ID CVE-2010-0159
Summary The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.
References
Vulnerable Configurations
  • Debian GNU/Linux 5.0
    cpe:2.3:o:debian:debian_linux:5.0
  • Canonical Ubuntu Linux 8.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:8.04:-:-:-:lts
  • Canonical Ubuntu Linux 8.10
    cpe:2.3:o:canonical:ubuntu_linux:8.10
  • Canonical Ubuntu Linux 9.04
    cpe:2.3:o:canonical:ubuntu_linux:9.04
  • Canonical Ubuntu Linux 9.10
    cpe:2.3:o:canonical:ubuntu_linux:9.10
CVSS
Base: 10.0 (as of 22-02-2010 - 21:41)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100217_SEAMONKEY_ON_SL3_X.NASL
    description CVE-2010-0159 Mozilla crashes with evidence of memory corruption (MFSA 2010-01) CVE-2009-1571 Mozilla incorrectly frees used memory (MFSA 2010-03) A use-after-free flaw was found in SeaMonkey. Under low memory conditions, visiting a web page containing malicious content could result in SeaMonkey executing arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-1571) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-0159) After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60737
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60737
    title Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0113.NASL
    description From Red Hat Security Advisory 2010:0113 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A use-after-free flaw was found in SeaMonkey. Under low memory conditions, visiting a web page containing malicious content could result in SeaMonkey executing arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-1571) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-0159) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68000
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68000
    title Oracle Linux 3 / 4 : seamonkey (ELSA-2010-0113)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_MOZILLAFIREFOX-100219.NASL
    description Mozilla Firefox was upgraded to version 3.5.8, fixing various bugs and security issues. The following security issues have been fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-01 / CVE-2010-0159) - Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer. (MFSA 2010-02 / CVE-2010-0160) - Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called. (MFSA 2010-03 / CVE-2009-1571) - Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site. (MFSA 2010-04 / CVE-2009-3988) An anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla. - Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an embed tag with type='image/svg+xml', the Content-Type is ignored and the SVG document is processed normally. A website which allows arbitrary binary data to be uploaded but which relies on Content-Type: application/octet-stream to prevent script execution could have such protection bypassed. An attacker could upload a SVG document containing JavaScript as a binary file to a website, embed the SVG document into a malicous page on another site, and gain access to the script environment from the SVG-serving site, bypassing the same-origin policy. (MFSA 2010-05 / CVE-2010-0162)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 44907
    published 2010-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44907
    title SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 2025)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0113.NASL
    description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A use-after-free flaw was found in SeaMonkey. Under low memory conditions, visiting a web page containing malicious content could result in SeaMonkey executing arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-1571) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-0159) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 44652
    published 2010-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44652
    title RHEL 3 / 4 : seamonkey (RHSA-2010:0113)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLA-XULRUNNER190-6866.NASL
    description Mozilla XUL Runner engine 1.9.0 was upgraded to version 1.9.0.8, fixing various bugs and security issues. The following security issues have been fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-01 / CVE-2010-0159) - Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer. (MFSA 2010-02 / CVE-2010-0160) - Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called. (MFSA 2010-03 / CVE-2009-1571) - Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site. (MFSA 2010-04 / CVE-2009-3988) An anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla. - Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an tag with type='image/svg+xml', the Content-Type is ignored and the SVG document is processed normally. A website which allows arbitrary binary data to be uploaded but which relies on Content-Type: application/octet-stream to prevent script execution could have such protection bypassed. An attacker could upload a SVG document containing JavaScript as a binary file to a website, embed the SVG document into a malicous page on another site, and gain access to the script environment from the SVG-serving site, bypassing the same-origin policy. (MFSA 2010-05 / CVE-2010-0162)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 49900
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49900
    title SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6866)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0154.NASL
    description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing trusted content or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3076) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 45093
    published 2010-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45093
    title CentOS 4 : thunderbird (CESA-2010:0154)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0153.NASL
    description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing trusted content or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3076) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 45361
    published 2010-03-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45361
    title CentOS 5 : thunderbird (CESA-2010:0153)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0154.NASL
    description From Red Hat Security Advisory 2010:0154 : An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing trusted content or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3076) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68015
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68015
    title Oracle Linux 4 : thunderbird (ELSA-2010-0154)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100317_THUNDERBIRD_ON_SL4_X.NASL
    description Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing trusted content or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3076) All running instances of Thunderbird must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60750
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60750
    title Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_302.NASL
    description The installed version of Thunderbird is earlier than 3.0.2. Such versions are potentially affected by the following security issues : - Multiple crashes can result in arbitrary code execution. (MFSA 2010-01) - The HTML parser incorrectly frees used memory when insufficient space is available to process remaining input. (MFSA 2010-03) - Multiple crashes can result in arbitrary code execution. (MFSA 2010-11) - A cross-site scripting issue when using 'addEventListener' and 'setTimeout' on a wrapped object. (MFSA 2010-12) - It is possible to corrupt a user's XUL cache. (MFSA 2010-14)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 44961
    published 2010-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44961
    title Mozilla Thunderbird < 3.0.2 Multiple Vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-3267.NASL
    description Update thunderbird to upstream version 3.0.2. * http://www.mozillamessaging.com/en-US/thunderbird/3.0.2/releasenotes/ * http://www.mozilla.org/security/known- vulnerabilities/thunderbird30.html#thunderbird3.0.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 47305
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47305
    title Fedora 11 : sunbird-1.0-0.14.20090715hg.fc11 / thunderbird-3.0.2-1.fc11 (2010-3267)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0153.NASL
    description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing trusted content or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3076) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 63923
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63923
    title RHEL 5 : thunderbird (RHSA-2010:0153)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0154.NASL
    description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing trusted content or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3076) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 46271
    published 2010-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46271
    title RHEL 4 : thunderbird (RHSA-2010:0154)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_MOZILLATHUNDERBIRD-100305.NASL
    description Mozilla Thunderbird was upgraded to version 3.0.3, fixing various bugs and security issues. Following security issues have been fixed: MFSA 2010-01 / CVE-2010-0159: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-03 / CVE-2009-1571: Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called. MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3980 / CVE-2009-3982: Crashes with evidence of memory corruption were fixed. (rv:1.9.1.6) MFSA 2009-66 / CVE-2009-3388 (bmo#504843,bmo#523816): Memory safety fixes in liboggplay media library were added. MFSA 2009-67 / CVE-2009-3389 (bmo#515882,bmo#504613): An Integer overflow, crash in libtheora video library was fixed.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 45034
    published 2010-03-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45034
    title SuSE 11.2 Security Update: MozillaThunderbird (2010-03-05)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0113.NASL
    description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A use-after-free flaw was found in SeaMonkey. Under low memory conditions, visiting a web page containing malicious content could result in SeaMonkey executing arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-1571) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-0159) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44649
    published 2010-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44649
    title CentOS 3 / 4 : seamonkey (CESA-2010:0113)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0112.NASL
    description From Red Hat Security Advisory 2010:0112 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in Firefox. Under low memory conditions, visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privileges of the user running Firefox. (CVE-2009-1571) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-0159, CVE-2010-0160) Two flaws were found in the way certain content was processed. An attacker could use these flaws to create a malicious web page that could bypass the same-origin policy, or possibly run untrusted JavaScript. (CVE-2009-3988, CVE-2010-0162) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.18. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.18, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67999
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67999
    title Oracle Linux 4 / 5 : firefox (ELSA-2010-0112)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-3230.NASL
    description Update thunderbird to upstream version 3.0.2. * http://www.mozillamessaging.com/en-US/thunderbird/3.0.2/releasenotes/ * http://www.mozilla.org/security/known- vulnerabilities/thunderbird30.html#thunderbird3.0.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 47303
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47303
    title Fedora 12 : sunbird-1.0-0.19.20090916hg.fc12 / thunderbird-3.0.2-1.fc12 (2010-3230)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0112.NASL
    description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in Firefox. Under low memory conditions, visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privileges of the user running Firefox. (CVE-2009-1571) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-0159, CVE-2010-0160) Two flaws were found in the way certain content was processed. An attacker could use these flaws to create a malicious web page that could bypass the same-origin policy, or possibly run untrusted JavaScript. (CVE-2009-3988, CVE-2010-0162) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.18. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.18, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44648
    published 2010-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44648
    title CentOS 4 / 5 : firefox (CESA-2010:0112)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0112.NASL
    description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in Firefox. Under low memory conditions, visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privileges of the user running Firefox. (CVE-2009-1571) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-0159, CVE-2010-0160) Two flaws were found in the way certain content was processed. An attacker could use these flaws to create a malicious web page that could bypass the same-origin policy, or possibly run untrusted JavaScript. (CVE-2009-3988, CVE-2010-0162) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.18. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.18, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 44651
    published 2010-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44651
    title RHEL 4 / 5 : firefox (RHSA-2010:0112)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-042.NASL
    description Security issues were identified and fixed in firefox 3.0.x and 3.5.x : Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code (CVE-2010-0159). Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer (CVE-2010-0160). Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called (CVE-2009-1571). Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site. An anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla (CVE-2009-3988). Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an tag with type=image/svg+xml, the Content-Type is ignored and the SVG document is processed normally. A website which allows arbitrary binary data to be uploaded but which relies on Content-Type: application/octet-stream to prevent script execution could have such protection bypassed. An attacker could upload a SVG document containing JavaScript as a binary file to a website, embed the SVG document into a malicous page on another site, and gain access to the script environment from the SVG-serving site, bypassing the same-origin policy (CVE-2010-0162). The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching (CVE-2010-0169). Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736 (CVE-2010-0171). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. Additionally, some packages which require so, have been rebuilt and are being provided as updates.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 44672
    published 2010-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44672
    title Mandriva Linux Security Advisory : firefox (MDVSA-2010:042)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLAFIREFOX-6867.NASL
    description Mozilla Firefox was upgraded to version 3.5.8, fixing various bugs and security issues. The following security issues have been fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-01 / CVE-2010-0159) - Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer. (MFSA 2010-02 / CVE-2010-0160) - Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called. (MFSA 2010-03 / CVE-2009-1571) - Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site. (MFSA 2010-04 / CVE-2009-3988) An anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla. - Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an tag with type='image/svg+xml', the Content-Type is ignored and the SVG document is processed normally. A website which allows arbitrary binary data to be uploaded but which relies on Content-Type: application/octet-stream to prevent script execution could have such protection bypassed. An attacker could upload a SVG document containing JavaScript as a binary file to a website, embed the SVG document into a malicous page on another site, and gain access to the script environment from the SVG-serving site, bypassing the same-origin policy. (MFSA 2010-05 / CVE-2010-0162)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 49891
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49891
    title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6867)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1999.NASL
    description Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-1571 Alin Rad Pop discovered that incorrect memory handling in the HTML parser could lead to the execution of arbitrary code. - CVE-2009-3988 Hidetake Jo discovered that the same-origin policy can be bypassed through window.dialogArguments. - CVE-2010-0159 Henri Sivonen, Boris Zbarsky, Zack Weinberg, Bob Clary, Martijn Wargers and Paul Nickerson reported crashes in layout engine, which might allow the execution of arbitrary code. - CVE-2010-0160 Orlando Barrera II discovered that incorrect memory handling in the implementation of the web worker API could lead to the execution of arbitrary code. - CVE-2010-0162 Georgi Guninski discovered that the same origin policy can be bypassed through specially crafted SVG documents.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44863
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44863
    title Debian DSA-1999-1 : xulrunner - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_MOZILLA-XULRUNNER190-100219.NASL
    description Mozilla XUL Runner engine 1.9.0 was upgraded to version 1.9.0.8, fixing various bugs and security issues. The following security issues have been fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-01 / CVE-2010-0159) - Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer. (MFSA 2010-02 / CVE-2010-0160) - Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called. (MFSA 2010-03 / CVE-2009-1571) - Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site. (MFSA 2010-04 / CVE-2009-3988) An anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla. - Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an tag with type='image/svg+xml', the Content-Type is ignored and the SVG document is processed normally. A website which allows arbitrary binary data to be uploaded but which relies on Content-Type: application/octet-stream to prevent script execution could have such protection bypassed. An attacker could upload a SVG document containing JavaScript as a binary file to a website, embed the SVG document into a malicous page on another site, and gain access to the script environment from the SVG-serving site, bypassing the same-origin policy. (MFSA 2010-05 / CVE-2010-0162)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 44909
    published 2010-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44909
    title SuSE 11 Security Update : Mozilla XULRunner (SAT Patch Number 2033)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_MOZILLAFIREFOX-100223.NASL
    description Mozilla Firefox was upgraded to version 3.0.18, fixing various bugs and security issues. Following security issues have been fixed: MFSA 2010-01 / CVE-2010-0159: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-02 / CVE-2010-0160: Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer. MFSA 2010-03 / CVE-2009-1571: Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called. MFSA 2010-04 / CVE-2009-3988: Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site. An anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla. MFSA 2010-05 / CVE-2010-0162: Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an tag with type='image/svg+xml', the Content-Type is ignored and the SVG document is processed normally. A website which allows arbitrary binary data to be uploaded but which relies on Content-Type: application/octet-stream to prevent script execution could have such protection bypassed. An attacker could upload a SVG document containing JavaScript as a binary file to a website, embed the SVG document into a malicous page on another site, and gain access to the script environment from the SVG-serving site, bypassing the same-origin policy.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 44901
    published 2010-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44901
    title openSUSE Security Update : MozillaFirefox (MozillaFirefox-2052)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-1932.NASL
    description Update to new upstream SeaMonkey version 2.0.3, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/seamonkey20.html#seamonkey2.0.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 47285
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47285
    title Fedora 12 : seamonkey-2.0.3-1.fc12 (2010-1932)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_MOZILLAFIREFOX-100218.NASL
    description Mozilla Firefox was upgraded to version 3.5.8, fixing various bugs and security issues. Following security issues have been fixed: MFSA 2010-01 / CVE-2010-0159: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-02 / CVE-2010-0160: Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer. MFSA 2010-03 / CVE-2009-1571: Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called. MFSA 2010-04 / CVE-2009-3988: Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site. An anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla. MFSA 2010-05 / CVE-2010-0162: Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an tag with type='image/svg+xml', the Content-Type is ignored and the SVG document is processed normally. A website which allows arbitrary binary data to be uploaded but which relies on Content-Type: application/octet-stream to prevent script execution could have such protection bypassed. An attacker could upload a SVG document containing JavaScript as a binary file to a website, embed the SVG document into a malicous page on another site, and gain access to the script environment from the SVG-serving site, bypassing the same-origin policy.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 44903
    published 2010-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44903
    title openSUSE Security Update : MozillaFirefox (MozillaFirefox-2017)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-071.NASL
    description Multiple vulnerabilities has been found and corrected in mozilla-thunderbird : Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing (CVE-2009-0689). Integer overflow in a base64 decoding function in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors (CVE-2009-2463). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3072). Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3075). Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a dangling pointer vulnerability. (CVE-2009-3077) Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file (CVE-2009-3376). Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user (CVE-2009-3983). Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing (CVE-2010-0163). This update provides the latest version of Thunderbird which are not vulnerable to these issues. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. Additionally, some packages which require so, have been rebuilt and are being provided as updates.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 45521
    published 2010-04-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45521
    title Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:071)
  • NASL family Windows
    NASL id SEAMONKEY_203.NASL
    description The installed version of SeaMonkey is earlier than 2.0.3. Such versions are potentially affected by the following security issues : - Multiple crashes can result in arbitrary code execution. (MFSA 2010-01) - The implementation of 'Web Workers' contained an error in its handling of array data types when processing posted messages. (MFSA 2010-02) - The HTML parser incorrectly frees used memory when insufficient space is available to process remaining input. (MFSA 2010-03) - A cross-site scripting issue exists due to 'window.dialogArguments' being readable cross-domain. (MFSA 2010-04) - A cross-site scripting issue exists when using SVG documents and binary Content-Type. (MFSA 2010-05) - Multiple crashes can result in arbitrary code execution. (MFSA 2010-11) - A cross-site scripting issue when using 'addEventListener' and 'setTimeout' on a wrapped object. (MFSA 2010-12) - It is possible to corrupt a user's XUL cache. (MFSA 2010-14) - The XMLHttpRequestSpy module in the Firebug add-on exposes an underlying chrome privilege escalation vulnerability. (MFSA 2010-21)
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 44660
    published 2010-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44660
    title SeaMonkey < 2.0.3 Multiple Vulnerabilities
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_3018.NASL
    description The installed version of Firefox is earlier than 3.0.18. Such versions are potentially affected by the following security issues : - Multiple crashes can result in arbitrary code execution. (MFSA 2010-01) - The implementation of 'Web Workers' contained an error in its handling of array data types when processing posted messages. (MFSA 2010-02) - The HTML parser incorrectly frees used memory when insufficient space is available to process remaining input. (MFSA 2010-03) - A cross-site scripting exists issue due to 'window.dialogArguments' being readable cross-domain. (MFSA 2010-04) - A cross-site scripting issue exists when using SVG documents and binary Content-Type. (MFSA 2010-05) - Multiple crashes can result in arbitrary code execution. (MFSA 2010-11) - A cross-site scripting issue when using 'addEventListener' and 'setTimeout' on a wrapped object. (MFSA 2010-12) - It is possible to corrupt a user's XUL cache. (MFSA 2010-14)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 44658
    published 2010-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44658
    title Firefox < 3.0.18 Multiple Vulnerabilities
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_358.NASL
    description The installed version of Firefox is 3.5.x earlier than 3.5.8. Such versions are potentially affected by the following security issues : - Multiple crashes can result in arbitrary code execution. (MFSA 2010-01) - The implementation of 'Web Workers' contained an error in its handling of array data types when processing posted messages. (MFSA 2010-02) - The HTML parser incorrectly frees used memory when insufficient space is available to process remaining input. (MFSA 2010-03) - A cross-site scripting issue exists due to 'window.dialogArguments' being readable cross-domain. (MFSA 2010-04) - A cross-site scripting issue exists when using SVG documents and binary Content-Type. (MFSA 2010-05) - Multiple crashes can result in arbitrary code execution. (MFSA 2010-11) - A cross-site scripting issue when using 'addEventListener' and 'setTimeout' on a wrapped object. (MFSA 2010-12) - It is possible to corrupt a user's XUL cache. (MFSA 2010-14) - The XMLHttpRequestSpy module in the Firebug add-on exposes an underlying chrome privilege escalation vulnerability. (MFSA 2010-21)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 44659
    published 2010-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44659
    title Firefox 3.5 < 3.5.8 Multiple Vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201301-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 63402
    published 2013-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63402
    title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-1936.NASL
    description Update to new upstream Firefox version 3.5.8, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox35.html#firefox3.5.8 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 47288
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47288
    title Fedora 11 : Miro-2.5.4-2.fc11 / blam-1.8.5-18.fc11 / chmsee-1.0.1-15.fc11 / eclipse-3.4.2-20.fc11 / etc (2010-1936)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLA-XULRUNNER190-6871.NASL
    description Mozilla XUL Runner engine 1.9.0 was upgraded to version 1.9.0.8, fixing various bugs and security issues. The following security issues have been fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-01 / CVE-2010-0159) - Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer. (MFSA 2010-02 / CVE-2010-0160) - Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called. (MFSA 2010-03 / CVE-2009-1571) - Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site. (MFSA 2010-04 / CVE-2009-3988) An anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla. - Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an tag with type='image/svg+xml', the Content-Type is ignored and the SVG document is processed normally. A website which allows arbitrary binary data to be uploaded but which relies on Content-Type: application/octet-stream to prevent script execution could have such protection bypassed. An attacker could upload a SVG document containing JavaScript as a binary file to a website, embed the SVG document into a malicous page on another site, and gain access to the script environment from the SVG-serving site, bypassing the same-origin policy. (MFSA 2010-05 / CVE-2010-0162)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 44911
    published 2010-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44911
    title SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6871)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_F82C85D81C6E11DFABB2000F20797EDE.NASL
    description Mozilla Project reports : MFSA 2010-05 XSS hazard using SVG document and binary Content-Type MFSA 2010-04 XSS due to window.dialogArguments being readable cross-domain MFSA 2010-03 Use-after-free crash in HTML parser MFSA 2010-02 Web Worker Array Handling Heap Corruption Vulnerability MFSA 2010-01 Crashes with evidence of memory corruption (rv:1.9.1.8/ 1.9.0.18)
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 44661
    published 2010-02-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44661
    title FreeBSD : mozilla -- multiple vulnerabilities (f82c85d8-1c6e-11df-abb2-000f20797ede)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-895-1.NASL
    description Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0159) Orlando Barrera II discovered a flaw in the Web Workers implementation of Firefox. If a user were tricked into posting to a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0160) Alin Rad Pop discovered that Firefox's HTML parser would incorrectly free memory under certain circumstances. If the browser could be made to access these freed memory objects, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1571) Hidetake Jo discovered that the showModalDialog in Firefox did not always honor the same-origin policy. An attacker could exploit this to run untrusted JavaScript from other domains. (CVE-2009-3988) Georgi Guninski discovered that the same-origin check in Firefox could be bypassed by utilizing a crafted SVG image. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0162). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 44655
    published 2010-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44655
    title Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-895-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_SEAMONKEY-100218.NASL
    description Mozilla SeaMonkey was upgraded to version 2.0.3, fixing various bugs and security issues. Following security issues have been fixed: MFSA 2010-01 / CVE-2010-0159: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-02 / CVE-2010-0160: Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer. MFSA 2010-03 / CVE-2009-1571: Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called. MFSA 2010-04 / CVE-2009-3988: Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site. An anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla. MFSA 2010-05 / CVE-2010-0162: Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an tag with type='image/svg+xml', the Content-Type is ignored and the SVG document is processed normally. A website which allows arbitrary binary data to be uploaded but which relies on Content-Type: application/octet-stream to prevent script execution could have such protection bypassed. An attacker could upload a SVG document containing JavaScript as a binary file to a website, embed the SVG document into a malicous page on another site, and gain access to the script environment from the SVG-serving site, bypassing the same-origin policy.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 44906
    published 2010-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44906
    title openSUSE Security Update : seamonkey (seamonkey-2013)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_MOZILLAFIREFOX-100223.NASL
    description Mozilla Firefox was upgraded to version 3.0.18, fixing various bugs and security issues. Following security issues have been fixed: MFSA 2010-01 / CVE-2010-0159: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-02 / CVE-2010-0160: Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer. MFSA 2010-03 / CVE-2009-1571: Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called. MFSA 2010-04 / CVE-2009-3988: Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site. An anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla. MFSA 2010-05 / CVE-2010-0162: Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an tag with type='image/svg+xml', the Content-Type is ignored and the SVG document is processed normally. A website which allows arbitrary binary data to be uploaded but which relies on Content-Type: application/octet-stream to prevent script execution could have such protection bypassed. An attacker could upload a SVG document containing JavaScript as a binary file to a website, embed the SVG document into a malicous page on another site, and gain access to the script environment from the SVG-serving site, bypassing the same-origin policy.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 44899
    published 2010-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44899
    title openSUSE Security Update : MozillaFirefox (MozillaFirefox-2052)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLAFIREFOX-6863.NASL
    description Mozilla Firefox was upgraded to version 3.5.8, fixing various bugs and security issues. The following security issues have been fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-01 / CVE-2010-0159) - Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer. (MFSA 2010-02 / CVE-2010-0160) - Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called. (MFSA 2010-03 / CVE-2009-1571) - Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site. (MFSA 2010-04 / CVE-2009-3988) An anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla. - Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an tag with type='image/svg+xml', the Content-Type is ignored and the SVG document is processed normally. A website which allows arbitrary binary data to be uploaded but which relies on Content-Type: application/octet-stream to prevent script execution could have such protection bypassed. An attacker could upload a SVG document containing JavaScript as a binary file to a website, embed the SVG document into a malicous page on another site, and gain access to the script environment from the SVG-serving site, bypassing the same-origin policy. (MFSA 2010-05 / CVE-2010-0162)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 44910
    published 2010-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44910
    title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6863)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-1727.NASL
    description Update to new upstream Firefox version 3.5.8, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox35.html#firefox3.5.8 Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 47268
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47268
    title Fedora 12 : blam-1.8.5-22.fc12 / firefox-3.5.8-1.fc12 / galeon-2.0.7-20.fc12 / etc (2010-1727)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-896-1.NASL
    description Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0159) Orlando Barrera II discovered a flaw in the Web Workers implementation of Firefox. If a user were tricked into posting to a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0160) Alin Rad Pop discovered that Firefox's HTML parser would incorrectly free memory under certain circumstances. If the browser could be made to access these freed memory objects, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1571) Hidetake Jo discovered that the showModalDialog in Firefox did not always honor the same-origin policy. An attacker could exploit this to run untrusted JavaScript from other domains. (CVE-2009-3988) Georgi Guninski discovered that the same-origin check in Firefox could be bypassed by utilizing a crafted SVG image. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0162). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 44656
    published 2010-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44656
    title Ubuntu 9.10 : firefox-3.5, xulrunner-1.9.1 vulnerabilities (USN-896-1)
oval via4
  • accepted 2014-10-06T04:04:38.148-04:00
    class vulnerability
    contributors
    • name J. Daniel Brown
      organization DTCC
    • name Sergey Artykhov
      organization ALTX-SOFT
    • name Sergey Artykhov
      organization ALTX-SOFT
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Kedovskaya
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    • name Richard Helbing
      organization baramundi software
    • name Evgeniy Pavlov
      organization ALTX-SOFT
    • name Evgeniy Pavlov
      organization ALTX-SOFT
    • name Evgeniy Pavlov
      organization ALTX-SOFT
    • name Evgeniy Pavlov
      organization ALTX-SOFT
    • name Evgeniy Pavlov
      organization ALTX-SOFT
    • name Evgeniy Pavlov
      organization ALTX-SOFT
    definition_extensions
    • comment Mozilla Firefox Mainline release is installed
      oval oval:org.mitre.oval:def:22259
    • comment Mozilla Seamonkey is installed
      oval oval:org.mitre.oval:def:6372
    • comment Mozilla Thunderbird Mainline release is installed
      oval oval:org.mitre.oval:def:22093
    description The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.
    family windows
    id oval:org.mitre.oval:def:8485
    status accepted
    submitted 2010-03-02T17:30:00.000-05:00
    title Mozilla Firefox, Thunderbird and SeaMonkey Browser Engine Memory Corruption Vulnerability
    version 34
  • accepted 2013-04-29T04:20:28.950-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.
    family unix
    id oval:org.mitre.oval:def:9590
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.
    version 24
redhat via4
advisories
  • rhsa
    id RHSA-2010:0112
  • rhsa
    id RHSA-2010:0113
  • rhsa
    id RHSA-2010:0153
  • rhsa
    id RHSA-2010:0154
rpms
  • firefox-0:3.0.18-1.el4
  • xulrunner-0:1.9.0.18-1.el5_4
  • xulrunner-devel-0:1.9.0.18-1.el5_4
  • xulrunner-devel-unstable-0:1.9.0.18-1.el5_4
  • firefox-0:3.0.18-1.el5_4
  • seamonkey-0:1.0.9-0.50.el3
  • seamonkey-chat-0:1.0.9-0.50.el3
  • seamonkey-devel-0:1.0.9-0.50.el3
  • seamonkey-dom-inspector-0:1.0.9-0.50.el3
  • seamonkey-js-debugger-0:1.0.9-0.50.el3
  • seamonkey-mail-0:1.0.9-0.50.el3
  • seamonkey-nspr-0:1.0.9-0.50.el3
  • seamonkey-nspr-devel-0:1.0.9-0.50.el3
  • seamonkey-nss-0:1.0.9-0.50.el3
  • seamonkey-nss-devel-0:1.0.9-0.50.el3
  • seamonkey-0:1.0.9-52.el4_8
  • seamonkey-chat-0:1.0.9-52.el4_8
  • seamonkey-devel-0:1.0.9-52.el4_8
  • seamonkey-dom-inspector-0:1.0.9-52.el4_8
  • seamonkey-js-debugger-0:1.0.9-52.el4_8
  • seamonkey-mail-0:1.0.9-52.el4_8
  • thunderbird-0:2.0.0.24-2.el5_4
  • thunderbird-0:1.5.0.12-25.el4
refmap via4
confirm
debian DSA-1999
fedora
  • FEDORA-2010-1727
  • FEDORA-2010-1932
  • FEDORA-2010-1936
  • FEDORA-2010-3230
  • FEDORA-2010-3267
mandriva MDVSA-2010:042
secunia
  • 37242
  • 38770
  • 38772
  • 38847
suse SUSE-SA:2010:015
ubuntu
  • USN-895-1
  • USN-896-1
vupen
  • ADV-2010-0405
  • ADV-2010-0650
xf mozilla-browsereng-code-execution(56359)
Last major update 21-08-2010 - 01:38
Published 22-02-2010 - 08:00
Last modified 16-11-2018 - 10:56
Back to Top