.3:a:mozilla:thunderbird:1.5
  • Mozilla Thunderbird 1.5.0.2
    cpe:2.3:a:mozilla:thunderbird:1.5.0.2
  • Mozilla Thunderbird 1.5.0.4
    cpe:2.3:a:mozilla:thunderbird:1.5.0.4
  • Mozilla Thunderbird 1.5.0.5
    cpe:2.3:a:mozilla:thunderbird:1.5.0.5
  • Mozilla Thunderbird 1.5.0.7
    cpe:2.3:a:mozilla:thunderbird:1.5.0.7
  • Mozilla Thunderbird 1.5.0.8
    cpe:2.3:a:mozilla:thunderbird:1.5.0.8
  • Mozilla Thunderbird 1.5.0.9
    cpe:2.3:a:mozilla:thunderbird:1.5.0.9
  • Mozilla Thunderbird 1.5.0.10
    cpe:2.3:a:mozilla:thunderbird:1.5.0.10
  • Mozilla Thunderbird 1.5.0.12
    cpe:2.3:a:mozilla:thunderbird:1.5.0.12
  • Mozilla Thunderbird 1.5.0.13
    cpe:2.3:a:mozilla:thunderbird:1.5.0.13
  • Mozilla Thunderbird 1.5.0.14
    cpe:2.3:a:mozilla:thunderbird:1.5.0.14
  • Mozilla Thunderbird 2.0.0.0
    cpe:2.3:a:mozilla:thunderbird:2.0.0.0
  • Mozilla Thunderbird 2.0.0.4
    cpe:2.3:a:mozilla:thunderbird:2.0.0.4
  • Mozilla Thunderbird 2.0.0.5
    cpe:2.3:a:mozilla:thunderbird:2.0.0.5
  • Mozilla Thunderbird 2.0.0.6
    cpe:2.3:a:mozilla:thunderbird:2.0.0.6
  • Mozilla Thunderbird 2.0.0.9
    cpe:2.3:a:mozilla:thunderbird:2.0.0.9
  • Mozilla Thunderbird 2.0.0.12
    cpe:2.3:a:mozilla:thunderbird:2.0.0.12
  • Mozilla Thunderbird 2.0.0.14
    cpe:2.3:a:mozilla:thunderbird:2.0.0.14
CVSS
Base: 9.3 (as of 20-06-2008 - 10:09)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-6706.NASL
    description Updated thunderbird packages that fix several security issues are now available for Fedora 8. Several flaws were found in the processing of malformed HTML content. An HTML mail containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2811) Multiple flaws were found in the processing of malformed JavaScript content. An HTML mail containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-2802, CVE-2008-2803) A flaw was found in the way a malformed .properties file was processed by Thunderbird. A malicious extension could read uninitialized memory, possibly leaking sensitive data to the extension. (CVE-2008-2807) A flaw was found in the way Thunderbird displayed information about self-signed certificates. It was possible for a self-signed certificate to contain multiple alternate name entries, which were not all displayed to the user, allowing them to mistakenly extend trust to an unknown site. (CVE-2008-2809) Thunderbird was updated to upstream version 2.0.0.16 to address these flaws: http://www.mozilla.org/security/known- vulnerabilities/thunderbird20.html#thunderbird2.0.0.16 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 33841
    published 2008-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33841
    title Fedora 8 : thunderbird-2.0.0.16-1.fc8 (2008-6706)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-626-1.NASL
    description A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2785) Billy Rios discovered that Firefox and xulrunner, as used by browsers such as Epiphany, did not properly perform URI splitting with pipe symbols when passed a command-line URI. If Firefox or xulrunner were passed a malicious URL, an attacker may be able to execute local content with chrome privileges. (CVE-2008-2933). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 33758
    published 2008-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33758
    title Ubuntu 8.04 LTS : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-626-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLATHUNDERBIRD-5599.NASL
    description Mozilla Thunderbird was updated to 2.0.0.16. MFSA 2008-34 / CVE-2008-2785: An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla CSS reference counting code. The vulnerability was caused by an insufficiently sized variable being used as a reference counter for CSS objects. By creating a very large number of references to a common CSS object, this counter could be overflowed which could cause a crash when the browser attempts to free the CSS object while still in use. An attacker could use this crash to run arbitrary code on the victim's computer
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 34198
    published 2008-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34198
    title openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-5599)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SEAMONKEY-5600.NASL
    description SeaMonkey was updated to version 1.1.11. Problems fixed in the 1.1.11 update: CVE-2008-2785 MFSA 2008-34: An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla's internal CSSValue array data structure. The vulnerability was caused by an insufficiently sized variable being used as a reference counter for CSS objects. By creating a very large number of references to a common CSS object, this counter could be overflowed which could cause a crash when the browser attempts to free the CSS object while still in use. An attacker could use this crash to run arbitrary code on the victim's computer. Problems fixed in the 1.1.10 update: CVE-2008-2811 MFSA 2008-33: Security research firm Astabis reported a vulnerability in Firefox 2 submitted through the iSIGHT Partners GVP Program by Greg McManus, Primary GVP Researcher. The reported crash in Mozilla's block reflow code could be used by an attacker to crash the browser and run arbitrary code on the victim's computer. CVE-2008-2810 MFSA-2008-32: Mozilla community member Geoff reported a vulnerability in the way Mozilla opens URL files sent directly to the browser. He demonstrated that such files were opened with local file privileges, giving the remote content access to read from the local filesystem. If a user opened a bookmark to a malicious page in this manner, the page could potentially read from other local files on the user's computer. CVE-2008-2809 MFSA-2008-31: Mozilla developer John G. Myers reported a weakness in the trust model used by Mozilla regarding alternate names on self-signed certificates. A user could be prompted to accept a self-signed certificate from a website which includes alt-name entries. If the user accepted the certificate, they would also extend trust to any alternate domains listed in the certificate, despite not being prompted about the additional domains. This technique could be used by an attacker to impersonate another server. CVE-2008-2808 MFSA-2008-30: Mozilla contributor Masahiro Yamada reported that file URLs in directory listings were not being HTML escaped properly when the filenames contained particular characters. This resulted in files from directory listings being opened in unintended ways or files not being able to be opened by the browser altogether. CVE-2008-2807 MFSA-2008-29: Mozilla developer Daniel Glazman demonstrated that an improperly encoded .properties file in an add-on can result in uninitialized memory being used. This could potentially result in small chunks of data from other programs being exposed in the browser. CVE-2008-2806 MFSA-2008-28: Security researcher Gregory Fleischer reported a vulnerability in the way Mozilla indicates the origin of a document to the Java plugin. This vulnerability could allow a malicious Java applet to bypass the same-origin policy and create arbitrary socket connections to other domains. CVE-2008-2805 MFSA-2008-27: Opera developer Claudio Santambrogio reported a vulnerability which allows malicious content to force the browser into uploading local files to the remote server. This could be used by an attacker to steal arbitrary files from a victim's computer. MFSA-2008-26: As a follow-up to vulnerability reported in MFSA 2008-12 Mozilla has checked similar constructs in the rest of the MIME handling code. Although no further buffer overflows were found we changed several function calls to use safer versions of the string routines that will be more robust in the face of future code changes. CVE-2008-2803 MFSA-2008-25: Mozilla contributor moz_bug_r_a4 reported a vulnerability which allows arbitrary JavaScript to be executed with chrome privileges. The privilege escalation was possible because JavaScript loaded via mozIJSSubScriptLoader.loadSubScript() was not using XPCNativeWrappers when accessing content. This could allow an attacker to overwrite trusted objects with arbitrary code which would be executed with chrome privileges when the trusted objects were called by the browser. CVE-2008-2802 MFSA-2008-24: Mozilla contributor moz_bug_r_a4 reported a vulnerability that allowed non-priviliged XUL documents to load chrome scripts from the fastload file. This could allow an attacker to run arbitrary JavaScript code with chrome privileges. CVE-2008-2801 MFSA-2008-23: Security researcher Collin Jackson reported a series of vulnerabilities which allow JavaScript to be injected into signed JARs and executed under the context of the JAR's signer. This could allow an attacker to run JavaScript in a victim's browser with the privileges of a different website, provided the attacker possesses a JAR signed by the other website. CVE-2008-2800 MFSA-2008-22: Mozilla contributor moz_bug_r_a4 submitted a set of vulnerabilities which allow scripts from one document to be executed in the context of a different document. These vulnerabilities could be used by an attacker to violate the same-origin policy and perform an XSS attack. CVE-2008-2798 CVE-2008-2799 MFSA-2008-21: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
    last seen 2019-02-21
    modified 2016-12-27
    plugin id 34201
    published 2008-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34201
    title openSUSE 10 Security Update : seamonkey (seamonkey-5600)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLAFIREFOX-5449.NASL
    description MozillaFirefox was updated to version 2.0.0.16, which fixes various bugs and following security issues : MFSA 2008-34 CVE-2008-2785: An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla CSS reference counting code. The vulnerability was caused by an insufficiently sized variable being used as a reference counter for CSS objects. By creating a very large number of references to a common CSS object, this counter could be overflowed which could cause a crash when the browser attempts to free the CSS object while still in use. An attacker could use this crash to run arbitrary code on the victim's computer. MFSA 2008-35 CVE-2008-2933: Security researcher Billy Rios reported that if Firefox is not already running, passing it a command-line URI with pipe symbols will open multiple tabs. This URI splitting could be used to launch privileged chrome: URIs from the command-line, a partial bypass of the fix for MFSA 2005-53 which blocks external applications from loading such URIs. This vulnerability could also be used by an attacker to launch a file: URI from the command line opening a malicious local file which could exfiltrate data from the local filesystem. Combined with a vulnerability which allows an attacker to inject code into a chrome document, the above issue could be used to run arbitrary code on a victim's computer. Such a chrome injection vulnerability was reported by Mozilla developers Ben Turner and Dan Veditz who showed that a XUL based SSL error page was not properly sanitizing inputs and could be used to run arbitrary code with chrome privileges.
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 33756
    published 2008-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33756
    title openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-5449)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0599.NASL
    description From Red Hat Security Advisory 2008:0599 : Updated SeaMonkey packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 16th July 2008] The original set of packages for Red Hat Enterprise Linux 4 were missing the seamonkey-nss and seamonkey-nspr packages. This errata was updated to add these missing packages. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. An integer overflow flaw was found in the way SeaMonkey displayed certain web content. A malicious website could cause SeaMonkey to crash or execute arbitrary code with the permissions of the user running SeaMonkey. (CVE-2008-2785) All seamonkey users should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 67728
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67728
    title Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0599)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0598.NASL
    description From Red Hat Security Advisory 2008:0598 : An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. An integer overflow flaw was found in the way Firefox displayed certain web content. A malicious website could cause Firefox to crash, or execute arbitrary code with the permissions of the user running Firefox. (CVE-2008-2785) A flaw was found in the way Firefox handled certain command line URLs. If another application passed Firefox a malformed URL, it could result in Firefox executing local malicious content with chrome privileges. (CVE-2008-2933) All firefox users should upgrade to this updated package, which contains backported patches that correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67727
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67727
    title Oracle Linux 4 : firefox (ELSA-2008-0598)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2008-198-02.NASL
    description New seamonkey packages are available for Slackware 11.0, 12.0, 12.1, and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 33534
    published 2008-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33534
    title Slackware 11.0 / 12.0 / 12.1 / current : seamonkey (SSA:2008-198-02)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-6519.NASL
    description Updated seamonkey packages that fix several security issues are now available for Fedora 9. An integer overflow flaw was found in the way SeaMonkey displayed certain web content. A malicious website could cause SeaMonkey to crash, or execute arbitrary code with the permissions of the user running SeaMonkey. (CVE-2008-2785) Updated packages update SeaMonkey to upstream version 1.1.11 to address this flaw: http://www.mozilla.org/security/known- vulnerabilities/seamonkey11.html#seamonkey1.1.11 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 33543
    published 2008-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33543
    title Fedora 9 : seamonkey-1.1.11-1.fc9 (2008-6519)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2008-210-05.NASL
    description New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0, 12.1, and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 33750
    published 2008-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33750
    title Slackware 10.2 / 11.0 / 12.0 / 12.1 / current : mozilla-thunderbird (SSA:2008-210-05)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0599.NASL
    description Updated SeaMonkey packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 16th July 2008] The original set of packages for Red Hat Enterprise Linux 4 were missing the seamonkey-nss and seamonkey-nspr packages. This errata was updated to add these missing packages. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. An integer overflow flaw was found in the way SeaMonkey displayed certain web content. A malicious website could cause SeaMonkey to crash or execute arbitrary code with the permissions of the user running SeaMonkey. (CVE-2008-2785) All seamonkey users should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 33526
    published 2008-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33526
    title CentOS 3 / 4 : seamonkey (CESA-2008:0599)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1614.NASL
    description Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-2785 It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code. - CVE-2008-2933 Billy Rios discovered that passing an URL containing a pipe symbol to Iceweasel can lead to Chrome privilege escalation.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 33566
    published 2008-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33566
    title Debian DSA-1614-1 : iceweasel - several vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-629-1.NASL
    description Various flaws were discovered in the browser engine. If a user had JavaScript enabled and were tricked into opening a malicious web page, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2798, CVE-2008-2799) It was discovered that Thunderbird would allow non-privileged XUL documents to load chrome scripts from the fastload file if JavaScript was enabled. This could allow an attacker to execute arbitrary JavaScript code with chrome privileges. (CVE-2008-2802) A flaw was discovered in Thunderbird that allowed overwriting trusted objects via mozIJSSubScriptLoader.loadSubScript(). If a user had JavaScript enabled and was tricked into opening a malicious web page, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2803) Daniel Glazman found that an improperly encoded .properties file in an add-on can result in uninitialized memory being used. If a user were tricked into installing a malicious add-on, Thunderbird may be able to see data from other programs. (CVE-2008-2807) John G. Myers discovered a weakness in the trust model used by Thunderbird regarding alternate names on self-signed certificates. If a user were tricked into accepting a certificate containing alternate name entries, an attacker could impersonate another server. (CVE-2008-2809) A vulnerability was discovered in the block reflow code of Thunderbird. If a user enabled JavaScript, this vulnerability could be used by an attacker to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2811) A flaw was discovered in the browser engine. A variable could be made to overflow causing Thunderbird to crash. If a user enable JavaScript and was tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2785) Mozilla developers audited the MIME handling code looking for similar vulnerabilities to the previously fixed CVE-2008-0304, and changed several function calls to use safer versions of string routines. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 33587
    published 2008-07-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33587
    title Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : mozilla-thunderbird, thunderbird vulnerabilities (USN-629-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1697.NASL
    description Several remote vulnerabilities have been discovered in Iceape an unbranded version of the SeaMonkey internet suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0016 Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. (MFSA 2008-37) - CVE-2008-0304 It was discovered that a buffer overflow in MIME decoding can lead to the execution of arbitrary code. (MFSA 2008-26) - CVE-2008-2785 It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code. (MFSA 2008-34) - CVE-2008-2798 Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. (MFSA 2008-21) - CVE-2008-2799 Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. (MFSA 2008-21) - CVE-2008-2800 'moz_bug_r_a4' discovered several cross-site scripting vulnerabilities. (MFSA 2008-22) - CVE-2008-2801 Collin Jackson and Adam Barth discovered that JavaScript code could be executed in the context or signed JAR archives. (MFSA 2008-23) - CVE-2008-2802 'moz_bug_r_a4' discovered that XUL documements can escalate privileges by accessing the pre-compiled 'fastload' file. (MFSA 2008-24) - CVE-2008-2803 'moz_bug_r_a4' discovered that missing input sanitising in the mozIJSSubScriptLoader.loadSubScript() function could lead to the execution of arbitrary code. Iceape itself is not affected, but some addons are. (MFSA 2008-25) - CVE-2008-2805 Claudio Santambrogio discovered that missing access validation in DOM parsing allows malicious websites to force the browser to upload local files to the server, which could lead to information disclosure. (MFSA 2008-27) - CVE-2008-2807 Daniel Glazman discovered that a programming error in the code for parsing .properties files could lead to memory content being exposed to addons, which could lead to information disclosure. (MFSA 2008-29) - CVE-2008-2808 Masahiro Yamada discovered that file URLs in directory listings were insufficiently escaped. (MFSA 2008-30) - CVE-2008-2809 John G. Myers, Frank Benkstein and Nils Toedtmann discovered that alternate names on self-signed certificates were handled insufficiently, which could lead to spoofings of secure connections. (MFSA 2008-31) - CVE-2008-2810 It was discovered that URL shortcut files could be used to bypass the same-origin restrictions. This issue does not affect current Iceape, but might occur with additional extensions installed. (MFSA 2008-32) - CVE-2008-2811 Greg McManus discovered a crash in the block reflow code, which might allow the execution of arbitrary code. (MFSA 2008-33) - CVE-2008-2933 Billy Rios discovered that passing an URL containing a pipe symbol to Iceape can lead to Chrome privilege escalation. (MFSA 2008-35) - CVE-2008-3835 'moz_bug_r_a4' discovered that the same-origin check in nsXMLDocument::OnChannelRedirect() could be bypassed. (MFSA 2008-38) - CVE-2008-3836 'moz_bug_r_a4' discovered that several vulnerabilities in feedWriter could lead to Chrome privilege escalation. (MFSA 2008-39) - CVE-2008-3837 Paul Nickerson discovered that an attacker could move windows during a mouse click, resulting in unwanted action triggered by drag-and-drop. (MFSA 2008-40) - CVE-2008-4058 'moz_bug_r_a4' discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41) - CVE-2008-4059 'moz_bug_r_a4' discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41) - CVE-2008-4060 Olli Pettay and 'moz_bug_r_a4' discovered a Chrome privilege escalation vulnerability in XSLT handling. (MFSA 2008-41) - CVE-2008-4061 Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. (MFSA 2008-42) - CVE-2008-4062 Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. (MFSA 2008-42) - CVE-2008-4065 Dave Reed discovered that some Unicode byte order marks are stripped from JavaScript code before execution, which can result in code being executed, which were otherwise part of a quoted string. (MFSA 2008-43) - CVE-2008-4067 Boris Zbarsky discovered that resource: URLs allow directory traversal when using URL-encoded slashes. (MFSA 2008-44) - CVE-2008-4068 Georgi Guninski discovered that resource: URLs could bypass local access restrictions. (MFSA 2008-44) - CVE-2008-4069 Billy Hoffman discovered that the XBM decoder could reveal uninitialised memory. (MFSA 2008-45) - CVE-2008-4070 It was discovered that a buffer overflow could be triggered via a long header in a news article, which could lead to arbitrary code execution. (MFSA 2008-46) - CVE-2008-5012 Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. (MFSA 2008-48) - CVE-2008-5013 It was discovered that insufficient checks in the Flash plugin glue code could lead to arbitrary code execution. (MFSA 2008-49) - CVE-2008-5014 Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. (MFSA 2008-50) - CVE-2008-5017 It was discovered that crashes in the layout engine could lead to arbitrary code execution. (MFSA 2008-52) - CVE-2008-0017 Justin Schuh discovered that a buffer overflow in http-index-format parser could lead to arbitrary code execution. (MFSA 2008-54) - CVE-2008-5021 It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. (MFSA 2008-55) - CVE-2008-5022 'moz_bug_r_a4' discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners() could be bypassed. (MFSA 2008-56) - CVE-2008-5024 Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. (MFSA 2008-58) - CVE-2008-4582 Liu Die Yu discovered an information leak through local shortcut files. (MFSA 2008-59) - CVE-2008-5500 Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. (MFSA 2008-60) - CVE-2008-5503 Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. (MFSA 2008-61) - CVE-2008-5506 Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. (MFSA 2008-64) - CVE-2008-5507 Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. (MFSA 2008-65) - CVE-2008-5508 Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. (MFSA 2008-66) - CVE-2008-5511 It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an 'unloaded document.' (MFSA 2008-68) - CVE-2008-5512 It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. (MFSA 2008-68)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 35314
    published 2009-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35314
    title Debian DSA-1697-1 : iceape - several vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0597.NASL
    description Updated firefox packages that fix various security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 16th July 2008] The nspluginwrapper package has been added to this advisory to satisfy a missing package dependency issue. Mozilla Firefox is an open source Web browser. An integer overflow flaw was found in the way Firefox displayed certain web content. A malicious website could cause Firefox to crash, or execute arbitrary code with the permissions of the user running Firefox. (CVE-2008-2785) A flaw was found in the way Firefox handled certain command line URLs. If another application passed Firefox a malformed URL, it could result in Firefox executing local malicious content with chrome privileges. (CVE-2008-2933) All firefox users should upgrade to these updated packages, which contain Firefox 3.0.1 that corrects these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43699
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43699
    title CentOS 5 : firefox (CESA-2008:0597)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0597.NASL
    description Updated firefox packages that fix various security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 16th July 2008] The nspluginwrapper package has been added to this advisory to satisfy a missing package dependency issue. Mozilla Firefox is an open source Web browser. An integer overflow flaw was found in the way Firefox displayed certain web content. A malicious website could cause Firefox to crash, or execute arbitrary code with the permissions of the user running Firefox. (CVE-2008-2785) A flaw was found in the way Firefox handled certain command line URLs. If another application passed Firefox a malformed URL, it could result in Firefox executing local malicious content with chrome privileges. (CVE-2008-2933) All firefox users should upgrade to these updated packages, which contain Firefox 3.0.1 that corrects these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 33528
    published 2008-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33528
    title RHEL 5 : firefox (RHSA-2008:0597)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_SEAMONKEY-080912.NASL
    description SeaMonkey was updated to version 1.1.11. Problems fixed in the 1.1.11 update: CVE-2008-2785 MFSA 2008-34: An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla's internal CSSValue array data structure. The vulnerability was caused by an insufficiently sized variable being used as a reference counter for CSS objects. By creating a very large number of references to a common CSS object, this counter could be overflowed which could cause a crash when the browser attempts to free the CSS object while still in use. An attacker could use this crash to run arbitrary code on the victim's computer. Problems fixed in the 1.1.10 update: CVE-2008-2811 MFSA 2008-33: Security research firm Astabis reported a vulnerability in Firefox 2 submitted through the iSIGHT Partners GVP Program by Greg McManus, Primary GVP Researcher. The reported crash in Mozilla's block reflow code could be used by an attacker to crash the browser and run arbitrary code on the victim's computer. CVE-2008-2810 MFSA-2008-32: Mozilla community member Geoff reported a vulnerability in the way Mozilla opens URL files sent directly to the browser. He demonstrated that such files were opened with local file privileges, giving the remote content access to read from the local filesystem. If a user opened a bookmark to a malicious page in this manner, the page could potentially read from other local files on the user's computer. CVE-2008-2809 MFSA-2008-31: Mozilla developer John G. Myers reported a weakness in the trust model used by Mozilla regarding alternate names on self-signed certificates. A user could be prompted to accept a self-signed certificate from a website which includes alt-name entries. If the user accepted the certificate, they would also extend trust to any alternate domains listed in the certificate, despite not being prompted about the additional domains. This technique could be used by an attacker to impersonate another server. CVE-2008-2808 MFSA-2008-30: Mozilla contributor Masahiro Yamada reported that file URLs in directory listings were not being HTML escaped properly when the filenames contained particular characters. This resulted in files from directory listings being opened in unintended ways or files not being able to be opened by the browser altogether. CVE-2008-2807 MFSA-2008-29: Mozilla developer Daniel Glazman demonstrated that an improperly encoded .properties file in an add-on can result in uninitialized memory being used. This could potentially result in small chunks of data from other programs being exposed in the browser. CVE-2008-2806 MFSA-2008-28: Security researcher Gregory Fleischer reported a vulnerability in the way Mozilla indicates the origin of a document to the Java plugin. This vulnerability could allow a malicious Java applet to bypass the same-origin policy and create arbitrary socket connections to other domains. CVE-2008-2805 MFSA-2008-27: Opera developer Claudio Santambrogio reported a vulnerability which allows malicious content to force the browser into uploading local files to the remote server. This could be used by an attacker to steal arbitrary files from a victim's computer. MFSA-2008-26: As a follow-up to vulnerability reported in MFSA 2008-12 Mozilla has checked similar constructs in the rest of the MIME handling code. Although no further buffer overflows were found we changed several function calls to use safer versions of the string routines that will be more robust in the face of future code changes. CVE-2008-2803 MFSA-2008-25: Mozilla contributor moz_bug_r_a4 reported a vulnerability which allows arbitrary JavaScript to be executed with chrome privileges. The privilege escalation was possible because JavaScript loaded via mozIJSSubScriptLoader.loadSubScript() was not using XPCNativeWrappers when accessing content. This could allow an attacker to overwrite trusted objects with arbitrary code which would be executed with chrome privileges when the trusted objects were called by the browser. CVE-2008-2802 MFSA-2008-24: Mozilla contributor moz_bug_r_a4 reported a vulnerability that allowed non-priviliged XUL documents to load chrome scripts from the fastload file. This could allow an attacker to run arbitrary JavaScript code with chrome privileges. CVE-2008-2801 MFSA-2008-23: Security researcher Collin Jackson reported a series of vulnerabilities which allow JavaScript to be injected into signed JARs and executed under the context of the JAR's signer. This could allow an attacker to run JavaScript in a victim's browser with the privileges of a different website, provided the attacker possesses a JAR signed by the other website. CVE-2008-2800 MFSA-2008-22: Mozilla contributor moz_bug_r_a4 submitted a set of vulnerabilities which allow scripts from one document to be executed in the context of a different document. These vulnerabilities could be used by an attacker to violate the same-origin policy and perform an XSS attack. CVE-2008-2798 CVE-2008-2799 MFSA-2008-21: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 40129
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40129
    title openSUSE Security Update : seamonkey (seamonkey-193)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0597.NASL
    description From Red Hat Security Advisory 2008:0597 : Updated firefox packages that fix various security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 16th July 2008] The nspluginwrapper package has been added to this advisory to satisfy a missing package dependency issue. Mozilla Firefox is an open source Web browser. An integer overflow flaw was found in the way Firefox displayed certain web content. A malicious website could cause Firefox to crash, or execute arbitrary code with the permissions of the user running Firefox. (CVE-2008-2785) A flaw was found in the way Firefox handled certain command line URLs. If another application passed Firefox a malformed URL, it could result in Firefox executing local malicious content with chrome privileges. (CVE-2008-2933) All firefox users should upgrade to these updated packages, which contain Firefox 3.0.1 that corrects these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67726
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67726
    title Oracle Linux 5 : firefox (ELSA-2008-0597)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200808-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-200808-03 (Mozilla products: Multiple vulnerabilities) The following vulnerabilities were reported in all mentioned Mozilla products: TippingPoint's Zero Day Initiative reported that an incorrect integer data type is used as a CSS object reference counter, leading to a counter overflow and a free() of in-use memory (CVE-2008-2785). Igor Bukanov, Jesse Ruderman and Gary Kwong reported crashes in the JavaScript engine, possibly triggering memory corruption (CVE-2008-2799). Devon Hubbard, Jesse Ruderman, and Martijn Wargers reported crashes in the layout engine, possibly triggering memory corruption (CVE-2008-2798). moz_bug_r_a4 reported that XUL documents that include a script from a chrome: URI that points to a fastload file would be executed with the privileges specified in the file (CVE-2008-2802). moz_bug_r_a4 reported that the mozIJSSubScriptLoader.LoadScript() function only apply XPCNativeWrappers to scripts loaded from standard 'chrome:' URIs, which could be the case in third-party add-ons (CVE-2008-2803). Astabis reported a crash in the block reflow implementation related to large images (CVE-2008-2811). John G. Myers, Frank Benkstein and Nils Toedtmann reported a weakness in the trust model used by Mozilla, that when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, the certificate is also regarded as accepted for all domain names in subjectAltName:dNSName fields (CVE-2008-2809). The following vulnerabilities were reported in Firefox, SeaMonkey and XULRunner: moz_bug_r_a4 reported that the Same Origin Policy is not properly enforced on JavaScript (CVE-2008-2800). Collin Jackson and Adam Barth reported that JAR signing is not properly implemented, allowing injection of JavaScript into documents within a JAR archive (CVE-2008-2801). Opera Software reported an error allowing for arbitrary local file upload (CVE-2008-2805). Daniel Glazman reported that an invalid .properties file for an add-on might lead to the usage of uninitialized memory (CVE-2008-2807). Masahiro Yamada reported that HTML in 'file://' URLs in directory listings is not properly escaped (CVE-2008-2808). Geoff reported that the context of Windows Internet shortcut files is not correctly identified (CVE-2008-2810). The crash vulnerability (CVE-2008-1380) that was previously announced in GLSA 200805-18 is now also also resolved in SeaMonkey binary ebuilds. The following vulnerability was reported in Firefox only: Billy Rios reported that the Pipe character in a command-line URI is identified as a request to open multiple tabs, allowing to open 'chrome' and 'file' URIs (CVE-2008-2933). Impact : A remote attacker could entice a user to view a specially crafted web page or email that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code or a Denial of Service. It is also possible for an attacker to trick a user to upload arbitrary files or to accept an invalid certificate for a spoofed website, to read uninitialized memory, to violate Same Origin Policy, or to conduct Cross-Site Scripting attacks. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 33833
    published 2008-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33833
    title GLSA-200808-03 : Mozilla products: Multiple vulnerabilities
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_301.NASL
    description The installed version of Firefox is affected by various security issues : - By creating a very large number of references to a common CSS object, an attacker can overflow the CSS reference counter, causing a crash when the browser attempts to free the CSS object while still in use and allowing for arbitrary code execution (MFSA 2008-34). - If Firefox is not already running, passing it a command-line URI with pipe ('|') symbols will open multiple tabs, which could be used to launch 'chrome:i' URIs from the command-line or to pass URIs to Firefox that would normally be handled by a vector application (MFSA 2008-35).
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 33522
    published 2008-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33522
    title Firefox 3.x < 3.0.1 Multiple Vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080716_SEAMONKEY_ON_SL4_X.NASL
    description An integer overflow flaw was found in the way SeaMonkey displayed certain web content. A malicious website could cause SeaMonkey to crash or execute arbitrary code with the permissions of the user running SeaMonkey. (CVE-2008-2785)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60447
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60447
    title Scientific Linux Security Update : seamonkey on SL4.x i386/x86_64
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_20016.NASL
    description The installed version of Thunderbird is affected by various security issues : - Several stability bugs exist leading to crashes which, in some cases, show traces of memory corruption (MFSA 2008-21). - By taking advantage of the privilege level stored in the pre-compiled 'fastload' file, an attacker may be able to run arbitrary JavaScript code with chrome privileges (MFSA 2008-24). - Arbitrary code execution is possible in 'mozIJSSubScriptLoader.loadSubScript()' (MFSA 2008-25). - Several function calls in the MIME handling code use unsafe versions of string routines (MFSA 2008-26). - An improperly encoded '.properties' file in an add-on can result in uninitialized memory being used, which could lead to data formerly used by other programs being exposed to the add-on code (MFSA 2008-29). - A weakness in the trust model regarding alt names on peer-trusted certs could lead to spoofing secure connections to any other site (MFSA 2008-31). - A crash in Mozilla's block reflow code could be used by an attacker to crash the browser and run arbitrary code on the victim's computer (MFSA 2008-33). - By creating a very large number of references to a common CSS object, an attacker can overflow the CSS reference counter, causing a crash when the browser attempts to free the CSS object while still in use and allowing for arbitrary code execution (MFSA 2008-34).
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 33563
    published 2008-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33563
    title Mozilla Thunderbird < 2.0.0.16 Multiple Vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-6737.NASL
    description Updated thunderbird packages that fix several security issues are now available for Fedora 9. Several flaws were found in the processing of malformed HTML content. An HTML mail containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2811) Multiple flaws were found in the processing of malformed JavaScript content. An HTML mail containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-2802, CVE-2008-2803) A flaw was found in the way a malformed .properties file was processed by Thunderbird. A malicious extension could read uninitialized memory, possibly leaking sensitive data to the extension. (CVE-2008-2807) A flaw was found in the way Thunderbird displayed information about self-signed certificates. It was possible for a self-signed certificate to contain multiple alternate name entries, which were not all displayed to the user, allowing them to mistakenly extend trust to an unknown site. (CVE-2008-2809) Thunderbird was updated to upstream version 2.0.0.16 to address these flaws: http://www.mozilla.org/security/known- vulnerabilities/thunderbird20.html#thunderbird2.0.0.16 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 33842
    published 2008-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33842
    title Fedora 9 : thunderbird-2.0.0.16-1.fc9 (2008-6737)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1621.NASL
    description Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0304 It was discovered that a buffer overflow in MIME decoding can lead to the execution of arbitrary code. - CVE-2008-2785 It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code. - CVE-2008-2798 Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2008-2799 Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. - CVE-2008-2802 'moz_bug_r_a4' discovered that XUL documents can escalate privileges by accessing the pre-compiled 'fastload' file. - CVE-2008-2803 'moz_bug_r_a4' discovered that missing input sanitising in the mozIJSSubScriptLoader.loadSubScript() function could lead to the execution of arbitrary code. Iceweasel itself is not affected, but some addons are. - CVE-2008-2807 Daniel Glazman discovered that a programming error in the code for parsing .properties files could lead to memory content being exposed to addons, which could lead to information disclosure. - CVE-2008-2809 John G. Myers, Frank Benkstein and Nils Toedtmann discovered that alternate names on self-signed certificates were handled insufficiently, which could lead to spoofings secure connections. - CVE-2008-2811 Greg McManus discovered discovered a crash in the block reflow code, which might allow the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 33741
    published 2008-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33741
    title Debian DSA-1621-1 : icedove - several vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080716_SEAMONKEY_ON_SL3_X.NASL
    description An integer overflow flaw was found in the way SeaMonkey displayed certain web content. A malicious website could cause SeaMonkey to crash or execute arbitrary code with the permissions of the user running SeaMonkey. (CVE-2008-2785)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60446
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60446
    title Scientific Linux Security Update : seamonkey on SL3.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_MOZILLAFIREFOX-080731.NASL
    description This update brings Mozilla Firefox to version 3.0.1. It fixes various bugs and also following security problems : MFSA 2008-34 / CVE-2008-2785: An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla CSS reference counting code. The vulnerability was caused by an insufficiently sized variable being used as a reference counter for CSS objects. By creating a very large number of references to a common CSS object, this counter could be overflowed which could cause a crash when the browser attempts to free the CSS object while still in use. An attacker could use this crash to run arbitrary code on the victim's computer MFSA 2008-35 / CVE-2008-2933: Security researcher Billy Rios reported that if Firefox is not already running, passing it a command-line URI with pipe symbols will open multiple tabs. This URI splitting could be used to launch privileged chrome: URIs from the command-line, a partial bypass of the fix for MFSA 2005-53 which blocks external applications from loading such URIs. This vulnerability could also be used by an attacker to launch a file: URI from the command line opening a malicious local file which could exfiltrate data from the local filesystem. Combined with a vulnerability which allows an attacker to inject code into a chrome document, the above issue could be used to run arbitrary code on a victim's computer. Such a chrome injection vulnerability was reported by Mozilla developers Ben Turner and Dan Veditz who showed that a XUL based SSL error page was not properly sanitizing inputs and could be used to run arbitrary code with chrome privileges. MFSA 2008-36 / CVE-2008-2934: Apple Security Researcher Drew Yao reported a vulnerability in Mozilla graphics code which handles GIF rendering in Mac OS X. He demonstrated that a GIF file could be specially crafted to cause the browser to free an uninitialized pointer. An attacker could use this vulnerability to crash the browser and potentially execute arbitrary code on the victim's computer.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 39882
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39882
    title openSUSE Security Update : MozillaFirefox (MozillaFirefox-125)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0616.NASL
    description From Red Hat Security Advisory 2008:0616 : Updated thunderbird packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Multiple flaws were found in the processing of malformed JavaScript content. An HTML mail containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803) Several flaws were found in the processing of malformed HTML content. An HTML mail containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2811) Several flaws were found in the way malformed HTML content was displayed. An HTML mail containing specially crafted content could, potentially, trick a Thunderbird user into surrendering sensitive information. (CVE-2008-2800) Two local file disclosure flaws were found in Thunderbird. An HTML mail containing malicious content could cause Thunderbird to reveal the contents of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810) A flaw was found in the way a malformed .properties file was processed by Thunderbird. A malicious extension could read uninitialized memory, possibly leaking sensitive data to the extension. (CVE-2008-2807) A flaw was found in the way Thunderbird escaped a listing of local file names. If a user could be tricked into listing a local directory containing malicious file names, arbitrary JavaScript could be run with the permissions of the user running Thunderbird. (CVE-2008-2808) A flaw was found in the way Thunderbird displayed information about self-signed certificates. It was possible for a self-signed certificate to contain multiple alternate name entries, which were not all displayed to the user, allowing them to mistakenly extend trust to an unknown site. (CVE-2008-2809) Note: JavaScript support is disabled by default in Thunderbird. The above issues are not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2016-12-07
    plugin id 67731
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67731
    title Oracle Linux 4 : thunderbird (ELSA-2008-0616)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080723_THUNDERBIRD_ON_SL4_X.NASL
    description Multiple flaws were found in the processing of malformed JavaScript content. An HTML mail containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803) Several flaws were found in the processing of malformed HTML content. An HTML mail containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2811) Several flaws were found in the way malformed HTML content was displayed. An HTML mail containing specially crafted content could, potentially, trick a Thunderbird user into surrendering sensitive information. (CVE-2008-2800) Two local file disclosure flaws were found in Thunderbird. An HTML mail containing malicious content could cause Thunderbird to reveal the contents of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810) A flaw was found in the way a malformed .properties file was processed by Thunderbird. A malicious extension could read uninitialized memory, possibly leaking sensitive data to the extension. (CVE-2008-2807) A flaw was found in the way Thunderbird escaped a listing of local file names. If a user could be tricked into listing a local directory containing malicious file names, arbitrary JavaScript could be run with the permissions of the user running Thunderbird. (CVE-2008-2808) A flaw was found in the way Thunderbird displayed information about self-signed certificates. It was possible for a self-signed certificate to contain multiple alternate name entries, which were not all displayed to the user, allowing them to mistakenly extend trust to an unknown site. (CVE-2008-2809) Note: JavaScript support is disabled by default in Thunderbird. The above issues are not exploitable unless JavaScript is enabled.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60449
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60449
    title Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0616.NASL
    description Updated thunderbird packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Multiple flaws were found in the processing of malformed JavaScript content. An HTML mail containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803) Several flaws were found in the processing of malformed HTML content. An HTML mail containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2811) Several flaws were found in the way malformed HTML content was displayed. An HTML mail containing specially crafted content could, potentially, trick a Thunderbird user into surrendering sensitive information. (CVE-2008-2800) Two local file disclosure flaws were found in Thunderbird. An HTML mail containing malicious content could cause Thunderbird to reveal the contents of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810) A flaw was found in the way a malformed .properties file was processed by Thunderbird. A malicious extension could read uninitialized memory, possibly leaking sensitive data to the extension. (CVE-2008-2807) A flaw was found in the way Thunderbird escaped a listing of local file names. If a user could be tricked into listing a local directory containing malicious file names, arbitrary JavaScript could be run with the permissions of the user running Thunderbird. (CVE-2008-2808) A flaw was found in the way Thunderbird displayed information about self-signed certificates. It was possible for a self-signed certificate to contain multiple alternate name entries, which were not all displayed to the user, allowing them to mistakenly extend trust to an unknown site. (CVE-2008-2809) Note: JavaScript support is disabled by default in Thunderbird. The above issues are not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43702
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43702
    title CentOS 4 / 5 : thunderbird (CESA-2008:0616)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_MOZILLATHUNDERBIRD-080912.NASL
    description Mozilla Thunderbird was updated to 2.0.0.16. MFSA 2008-34 / CVE-2008-2785: An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla CSS reference counting code. The vulnerability was caused by an insufficiently sized variable being used as a reference counter for CSS objects. By creating a very large number of references to a common CSS object, this counter could be overflowed which could cause a crash when the browser attempts to free the CSS object while still in use. An attacker could use this crash to run arbitrary code on the victim's computer
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 39892
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39892
    title openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-192)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-6518.NASL
    description Updated firefox packages that fix several security issues are now available for Fedora 9. An integer overflow flaw was found in the way Firefox displayed certain web content. A malicious website could cause Firefox to crash, or execute arbitrary code with the permissions of the user running Firefox. (CVE-2008-2785) A flaw was found in the way Firefox handled certain command line URLs. If another application passed Firefox a malformed URL, it could result in Firefox executing local malicious content with chrome privileges. (CVE-2008-2933) Updated packages update Mozilla Firefox to upstream version 3.0.1 to address these flaws: http://www.mozilla.org/security/known- vulnerabilities/firefox30.html#firefox3.0.1 This update also contains devhelp, epiphany, epiphany-extensions, and yelp packages rebuilt against new Firefox / Gecko libraries. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 33542
    published 2008-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33542
    title Fedora 9 : devhelp-0.19.1-3.fc9 / epiphany-2.22.2-3.fc9 / epiphany-extensions-2.22.1-3.fc9 / etc (2008-6518)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-6517.NASL
    description Updated seamonkey packages that fix several security issues are now available for Fedora 8. An integer overflow flaw was found in the way SeaMonkey displayed certain web content. A malicious website could cause SeaMonkey to crash, or execute arbitrary code with the permissions of the user running SeaMonkey. (CVE-2008-2785) Updated packages update SeaMonkey to upstream version 1.1.11 to address this flaw: http://www.mozilla.org/security/known- vulnerabilities/seamonkey11.html#seamonkey1.1.11 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 33541
    published 2008-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33541
    title Fedora 8 : seamonkey-1.1.11-1.fc8 (2008-6517)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0616.NASL
    description Updated thunderbird packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Multiple flaws were found in the processing of malformed JavaScript content. An HTML mail containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803) Several flaws were found in the processing of malformed HTML content. An HTML mail containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2811) Several flaws were found in the way malformed HTML content was displayed. An HTML mail containing specially crafted content could, potentially, trick a Thunderbird user into surrendering sensitive information. (CVE-2008-2800) Two local file disclosure flaws were found in Thunderbird. An HTML mail containing malicious content could cause Thunderbird to reveal the contents of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810) A flaw was found in the way a malformed .properties file was processed by Thunderbird. A malicious extension could read uninitialized memory, possibly leaking sensitive data to the extension. (CVE-2008-2807) A flaw was found in the way Thunderbird escaped a listing of local file names. If a user could be tricked into listing a local directory containing malicious file names, arbitrary JavaScript could be run with the permissions of the user running Thunderbird. (CVE-2008-2808) A flaw was found in the way Thunderbird displayed information about self-signed certificates. It was possible for a self-signed certificate to contain multiple alternate name entries, which were not all displayed to the user, allowing them to mistakenly extend trust to an unknown site. (CVE-2008-2809) Note: JavaScript support is disabled by default in Thunderbird. The above issues are not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 33571
    published 2008-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33571
    title RHEL 4 / 5 : thunderbird (RHSA-2008:0616)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLAFIREFOX-5450.NASL
    description MozillaFirefox was updated to version 2.0.0.16, which fixes various bugs and following security issues : - An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla CSS reference counting code. The vulnerability was caused by an insufficiently sized variable being used as a reference counter for CSS objects. By creating a very large number of references to a common CSS object, this counter could be overflowed which could cause a crash when the browser attempts to free the CSS object while still in use. An attacker could use this crash to run arbitrary code on the victim's computer. (MFSA 2008-34 / CVE-2008-2785) - Security researcher Billy Rios reported that if Firefox is not already running, passing it a command-line URI with pipe symbols will open multiple tabs. This URI splitting could be used to launch privileged chrome: URIs from the command-line, a partial bypass of the fix for MFSA 2005-53 which blocks external applications from loading such URIs. This vulnerability could also be used by an attacker to launch a file: URI from the command line opening a malicious local file which could exfiltrate data from the local filesystem. Combined with a vulnerability which allows an attacker to inject code into a chrome document, the above issue could be used to run arbitrary code on a victim's computer. Such a chrome injection vulnerability was reported by Mozilla developers Ben Turner and Dan Veditz who showed that a XUL based SSL error page was not properly sanitizing inputs and could be used to run arbitrary code with chrome privileges. (MFSA 2008-35 / CVE-2008-2933)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 33757
    published 2008-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33757
    title SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5450)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-155.NASL
    description A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.16 (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811). This update provides the latest Thunderbird to correct these issues. It also provides Thunderbird 2.x for Corporate 3.0 systems. Update : The previous update provided the incorrect version of the enigmail locale files. This version correctly builds them for Thunderbird 2.0.0.16.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 36242
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36242
    title Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2008:155-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0598.NASL
    description An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. An integer overflow flaw was found in the way Firefox displayed certain web content. A malicious website could cause Firefox to crash, or execute arbitrary code with the permissions of the user running Firefox. (CVE-2008-2785) A flaw was found in the way Firefox handled certain command line URLs. If another application passed Firefox a malformed URL, it could result in Firefox executing local malicious content with chrome privileges. (CVE-2008-2933) All firefox users should upgrade to this updated package, which contains backported patches that correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 33525
    published 2008-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33525
    title CentOS 4 : firefox (CESA-2008:0598)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0598.NASL
    description An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. An integer overflow flaw was found in the way Firefox displayed certain web content. A malicious website could cause Firefox to crash, or execute arbitrary code with the permissions of the user running Firefox. (CVE-2008-2785) A flaw was found in the way Firefox handled certain command line URLs. If another application passed Firefox a malformed URL, it could result in Firefox executing local malicious content with chrome privileges. (CVE-2008-2933) All firefox users should upgrade to this updated package, which contains backported patches that correct these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 33529
    published 2008-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33529
    title RHEL 4 : firefox (RHSA-2008:0598)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1615.NASL
    description Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-2785 It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code. - CVE-2008-2798 Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2008-2799 Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. - CVE-2008-2800 'moz_bug_r_a4' discovered several cross-site scripting vulnerabilities. - CVE-2008-2801 Collin Jackson and Adam Barth discovered that JavaScript code could be executed in the context of signed JAR archives. - CVE-2008-2802 'moz_bug_r_a4' discovered that XUL documents can escalate privileges by accessing the pre-compiled 'fastload' file. - CVE-2008-2803 'moz_bug_r_a4' discovered that missing input sanitising in the mozIJSSubScriptLoader.loadSubScript() function could lead to the execution of arbitrary code. Iceweasel itself is not affected, but some addons are. - CVE-2008-2805 Claudio Santambrogio discovered that missing access validation in DOM parsing allows malicious websites to force the browser to upload local files to the server, which could lead to information disclosure. - CVE-2008-2807 Daniel Glazman discovered that a programming error in the code for parsing .properties files could lead to memory content being exposed to addons, which could lead to information disclosure. - CVE-2008-2808 Masahiro Yamada discovered that file URLs in directory listings were insufficiently escaped. - CVE-2008-2809 John G. Myers, Frank Benkstein and Nils Toedtmann discovered that alternate names on self-signed certificates were handled insufficiently, which could lead to spoofing of secure connections. - CVE-2008-2811 Greg McManus discovered a crash in the block reflow code, which might allow the execution of arbitrary code. - CVE-2008-2933 Billy Rios discovered that passing an URL containing a pipe symbol to Iceweasel can lead to Chrome privilege escalation.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 33567
    published 2008-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33567
    title Debian DSA-1615-1 : xulrunner - several vulnerabilities
  • NASL family Windows
    NASL id SEAMONKEY_1111.NASL
    description The installed version of SeaMonkey may allow a remote attacker to execute arbitrary code on the remote host by creating a very large number of references to a common CSS object, which can lead to an overflow the CSS reference counter, causing a crash when the browser attempts to free the CSS object while still in use.
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 33506
    published 2008-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33506
    title SeaMonkey < 1.1.11 CSSValue Array Memory Corruption
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080716_FIREFOX_ON_SL5_X.NASL
    description An integer overflow flaw was found in the way Firefox displayed certain web content. A malicious website could cause Firefox to crash, or execute arbitrary code with the permissions of the user running Firefox. (CVE-2008-2785) A flaw was found in the way Firefox handled certain command line URLs. If another application passed Firefox a malformed URL, it could result in Firefox executing local malicious content with chrome privileges. (CVE-2008-2933)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60443
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60443
    title Scientific Linux Security Update : firefox on SL5.x i386/x86_64
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-148.NASL
    description Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.16 (CVE-2008-2785, CVE-2008-2933). This update provides the latest Firefox to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 37515
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37515
    title Mandriva Linux Security Advisory : mozilla-firefox (MDVSA-2008:148)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0599.NASL
    description Updated SeaMonkey packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 16th July 2008] The original set of packages for Red Hat Enterprise Linux 4 were missing the seamonkey-nss and seamonkey-nspr packages. This errata was updated to add these missing packages. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. An integer overflow flaw was found in the way SeaMonkey displayed certain web content. A malicious website could cause SeaMonkey to crash or execute arbitrary code with the permissions of the user running SeaMonkey. (CVE-2008-2785) All seamonkey users should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 33530
    published 2008-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33530
    title RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0599)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2008-198-01.NASL
    description New mozilla-firefox packages are available for Slackware 10.2, 11.0, 12.0, and 12.1 to fix security issues.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 33533
    published 2008-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33533
    title Slackware 10.2 / 11.0 / 12.0 / 12.1 : mozilla-firefox (SSA:2008-198-01)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-6491.NASL
    description Updated firefox packages that fix several security issues are now available for Fedora 8. An integer overflow flaw was found in the way Firefox displayed certain web content. A malicious website could cause Firefox to crash, or execute arbitrary code with the permissions of the user running Firefox. (CVE-2008-2785) A flaw was found in the way Firefox handled certain command line URLs. If another application passed Firefox a malformed URL, it could result in Firefox executing local malicious content with chrome privileges. (CVE-2008-2933) Updated packages update Mozilla Firefox to upstream version 2.0.0.16 to address these flaws: http://www.mozilla.org/security/known- vulnerabilities/firefox20.html#firefox2.0.0.16 This update also contains blam, cairo-dock, chmsee, devhelp, epiphany, epiphany-extensions, galeon, gnome- python2-extras, gnome-web-photo, gtkmozembedmm, kazehakase, liferea, Miro, openvrml, ruby-gnome2 and yelp packages rebuilt against new Firefox / Gecko libraries. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 33539
    published 2008-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33539
    title Fedora 8 : Miro-1.2.3-3.fc8 / blam-1.8.3-17.fc8 / cairo-dock-1.6.1.1-1.fc8.1 / chmsee-1.0.0-3.31.fc8 / etc (2008-6491)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-626-2.NASL
    description USN-626-1 fixed vulnerabilities in xulrunner-1.9. The changes required that Devhelp, Epiphany, Midbrowser and Yelp also be updated to use the new xulrunner-1.9. A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2785) Billy Rios discovered that Firefox and xulrunner, as used by browsers such as Epiphany, did not properly perform URI splitting with pipe symbols when passed a command-line URI. If Firefox or xulrunner were passed a malicious URL, an attacker may be able to execute local content with chrome privileges. (CVE-2008-2933). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 33827
    published 2008-08-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33827
    title Ubuntu 8.04 LTS : devhelp, epiphany-browser, midbrowser, yelp update (USN-626-2)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLATHUNDERBIRD-5680.NASL
    description This patch backports security fixes found in MozillaThunderbird 2.0.0.17 back to the 1.5 Thunderbird used in openSUSE 10.2. MFSA 2008-34 / CVE-2008-2785: An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla CSS reference counting code. The vulnerability was caused by an insufficiently sized variable being used as a reference counter for CSS objects. By creating a very large number of references to a common CSS object, this counter could be overflowed which could cause a crash when the browser attempts to free the CSS object while still in use. An attacker could use this crash to run arbitrary code on the victim's computer
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 34428
    published 2008-10-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34428
    title openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-5680)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_20016.NASL
    description The installed version of Firefox is affected by various security issues : - By creating a very large number of references to a common CSS object, an attacker can overflow the CSS reference counter, causing a crash when the browser attempts to free the CSS object while still in use and allowing for arbitrary code execution (MFSA 2008-34). - If Firefox is not already running, passing it a command-line URI with pipe ('|') symbols will open multiple tabs, which could be used to launch 'chrome:i' URIs from the command-line or to pass URIs to Firefox that would normally be handled by a vector application (MFSA 2008-35).
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 33505
    published 2008-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33505
    title Firefox < 2.0.0.16 / 3.0.1 Multiple Vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-623-1.NASL
    description A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2785) Billy Rios discovered that Firefox did not properly perform URI splitting with pipe symbols when passed a command-line URI. If Firefox were passed a malicious URL, an attacker may be able to execute local content with chrome privileges. (CVE-2008-2933). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 33544
    published 2008-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33544
    title Ubuntu 6.06 LTS / 7.04 / 7.10 : firefox vulnerabilities (USN-623-1)
oval via4
accepted 2013-04-29T04:23:10.449-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349.
family unix
id oval:org.mitre.oval:def:9900
status accepted
submitted 2010-07-09T03:56:16-04:00
title Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349.
version 24
redhat via4
advisories
  • bugzilla
    id 452204
    title CVE-2008-2785 mozilla: CSS reference counter overflow (ZDI-CAN-349)
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 3 is installed
        oval oval:com.redhat.rhba:tst:20070026001
      • OR
        • AND
          • comment seamonkey is earlier than 0:1.0.9-0.22.el3
            oval oval:com.redhat.rhsa:tst:20080599002
          • comment seamonkey is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734003
        • AND
          • comment seamonkey-chat is earlier than 0:1.0.9-0.22.el3
            oval oval:com.redhat.rhsa:tst:20080599016
          • comment seamonkey-chat is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734021
        • AND
          • comment seamonkey-devel is earlier than 0:1.0.9-0.22.el3
            oval oval:com.redhat.rhsa:tst:20080599020
          • comment seamonkey-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734005
        • AND
          • comment seamonkey-dom-inspector is earlier than 0:1.0.9-0.22.el3
            oval oval:com.redhat.rhsa:tst:20080599012
          • comment seamonkey-dom-inspector is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734011
        • AND
          • comment seamonkey-js-debugger is earlier than 0:1.0.9-0.22.el3
            oval oval:com.redhat.rhsa:tst:20080599010
          • comment seamonkey-js-debugger is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734013
        • AND
          • comment seamonkey-mail is earlier than 0:1.0.9-0.22.el3
            oval oval:com.redhat.rhsa:tst:20080599014
          • comment seamonkey-mail is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734019
        • AND
          • comment seamonkey-nspr is earlier than 0:1.0.9-0.22.el3
            oval oval:com.redhat.rhsa:tst:20080599006
          • comment seamonkey-nspr is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734007
        • AND
          • comment seamonkey-nspr-devel is earlier than 0:1.0.9-0.22.el3
            oval oval:com.redhat.rhsa:tst:20080599008
          • comment seamonkey-nspr-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734009
        • AND
          • comment seamonkey-nss is earlier than 0:1.0.9-0.22.el3
            oval oval:com.redhat.rhsa:tst:20080599004
          • comment seamonkey-nss is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734015
        • AND
          • comment seamonkey-nss-devel is earlier than 0:1.0.9-0.22.el3
            oval oval:com.redhat.rhsa:tst:20080599018
          • comment seamonkey-nss-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734017
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304001
      • OR
        • AND
          • comment seamonkey is earlier than 0:1.0.9-16.4.el4_6
            oval oval:com.redhat.rhsa:tst:20080599023
          • comment seamonkey is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734003
        • AND
          • comment seamonkey-chat is earlier than 0:1.0.9-16.4.el4_6
            oval oval:com.redhat.rhsa:tst:20080599024
          • comment seamonkey-chat is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734021
        • AND
          • comment seamonkey-devel is earlier than 0:1.0.9-16.4.el4_6
            oval oval:com.redhat.rhsa:tst:20080599028
          • comment seamonkey-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734005
        • AND
          • comment seamonkey-dom-inspector is earlier than 0:1.0.9-16.4.el4_6
            oval oval:com.redhat.rhsa:tst:20080599032
          • comment seamonkey-dom-inspector is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734011
        • AND
          • comment seamonkey-js-debugger is earlier than 0:1.0.9-16.4.el4_6
            oval oval:com.redhat.rhsa:tst:20080599026
          • comment seamonkey-js-debugger is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734013
        • AND
          • comment seamonkey-mail is earlier than 0:1.0.9-16.4.el4_6
            oval oval:com.redhat.rhsa:tst:20080599025
          • comment seamonkey-mail is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734019
        • AND
          • comment seamonkey-nspr is earlier than 0:1.0.9-16.4.el4_6
            oval oval:com.redhat.rhsa:tst:20080599031
          • comment seamonkey-nspr is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734007
        • AND
          • comment seamonkey-nspr-devel is earlier than 0:1.0.9-16.4.el4_6
            oval oval:com.redhat.rhsa:tst:20080599027
          • comment seamonkey-nspr-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734009
        • AND
          • comment seamonkey-nss is earlier than 0:1.0.9-16.4.el4_6
            oval oval:com.redhat.rhsa:tst:20080599030
          • comment seamonkey-nss is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734015
        • AND
          • comment seamonkey-nss-devel is earlier than 0:1.0.9-16.4.el4_6
            oval oval:com.redhat.rhsa:tst:20080599029
          • comment seamonkey-nss-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734017
        • AND
          • comment devhelp is earlier than 0:0.10-0.8.1.el4
            oval oval:com.redhat.rhsa:tst:20080599033
          • comment devhelp is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734034
        • AND
          • comment devhelp-devel is earlier than 0:0.10-0.8.1.el4
            oval oval:com.redhat.rhsa:tst:20080599035
          • comment devhelp-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734036
    rhsa
    id RHSA-2008:0599
    released 2008-07-16
    severity Critical
    title RHSA-2008:0599: seamonkey security update (Critical)
  • rhsa
    id RHSA-2008:0597
  • rhsa
    id RHSA-2008:0598
  • rhsa
    id RHSA-2008:0616
rpms
  • devhelp-0:0.12-18.el5
  • devhelp-devel-0:0.12-18.el5
  • xulrunner-0:1.9.0.1-1.el5
  • xulrunner-devel-0:1.9.0.1-1.el5
  • xulrunner-devel-unstable-0:1.9.0.1-1.el5
  • yelp-0:2.16.0-20.el5
  • firefox-0:3.0.1-1.el5
  • nspluginwrapper-0:0.9.91.5-22.el5
  • firefox-0:1.5.0.12-0.21.el4
  • seamonkey-0:1.0.9-0.22.el3
  • seamonkey-chat-0:1.0.9-0.22.el3
  • seamonkey-devel-0:1.0.9-0.22.el3
  • seamonkey-dom-inspector-0:1.0.9-0.22.el3
  • seamonkey-js-debugger-0:1.0.9-0.22.el3
  • seamonkey-mail-0:1.0.9-0.22.el3
  • seamonkey-nspr-0:1.0.9-0.22.el3
  • seamonkey-nspr-devel-0:1.0.9-0.22.el3
  • seamonkey-nss-0:1.0.9-0.22.el3
  • seamonkey-nss-devel-0:1.0.9-0.22.el3
  • seamonkey-0:1.0.9-16.4.el4_6
  • seamonkey-chat-0:1.0.9-16.4.el4_6
  • seamonkey-devel-0:1.0.9-16.4.el4_6
  • seamonkey-dom-inspector-0:1.0.9-16.4.el4_6
  • seamonkey-js-debugger-0:1.0.9-16.4.el4_6
  • seamonkey-mail-0:1.0.9-16.4.el4_6
  • seamonkey-nspr-0:1.0.9-16.4.el4_6
  • seamonkey-nspr-devel-0:1.0.9-16.4.el4_6
  • seamonkey-nss-0:1.0.9-16.4.el4_6
  • seamonkey-nss-devel-0:1.0.9-16.4.el4_6
  • devhelp-0:0.10-0.8.1.el4
  • devhelp-devel-0:0.10-0.8.1.el4
  • thunderbird-0:1.5.0.12-14.el4
  • thunderbird-0:2.0.0.16-1.el5
refmap via4
bid 29802
bugtraq
  • 20080717 ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability
  • 20080729 rPSA-2008-0238-1 firefox
confirm
debian
  • DSA-1614
  • DSA-1615
  • DSA-1621
  • DSA-1697
fedora
  • FEDORA-2008-6517
  • FEDORA-2008-6519
  • FEDORA-2008-6706
  • FEDORA-2008-6737
gentoo GLSA-200808-03
mandriva
  • MDVSA-2008:148
  • MDVSA-2008:155
misc
sectrack 1020336
secunia
  • 30761
  • 31121
  • 31122
  • 31129
  • 31144
  • 31145
  • 31154
  • 31157
  • 31176
  • 31183
  • 31195
  • 31220
  • 31253
  • 31261
  • 31270
  • 31286
  • 31306
  • 31377
  • 31403
  • 33433
  • 34501
slackware
  • SSA:2008-198-01
  • SSA:2008-198-02
  • SSA:2008-210-05
sunalert 256408
ubuntu
  • USN-623-1
  • USN-626-1
  • USN-626-2
  • USN-629-1
vupen
  • ADV-2008-1873
  • ADV-2009-0977
xf firefox-unspecified-code-execution(43167)
Last major update 13-05-2011 - 00:00
Published 19-06-2008 - 17:41
Last modified 11-10-2018 - 16:42
Back to Top