ID CVE-2010-0178
Summary Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL.
References
Vulnerable Configurations
  • Mozilla Firefox 3.5
    cpe:2.3:a:mozilla:firefox:3.5
  • Mozilla Firefox 3.5.1
    cpe:2.3:a:mozilla:firefox:3.5.1
  • Mozilla Firefox 3.5.2
    cpe:2.3:a:mozilla:firefox:3.5.2
  • Mozilla Firefox 3.5.3
    cpe:2.3:a:mozilla:firefox:3.5.3
  • Mozilla Firefox 3.5.4
    cpe:2.3:a:mozilla:firefox:3.5.4
  • Mozilla Firefox 3.5.5
    cpe:2.3:a:mozilla:firefox:3.5.5
  • Mozilla Firefox 3.5.6
    cpe:2.3:a:mozilla:firefox:3.5.6
  • Mozilla Firefox 3.5.7
    cpe:2.3:a:mozilla:firefox:3.5.7
  • Mozilla Firefox 3.6
    cpe:2.3:a:mozilla:firefox:3.6
  • Mozilla Firefox 0.1
    cpe:2.3:a:mozilla:firefox:0.1
  • Mozilla Firefox 0.2
    cpe:2.3:a:mozilla:firefox:0.2
  • Mozilla Firefox 0.3
    cpe:2.3:a:mozilla:firefox:0.3
  • Mozilla Firefox 0.4
    cpe:2.3:a:mozilla:firefox:0.4
  • Mozilla Firefox 0.5
    cpe:2.3:a:mozilla:firefox:0.5
  • Mozilla Firefox 0.6
    cpe:2.3:a:mozilla:firefox:0.6
  • Mozilla Firefox 0.6.1
    cpe:2.3:a:mozilla:firefox:0.6.1
  • Mozilla Firefox 0.7
    cpe:2.3:a:mozilla:firefox:0.7
  • Mozilla Firefox 0.7.1
    cpe:2.3:a:mozilla:firefox:0.7.1
  • Mozilla Firefox 0.8
    cpe:2.3:a:mozilla:firefox:0.8
  • Mozilla Firefox 0.9
    cpe:2.3:a:mozilla:firefox:0.9
  • Mozilla Firefox 0.9 rc
    cpe:2.3:a:mozilla:firefox:0.9:rc
  • Mozilla Firefox 0.9.1
    cpe:2.3:a:mozilla:firefox:0.9.1
  • Mozilla Firefox 0.9.2
    cpe:2.3:a:mozilla:firefox:0.9.2
  • Mozilla Firefox 0.9.3
    cpe:2.3:a:mozilla:firefox:0.9.3
  • Mozilla Firefox 0.10
    cpe:2.3:a:mozilla:firefox:0.10
  • Mozilla Firefox 0.10.1
    cpe:2.3:a:mozilla:firefox:0.10.1
  • Mozilla Firefox 1.0
    cpe:2.3:a:mozilla:firefox:1.0
  • Mozilla Firefox 1.0 Preview Release
    cpe:2.3:a:mozilla:firefox:1.0:preview_release
  • Mozilla Firefox 1.0.1
    cpe:2.3:a:mozilla:firefox:1.0.1
  • Mozilla Firefox 1.0.2
    cpe:2.3:a:mozilla:firefox:1.0.2
  • Mozilla Firefox 1.0.3
    cpe:2.3:a:mozilla:firefox:1.0.3
  • Mozilla Firefox 1.0.4
    cpe:2.3:a:mozilla:firefox:1.0.4
  • Mozilla Firefox 1.0.5
    cpe:2.3:a:mozilla:firefox:1.0.5
  • Mozilla Firefox 1.0.6
    cpe:2.3:a:mozilla:firefox:1.0.6
  • Mozilla Firefox 1.0.7
    cpe:2.3:a:mozilla:firefox:1.0.7
  • Mozilla Firefox 1.0.8
    cpe:2.3:a:mozilla:firefox:1.0.8
  • Mozilla Firefox 1.5
    cpe:2.3:a:mozilla:firefox:1.5
  • Mozilla Firefox 1.5 Beta 1
    cpe:2.3:a:mozilla:firefox:1.5:beta1
  • Mozilla Firefox 1.5 Beta 2
    cpe:2.3:a:mozilla:firefox:1.5:beta2
  • Mozilla Firefox 1.5.0.1
    cpe:2.3:a:mozilla:firefox:1.5.0.1
  • Mozilla Firefox 1.5.0.2
    cpe:2.3:a:mozilla:firefox:1.5.0.2
  • Mozilla Firefox 1.5.0.3
    cpe:2.3:a:mozilla:firefox:1.5.0.3
  • Mozilla Firefox 1.5.0.4
    cpe:2.3:a:mozilla:firefox:1.5.0.4
  • Mozilla Firefox 1.5.0.5
    cpe:2.3:a:mozilla:firefox:1.5.0.5
  • Mozilla Firefox 1.5.0.6
    cpe:2.3:a:mozilla:firefox:1.5.0.6
  • Mozilla Firefox 1.5.0.7
    cpe:2.3:a:mozilla:firefox:1.5.0.7
  • Mozilla Firefox 1.5.0.8
    cpe:2.3:a:mozilla:firefox:1.5.0.8
  • Mozilla Firefox 1.5.0.9
    cpe:2.3:a:mozilla:firefox:1.5.0.9
  • Mozilla Firefox 1.5.0.10
    cpe:2.3:a:mozilla:firefox:1.5.0.10
  • Mozilla Firefox 1.5.0.11
    cpe:2.3:a:mozilla:firefox:1.5.0.11
  • Mozilla Firefox 1.5.0.12
    cpe:2.3:a:mozilla:firefox:1.5.0.12
  • Mozilla Firefox 1.5.1
    cpe:2.3:a:mozilla:firefox:1.5.1
  • Mozilla Firefox 1.5.2
    cpe:2.3:a:mozilla:firefox:1.5.2
  • Mozilla Firefox 1.5.3
    cpe:2.3:a:mozilla:firefox:1.5.3
  • Mozilla Firefox 1.5.4
    cpe:2.3:a:mozilla:firefox:1.5.4
  • Mozilla Firefox 1.5.5
    cpe:2.3:a:mozilla:firefox:1.5.5
  • Mozilla Firefox 1.5.6
    cpe:2.3:a:mozilla:firefox:1.5.6
  • Mozilla Firefox 1.5.7
    cpe:2.3:a:mozilla:firefox:1.5.7
  • Mozilla Firefox 1.5.8
    cpe:2.3:a:mozilla:firefox:1.5.8
  • Mozilla Firefox 2.0
    cpe:2.3:a:mozilla:firefox:2.0
  • Mozilla Firefox 2.0.0.1
    cpe:2.3:a:mozilla:firefox:2.0.0.1
  • Mozilla Firefox 2.0.0.2
    cpe:2.3:a:mozilla:firefox:2.0.0.2
  • Mozilla Firefox 2.0.0.3
    cpe:2.3:a:mozilla:firefox:2.0.0.3
  • Mozilla Firefox 2.0.0.4
    cpe:2.3:a:mozilla:firefox:2.0.0.4
  • Mozilla Firefox 2.0.0.5
    cpe:2.3:a:mozilla:firefox:2.0.0.5
  • Mozilla Firefox 2.0.0.6
    cpe:2.3:a:mozilla:firefox:2.0.0.6
  • Mozilla Firefox 2.0.0.7
    cpe:2.3:a:mozilla:firefox:2.0.0.7
  • Mozilla Firefox 2.0.0.8
    cpe:2.3:a:mozilla:firefox:2.0.0.8
  • Mozilla Firefox 2.0.0.9
    cpe:2.3:a:mozilla:firefox:2.0.0.9
  • Mozilla Firefox 2.0.0.10
    cpe:2.3:a:mozilla:firefox:2.0.0.10
  • Mozilla Firefox 2.0.0.11
    cpe:2.3:a:mozilla:firefox:2.0.0.11
  • Mozilla Firefox 2.0.0.12
    cpe:2.3:a:mozilla:firefox:2.0.0.12
  • Mozilla Firefox 2.0.0.13
    cpe:2.3:a:mozilla:firefox:2.0.0.13
  • Mozilla Firefox 2.0.0.14
    cpe:2.3:a:mozilla:firefox:2.0.0.14
  • Mozilla Firefox 2.0.0.15
    cpe:2.3:a:mozilla:firefox:2.0.0.15
  • Mozilla Firefox 2.0.0.16
    cpe:2.3:a:mozilla:firefox:2.0.0.16
  • Mozilla Firefox 2.0.0.17
    cpe:2.3:a:mozilla:firefox:2.0.0.17
  • Mozilla Firefox 2.0.0.18
    cpe:2.3:a:mozilla:firefox:2.0.0.18
  • Mozilla Firefox 2.0.0.19
    cpe:2.3:a:mozilla:firefox:2.0.0.19
  • Mozilla Firefox 2.0.0.20
    cpe:2.3:a:mozilla:firefox:2.0.0.20
  • Mozilla Firefox 3.0
    cpe:2.3:a:mozilla:firefox:3.0
  • Mozilla Firefox 3.0.1
    cpe:2.3:a:mozilla:firefox:3.0.1
  • Mozilla Firefox 3.0.2
    cpe:2.3:a:mozilla:firefox:3.0.2
  • Mozilla Firefox 3.0.3
    cpe:2.3:a:mozilla:firefox:3.0.3
  • Mozilla Firefox 3.0.4
    cpe:2.3:a:mozilla:firefox:3.0.4
  • Mozilla Firefox 3.0.5
    cpe:2.3:a:mozilla:firefox:3.0.5
  • Mozilla Firefox 3.0.6
    cpe:2.3:a:mozilla:firefox:3.0.6
  • Mozilla Firefox 3.0.7
    cpe:2.3:a:mozilla:firefox:3.0.7
  • Mozilla Firefox 3.0.8
    cpe:2.3:a:mozilla:firefox:3.0.8
  • Mozilla Firefox 3.0.9
    cpe:2.3:a:mozilla:firefox:3.0.9
  • Mozilla Firefox 3.0.10
    cpe:2.3:a:mozilla:firefox:3.0.10
  • Mozilla Firefox 3.0.11
    cpe:2.3:a:mozilla:firefox:3.0.11
  • Mozilla Firefox 3.0.12
    cpe:2.3:a:mozilla:firefox:3.0.12
  • Mozilla Firefox 3.0.13
    cpe:2.3:a:mozilla:firefox:3.0.13
  • Mozilla Firefox 3.0.14
    cpe:2.3:a:mozilla:firefox:3.0.14
  • Mozilla Firefox 3.0.15
    cpe:2.3:a:mozilla:firefox:3.0.15
  • Mozilla Firefox 3.0.16
    cpe:2.3:a:mozilla:firefox:3.0.16
  • Mozilla Firefox 3.0.17
    cpe:2.3:a:mozilla:firefox:3.0.17
  • Mozilla SeaMonkey 1.0
    cpe:2.3:a:mozilla:seamonkey:1.0
  • Mozilla SeaMonkey 1.0 alpha
    cpe:2.3:a:mozilla:seamonkey:1.0:alpha
  • Mozilla SeaMonkey 1.0 beta
    cpe:2.3:a:mozilla:seamonkey:1.0:beta
  • Mozilla SeaMonkey 1.0.1
    cpe:2.3:a:mozilla:seamonkey:1.0.1
  • Mozilla SeaMonkey 1.0.2
    cpe:2.3:a:mozilla:seamonkey:1.0.2
  • Mozilla SeaMonkey 1.0.3
    cpe:2.3:a:mozilla:seamonkey:1.0.3
  • Mozilla SeaMonkey 1.0.4
    cpe:2.3:a:mozilla:seamonkey:1.0.4
  • Mozilla SeaMonkey 1.0.5
    cpe:2.3:a:mozilla:seamonkey:1.0.5
  • Mozilla SeaMonkey 1.0.6
    cpe:2.3:a:mozilla:seamonkey:1.0.6
  • Mozilla SeaMonkey 1.0.7
    cpe:2.3:a:mozilla:seamonkey:1.0.7
  • Mozilla SeaMonkey 1.0.8
    cpe:2.3:a:mozilla:seamonkey:1.0.8
  • Mozilla SeaMonkey 1.0.9
    cpe:2.3:a:mozilla:seamonkey:1.0.9
  • Mozilla SeaMonkey 1.1
    cpe:2.3:a:mozilla:seamonkey:1.1
  • Mozilla SeaMonkey 1.1 alpha
    cpe:2.3:a:mozilla:seamonkey:1.1:alpha
  • Mozilla SeaMonkey 1.1 beta
    cpe:2.3:a:mozilla:seamonkey:1.1:beta
  • Mozilla Seamonkey 1.1.1
    cpe:2.3:a:mozilla:seamonkey:1.1.1
  • Mozilla Seamonkey 1.1.2
    cpe:2.3:a:mozilla:seamonkey:1.1.2
  • Mozilla Seamonkey 1.1.3
    cpe:2.3:a:mozilla:seamonkey:1.1.3
  • Mozilla Seamonkey 1.1.4
    cpe:2.3:a:mozilla:seamonkey:1.1.4
  • Mozilla Seamonkey 1.1.5
    cpe:2.3:a:mozilla:seamonkey:1.1.5
  • Mozilla Seamonkey 1.1.6
    cpe:2.3:a:mozilla:seamonkey:1.1.6
  • Mozilla Seamonkey 1.1.7
    cpe:2.3:a:mozilla:seamonkey:1.1.7
  • Mozilla SeaMonkey 1.1.8
    cpe:2.3:a:mozilla:seamonkey:1.1.8
  • Mozilla SeaMonkey 1.1.9
    cpe:2.3:a:mozilla:seamonkey:1.1.9
  • Mozilla SeaMonkey 1.1.10
    cpe:2.3:a:mozilla:seamonkey:1.1.10
  • Mozilla SeaMonkey 1.1.11
    cpe:2.3:a:mozilla:seamonkey:1.1.11
  • Mozilla SeaMonkey 1.1.12
    cpe:2.3:a:mozilla:seamonkey:1.1.12
  • Mozilla SeaMonkey 1.1.13
    cpe:2.3:a:mozilla:seamonkey:1.1.13
  • Mozilla SeaMonkey 1.1.14
    cpe:2.3:a:mozilla:seamonkey:1.1.14
  • Mozilla SeaMonkey 1.1.15
    cpe:2.3:a:mozilla:seamonkey:1.1.15
  • Mozilla SeaMonkey 1.1.16
    cpe:2.3:a:mozilla:seamonkey:1.1.16
  • Mozilla SeaMonkey 1.1.17
    cpe:2.3:a:mozilla:seamonkey:1.1.17
  • Mozilla Seamonkey 1.1.18
    cpe:2.3:a:mozilla:seamonkey:1.1.18
  • Mozilla Seamonkey 1.1.19
    cpe:2.3:a:mozilla:seamonkey:1.1.19
  • Mozilla SeaMonkey 2.0
    cpe:2.3:a:mozilla:seamonkey:2.0
  • Mozilla SeaMonkey 2.0 Alpha 1
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1
  • Mozilla SeaMonkey 2.0 Alpha 2
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2
  • Mozilla SeaMonkey 2.0 Alpha 3
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3
  • Mozilla SeaMonkey 2.0 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.0:beta_1
  • Mozilla SeaMonkey 2.0 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.0:beta_2
  • Mozilla SeaMonkey 2.0 RC1
    cpe:2.3:a:mozilla:seamonkey:2.0:rc1
  • Mozilla SeaMonkey 2.0 RC2
    cpe:2.3:a:mozilla:seamonkey:2.0:rc2
  • Mozilla SeaMonkey 2.0.1
    cpe:2.3:a:mozilla:seamonkey:2.0.1
  • Mozilla SeaMonkey 2.0.2
    cpe:2.3:a:mozilla:seamonkey:2.0.2
  • Mozilla SeaMonkey 2.0.3
    cpe:2.3:a:mozilla:seamonkey:2.0.3
  • Mozilla SeaMonkey 2.0.4
    cpe:2.3:a:mozilla:seamonkey:2.0.4
CVSS
Base: 7.6 (as of 06-04-2010 - 19:09)
Impact:
Exploitability:
CWE CWE-94
CAPEC
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Manipulating User-Controlled Variables
    This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-070.NASL
    description Security issues were identified and fixed in firefox : Security researcher regenrecht reported (via TippingPoint's Zero Day Initiative) a potential reuse of a deleted image frame in Firefox 3.6's handling of multipart/x-mixed-replace images. Although no exploit was shown, re-use of freed memory has led to exploitable vulnerabilities in the past (CVE-2010-0164). Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code (CVE-2010-0165, CVE-2010-0167). Mozilla developer Josh Soref of Nokia reported that documents failed to call certain security checks when attempting to preload images. Although the image content is not available to the page, it is possible to specify protocols that are normally not allowed in a web page such as file:. This includes internal schemes implemented by add-ons that might perform privileged actions resulting in something like a Cross-Site Request Forgery (CSRF) attack against the add-on. Potential severity would depend on the add-ons installed (CVE-2010-0168). Mozilla developer Blake Kaplan reported that the window.location object was made a normal overridable JavaScript object in the Firefox 3.6 browser engine (Gecko 1.9.2) because new mechanisms were developed to enforce the same-origin policy between windows and frames. This object is unfortunately also used by some plugins to determine the page origin used for access restrictions. A malicious page could override this object to fool a plugin into granting access to data on another site or the local file system. The behavior of older Firefox versions has been restored (CVE-2010-0170). Mozilla developer Justin Dolske reported that the new asynchronous Authorization Prompt (HTTP username and password) was not always attached to the correct window. Although we have not demonstrated this, it may be possible for a malicious page to convince a user to open a new tab or popup to a trusted service and then have the HTTP authorization prompt from the malicious page appear to be the login prompt for the trusted page. This potential attack is greatly mitigated by the fact that very few websites use HTTP authorization, preferring instead to use web forms and cookies (CVE-2010-0172). Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly have unknown other impact via vectors that might involve compressed data, a different vulnerability than CVE-2010-1028 (CVE-2010-1122). Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code (CVE-2010-0173, CVE-2010-0174) Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a select event handler for XUL tree items could be called after the tree item was deleted. This results in the execution of previously freed memory which an attacker could use to crash a victim's browser and run arbitrary code on the victim's computer (CVE-2010-0175). Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the way . In certain cases, the number of references to an
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 45520
    published 2010-04-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45520
    title Mandriva Linux Security Advisory : firefox (MDVSA-2010:070-1)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_362.NASL
    description The installed version of Firefox 3.6.x is earlier than 3.6.2. Such versions are potentially affected by multiple security issues : - The WOFF decoder contains an integer overflow in a font decompression routine. (MFSA 2010-08) - Deleted image frames are reused when handling 'multipart/x-mixed-replace' images. (MFSA 2010-09) - The 'window.location' object is made a normal overridable object. (MFSA 2010-10) - Multiple crashes can result in arbitrary code execution. (MFSA 2010-11) - A cross-site scripting issue when using 'addEventListener' and 'setTimeout' on a wrapped object. (MFSA 2010-12) - Documents fail to call certain security checks when attempting to preload images. (MFSA 2010-13) - It is possible to corrupt a user's XUL cache. (MFSA 2010-14) - The asynchronous Authorization Prompt is not always attached to the correct window. (MFSA 2010-15) - Multiple crashes can result in arbitrary code execution. (MFSA 2010-16) - An error exists in the way '' (MFSA 2010-18) - An error exists in the implementation of the 'windows.navigator.plugins' object. (MFSA 2010-19) - A browser applet can be used to turn a simple mouse click into a drag-and-drop action, potentially resulting in the unintended loading of resources in a user's browser. (MFSA 2010-20) - Session renegotiations are not handled properly, which can be exploited to insert arbitrary plaintext by a man-in-the-middle. (MFSA 2010-22) - When an image points to a resource that redirects to a 'mailto:' URL, the external mail handler application is launched. (MFSA 2010-23) - XML documents fail to call certain security checks when loading new content. (MFSA 2010-024)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 45133
    published 2010-03-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45133
    title Firefox 3.6.x < 3.6.2 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_SEAMONKEY-100406.NASL
    description Mozilla SeaMonkey was updated to version 2.0.4 fixing lots of bugs and security issues. Following security issues were fixed: MFSA 2010-16: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) MFSA 2010-17 / CVE-2010-0175: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a select event handler for XUL tree items could be called after the tree item was deleted. This results in the execution of previously freed memory which an attacker could use to crash a victim's browser and run arbitrary code on the victim's computer. MFSA 2010-18 / CVE-2010-0176: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the way . In certain cases, the number of references to an
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 45497
    published 2010-04-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45497
    title openSUSE Security Update : seamonkey (openSUSE-SU-2010:0102-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201301-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 63402
    published 2013-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63402
    title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_MOZILLA-XULRUNNER190-100407.NASL
    description Mozilla XULRunner was updated to version 1.9.0.19 fixing lots of bugs and security issues. The following security issues were fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-16) References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a select event handler for XUL tree items could be called after the tree item was deleted. This results in the execution of previously freed memory which an attacker could use to crash a victim's browser and run arbitrary code on the victim's computer. (MFSA 2010-17 / CVE-2010-0175) - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the way option elements are inserted into a XUL tree optgroup. In certain cases, the number of references to an option element is under-counted so that when the element is deleted, a live pointer to its old location is kept around and may later be used. An attacker could potentially use these conditions to run arbitrary code on a victim's computer. (MFSA 2010-18 / CVE-2010-0176) - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the implementation of the window.navigator.plugins object. When a page reloads, the plugins array would reallocate all of its members without checking for existing references to each member. This could result in the deletion of objects for which valid pointers still exist. An attacker could use this vulnerability to crash a victim's browser and run arbitrary code on the victim's machine. (MFSA 2010-19 / CVE-2010-0177) - Security researcher Paul Stone reported that a browser applet could be used to turn a simple mouse click into a drag-and-drop action, potentially resulting in the unintended loading of resources in a user's browser. This behavior could be used twice in succession to first load a privileged chrome: URL in a victim's browser, then load a malicious javascript: URL on top of the same document resulting in arbitrary script execution with chrome privileges. (MFSA 2010-20 / CVE-2010-0178) - Mozilla security researcher moz_bug_r_a4 reported that the XMLHttpRequestSpy module in the Firebug add-on was exposing an underlying chrome privilege escalation vulnerability. When the XMLHttpRequestSpy object was created, it would attach various properties of itself to objects defined in web content, which were not being properly wrapped to prevent their exposure to chrome privileged objects. This could result in an attacker running arbitrary JavaScript on a victim's machine, though it required the victim to have Firebug installed, so the overall severity of the issue was determined to be High. (MFSA 2010-21 / CVE-2010-0179) - Mozilla developers added support in the Network Security Services module for preventing a type of man-in-the-middle attack against TLS using forced renegotiation. (MFSA 2010-22 / CVE-2009-3555) Note that to benefit from the fix, Firefox 3.6 and Firefox 3.5 users will need to set their security.ssl.require_safe_negotiation preference to true. Firefox 3 does not contain the fix for this issue. - phpBB developer Henry Sudhof reported that when an image tag points to a resource that redirects to a mailto: URL, the external mail handler application is launched. This issue poses no security threat to users but could create an annoyance when browsing a site that allows users to post arbitrary images. (MFSA 2010-23 / CVE-2010-0181) - Mozilla community member Wladimir Palant reported that XML documents were failing to call certain security checks when loading new content. This could result in certain resources being loaded that would otherwise violate security policies set by the browser or installed add-ons. (MFSA 2010-24 / CVE-2010-0182)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 52688
    published 2011-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52688
    title SuSE 11 Security Update : Mozilla XULrunner (SAT Patch Number 2255)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_FIREFOX35UPGRADE-100407.NASL
    description This patch updates Mozilla Firefox from the 3.0 stable branch to the 3.5.9 release. It includes also following security fixes: MFSA 2010-16: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) MFSA 2010-17 / CVE-2010-0175: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a select event handler for XUL tree items could be called after the tree item was deleted. This results in the execution of previously freed memory which an attacker could use to crash a victim's browser and run arbitrary code on the victim's computer. MFSA 2010-18 / CVE-2010-0176: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the way . In certain cases, the number of references to an
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 45522
    published 2010-04-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45522
    title openSUSE Security Update : firefox35upgrade (firefox35upgrade-2262)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-5515.NASL
    description Update to new upstream Firefox version 3.5.9 / XULRunner version 1.9.1.9, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox35.html#firefox3.5.9 Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. CVE-2010-0173 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0181 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 47394
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47394
    title Fedora 11 : Miro-2.5.4-3.fc11 / blam-1.8.5-19.fc11 / chmsee-1.0.1-16.fc11 / epiphany-2.26.3-9.fc11 / etc (2010-5515)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-5506.NASL
    description Update to new upstream Firefox version 3.5.9 / XULRunner version 1.9.1.9, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox35.html#firefox3.5.9 Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. CVE-2010-0173 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0181 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 47391
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47391
    title Fedora 12 : Miro-2.5.4-3.fc12 / firefox-3.5.9-1.fc12 / galeon-2.0.7-22.fc12 / etc (2010-5506)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_3019.NASL
    description The installed version of Firefox is earlier than 3.0.19. Such versions are potentially affected by the following security issues : - Multiple crashes can result in arbitrary code execution. (MFSA 2010-16) - A select event handler for XUL tree items can be called after the item is deleted. (MFSA 2010-17) - An error exists in the way '' (MFSA 2010-18) - An error exists in the implementation of the 'windows.navigator.plugins' object. (MFSA 2010-19) - A browser applet can be used to turn a simple mouse click into a drag-and-drop action, potentially resulting in the unintended loading of resources in a user's browser. (MFSA 2010-20) - The XMLHttpRequestSpy module in the Firebug add-on exposes an underlying chrome privilege escalation vulnerability. (MFSA 2010-21)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 45392
    published 2010-03-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45392
    title Firefox < 3.0.19 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0333.NASL
    description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several use-after-free flaws were found in SeaMonkey. Visiting a web page containing malicious content could result in SeaMonkey executing arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-0174) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 46292
    published 2010-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46292
    title RHEL 3 / 4 : seamonkey (RHSA-2010:0333)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100330_FIREFOX_ON_SL5_X.NASL
    description Several use-after-free flaws were found in Firefox. Visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privileges of the user running Firefox. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in Firefox that could allow an applet to generate a drag and drop action from a mouse click. Such an action could be used to execute arbitrary JavaScript with the privileges of the user running Firefox. (CVE-2010-0178) A privilege escalation flaw was found in Firefox when the Firebug add-on is in use. The XMLHttpRequestSpy module in the Firebug add-on exposes a Chrome privilege escalation flaw that could be used to execute arbitrary JavaScript with the privileges of the user running Firefox. (CVE-2010-0179) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-0174) After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60767
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60767
    title Scientific Linux Security Update : firefox on SL5.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0332.NASL
    description From Red Hat Security Advisory 2010:0332 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several use-after-free flaws were found in Firefox. Visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privileges of the user running Firefox. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in Firefox that could allow an applet to generate a drag and drop action from a mouse click. Such an action could be used to execute arbitrary JavaScript with the privileges of the user running Firefox. (CVE-2010-0178) A privilege escalation flaw was found in Firefox when the Firebug add-on is in use. The XMLHttpRequestSpy module in the Firebug add-on exposes a Chrome privilege escalation flaw that could be used to execute arbitrary JavaScript with the privileges of the user running Firefox. (CVE-2010-0179) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-0174) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.19. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.19, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68026
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68026
    title Oracle Linux 4 / 5 : firefox (ELSA-2010-0332)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_MOZILLATHUNDERBIRD-100406.NASL
    description Mozilla Thunderbird was updated to version 3.0.4 fixing lots of bugs and security issues. Following security issues were fixed: MFSA 2010-16: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) MFSA 2010-17 / CVE-2010-0175: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a select event handler for XUL tree items could be called after the tree item was deleted. This results in the execution of previously freed memory which an attacker could use to crash a victim's browser and run arbitrary code on the victim's computer. MFSA 2010-18 / CVE-2010-0176: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the way . In certain cases, the number of references to an
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 45495
    published 2010-04-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45495
    title openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2010:0102-2)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_MOZILLAFIREFOX-100412.NASL
    description This patch updates Mozilla Firefox to the 3.5.9 release. It includes the following security fixes: MFSA 2010-16: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) MFSA 2010-17 / CVE-2010-0175: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a select event handler for XUL tree items could be called after the tree item was deleted. This results in the execution of previously freed memory which an attacker could use to crash a victim's browser and run arbitrary code on the victim's computer. MFSA 2010-18 / CVE-2010-0176: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the way . In certain cases, the number of references to an
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 45527
    published 2010-04-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45527
    title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0102-3)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_MOZILLAFIREFOX-BRANDING-OPENSUSE-100413.NASL
    description This patch updates the openSUSE Mozilla Branding to version 3.5.
    last seen 2018-09-01
    modified 2014-06-13
    plugin id 45524
    published 2010-04-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45524
    title openSUSE Security Update : MozillaFirefox-branding-openSUSE (MozillaFirefox-branding-openSUSE-2281)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLA-XULRUNNER190-6976.NASL
    description Mozilla XULRunner was updated to version 1.9.0.19 fixing lots of bugs and security issues. The following security issues were fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-16) References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a select event handler for XUL tree items could be called after the tree item was deleted. This results in the execution of previously freed memory which an attacker could use to crash a victim's browser and run arbitrary code on the victim's computer. (MFSA 2010-17 / CVE-2010-0175) - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the way option elements are inserted into a XUL tree optgroup. In certain cases, the number of references to an option element is under-counted so that when the element is deleted, a live pointer to its old location is kept around and may later be used. An attacker could potentially use these conditions to run arbitrary code on a victim's computer. (MFSA 2010-18 / CVE-2010-0176) - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the implementation of the window.navigator.plugins object. When a page reloads, the plugins array would reallocate all of its members without checking for existing references to each member. This could result in the deletion of objects for which valid pointers still exist. An attacker could use this vulnerability to crash a victim's browser and run arbitrary code on the victim's machine. (MFSA 2010-19 / CVE-2010-0177) - Security researcher Paul Stone reported that a browser applet could be used to turn a simple mouse click into a drag-and-drop action, potentially resulting in the unintended loading of resources in a user's browser. This behavior could be used twice in succession to first load a privileged chrome: URL in a victim's browser, then load a malicious javascript: URL on top of the same document resulting in arbitrary script execution with chrome privileges. (MFSA 2010-20 / CVE-2010-0178) - Mozilla security researcher moz_bug_r_a4 reported that the XMLHttpRequestSpy module in the Firebug add-on was exposing an underlying chrome privilege escalation vulnerability. When the XMLHttpRequestSpy object was created, it would attach various properties of itself to objects defined in web content, which were not being properly wrapped to prevent their exposure to chrome privileged objects. This could result in an attacker running arbitrary JavaScript on a victim's machine, though it required the victim to have Firebug installed, so the overall severity of the issue was determined to be High. (MFSA 2010-21 / CVE-2010-0179) - Mozilla developers added support in the Network Security Services module for preventing a type of man-in-the-middle attack against TLS using forced renegotiation. (MFSA 2010-22 / CVE-2009-3555) Note that to benefit from the fix, Firefox 3.6 and Firefox 3.5 users will need to set their security.ssl.require_safe_negotiation preference to true. Firefox 3 does not contain the fix for this issue. - phpBB developer Henry Sudhof reported that when an image tag points to a resource that redirects to a mailto: URL, the external mail handler application is launched. This issue poses no security threat to users but could create an annoyance when browsing a site that allows users to post arbitrary images. (MFSA 2010-23 / CVE-2010-0181) - Mozilla community member Wladimir Palant reported that XML documents were failing to call certain security checks when loading new content. This could result in certain resources being loaded that would otherwise violate security policies set by the browser or installed add-ons. (MFSA 2010-24 / CVE-2010-0182)
    last seen 2019-02-21
    modified 2012-06-14
    plugin id 45500
    published 2010-04-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45500
    title SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6976)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_9CCFEE393C3B11DF9EDC000F20797EDE.NASL
    description Mozilla Project reports : MFSA 2010-24 XMLDocument::load() doesn't check nsIContentPolicy MFSA 2010-23 Image src redirect to mailto: URL opens email editor MFSA 2010-22 Update NSS to support TLS renegotiation indication MFSA 2010-21 Arbitrary code execution with Firebug XMLHttpRequestSpy MFSA 2010-20 Chrome privilege escalation via forced URL drag and drop MFSA 2010-19 Dangling pointer vulnerability in nsPluginArray MFSA 2010-18 Dangling pointer vulnerability in nsTreeContentView MFSA 2010-17 Remote code execution with use-after-free in nsTreeSelection MFSA 2010-16 Crashes with evidence of memory corruption (rv:1.9.2.2/ 1.9.1.9/ 1.9.0.19)
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 45382
    published 2010-03-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45382
    title FreeBSD : mozilla -- multiple vulnerabilities (9ccfee39-3c3b-11df-9edc-000f20797ede)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-5840.NASL
    description Update to new upstream SeaMonkey version 2.0.4, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/seamonkey20.html#seamonkey2.0.4 CVE-2010-0173 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0181 CVE-2010-0182 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 47407
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47407
    title Fedora 12 : seamonkey-2.0.4-1.fc12 (2010-5840)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0332.NASL
    description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several use-after-free flaws were found in Firefox. Visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privileges of the user running Firefox. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in Firefox that could allow an applet to generate a drag and drop action from a mouse click. Such an action could be used to execute arbitrary JavaScript with the privileges of the user running Firefox. (CVE-2010-0178) A privilege escalation flaw was found in Firefox when the Firebug add-on is in use. The XMLHttpRequestSpy module in the Firebug add-on exposes a Chrome privilege escalation flaw that could be used to execute arbitrary JavaScript with the privileges of the user running Firefox. (CVE-2010-0179) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-0174) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.19. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.19, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 45443
    published 2010-04-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45443
    title CentOS 4 : firefox (CESA-2010:0332)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0333.NASL
    description From Red Hat Security Advisory 2010:0333 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several use-after-free flaws were found in SeaMonkey. Visiting a web page containing malicious content could result in SeaMonkey executing arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-0174) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68027
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68027
    title Oracle Linux 3 / 4 : seamonkey (ELSA-2010-0333)
  • NASL family Windows
    NASL id SEAMONKEY_204.NASL
    description The installed version of SeaMonkey is earlier than 2.0.4. Such versions are potentially affected by the following security issues : - Multiple crashes can result in arbitrary code execution. (MFSA 2010-16) - A select event handler for XUL tree items can be called after the item is deleted. (MFSA 2010-17) - An error exists in the way '' (MFSA 2010-18) - An error exists in the implementation of the 'windows.navigator.plugins' object. (MFSA 2010-19) - A browser applet can be used to turn a simple mouse click into a drag-and-drop action, potentially resulting in the unintended loading of resources in a user's browser. (MFSA 2010-20) - Session renegotiations are not handled properly, which can be exploited to insert arbitrary plaintext by a man-in-the-middle. (MFSA 2010-22) - When an image points to a resource that redirects to a 'mailto:' URL, the external mail handler application is launched. (MFSA 2010-23) - XML Documents fail to call certain security checks when loading new content. (MFSA 2010-24)
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 45395
    published 2010-03-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45395
    title SeaMonkey < 2.0.4 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0332.NASL
    description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several use-after-free flaws were found in Firefox. Visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privileges of the user running Firefox. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in Firefox that could allow an applet to generate a drag and drop action from a mouse click. Such an action could be used to execute arbitrary JavaScript with the privileges of the user running Firefox. (CVE-2010-0178) A privilege escalation flaw was found in Firefox when the Firebug add-on is in use. The XMLHttpRequestSpy module in the Firebug add-on exposes a Chrome privilege escalation flaw that could be used to execute arbitrary JavaScript with the privileges of the user running Firefox. (CVE-2010-0179) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-0174) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.19. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.19, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 46291
    published 2010-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46291
    title RHEL 4 / 5 : firefox (RHSA-2010:0332)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLA-XULRUNNER190-6971.NASL
    description Mozilla XULRunner was updated to version 1.9.0.19 fixing lots of bugs and security issues. The following security issues were fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-16) References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a select event handler for XUL tree items could be called after the tree item was deleted. This results in the execution of previously freed memory which an attacker could use to crash a victim's browser and run arbitrary code on the victim's computer. (MFSA 2010-17 / CVE-2010-0175) - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the way option elements are inserted into a XUL tree optgroup. In certain cases, the number of references to an option element is under-counted so that when the element is deleted, a live pointer to its old location is kept around and may later be used. An attacker could potentially use these conditions to run arbitrary code on a victim's computer. (MFSA 2010-18 / CVE-2010-0176) - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the implementation of the window.navigator.plugins object. When a page reloads, the plugins array would reallocate all of its members without checking for existing references to each member. This could result in the deletion of objects for which valid pointers still exist. An attacker could use this vulnerability to crash a victim's browser and run arbitrary code on the victim's machine. (MFSA 2010-19 / CVE-2010-0177) - Security researcher Paul Stone reported that a browser applet could be used to turn a simple mouse click into a drag-and-drop action, potentially resulting in the unintended loading of resources in a user's browser. This behavior could be used twice in succession to first load a privileged chrome: URL in a victim's browser, then load a malicious javascript: URL on top of the same document resulting in arbitrary script execution with chrome privileges. (MFSA 2010-20 / CVE-2010-0178) - Mozilla security researcher moz_bug_r_a4 reported that the XMLHttpRequestSpy module in the Firebug add-on was exposing an underlying chrome privilege escalation vulnerability. When the XMLHttpRequestSpy object was created, it would attach various properties of itself to objects defined in web content, which were not being properly wrapped to prevent their exposure to chrome privileged objects. This could result in an attacker running arbitrary JavaScript on a victim's machine, though it required the victim to have Firebug installed, so the overall severity of the issue was determined to be High. (MFSA 2010-21 / CVE-2010-0179) - Mozilla developers added support in the Network Security Services module for preventing a type of man-in-the-middle attack against TLS using forced renegotiation. (MFSA 2010-22 / CVE-2009-3555) Note that to benefit from the fix, Firefox 3.6 and Firefox 3.5 users will need to set their security.ssl.require_safe_negotiation preference to true. Firefox 3 does not contain the fix for this issue. - phpBB developer Henry Sudhof reported that when an image tag points to a resource that redirects to a mailto: URL, the external mail handler application is launched. This issue poses no security threat to users but could create an annoyance when browsing a site that allows users to post arbitrary images. (MFSA 2010-23 / CVE-2010-0181) - Mozilla community member Wladimir Palant reported that XML documents were failing to call certain security checks when loading new content. This could result in certain resources being loaded that would otherwise violate security policies set by the browser or installed add-ons. (MFSA 2010-24 / CVE-2010-0182)
    last seen 2019-02-21
    modified 2012-06-14
    plugin id 49901
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49901
    title SuSE 10 Security Update : Mozilla XULrunner (ZYPP Patch Number 6971)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_MOZILLA-XULRUNNER190-100407.NASL
    description This patch updates Mozilla XULRunner 3.0 engine the 1.9.0.19 release. It includes also following security fixes: MFSA 2010-16: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) MFSA 2010-17 / CVE-2010-0175: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a select event handler for XUL tree items could be called after the tree item was deleted. This results in the execution of previously freed memory which an attacker could use to crash a victim's browser and run arbitrary code on the victim's computer. MFSA 2010-18 / CVE-2010-0176: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the way . In certain cases, the number of references to an
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 45523
    published 2010-04-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45523
    title openSUSE Security Update : mozilla-xulrunner190 (mozilla-xulrunner190-2261)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0333.NASL
    description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several use-after-free flaws were found in SeaMonkey. Visiting a web page containing malicious content could result in SeaMonkey executing arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-0174) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 45444
    published 2010-04-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45444
    title CentOS 3 / 4 : seamonkey (CESA-2010:0333)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_MOZILLA-XULRUNNER190-100407.NASL
    description This patch updates Mozilla XULRunner 3.0 engine the 1.9.0.19 release. It includes also following security fixes: MFSA 2010-16: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) MFSA 2010-17 / CVE-2010-0175: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a select event handler for XUL tree items could be called after the tree item was deleted. This results in the execution of previously freed memory which an attacker could use to crash a victim's browser and run arbitrary code on the victim's computer. MFSA 2010-18 / CVE-2010-0176: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the way . In certain cases, the number of references to an
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 45526
    published 2010-04-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45526
    title openSUSE Security Update : mozilla-xulrunner190 (mozilla-xulrunner190-2261)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_MOZILLAFIREFOX-100407.NASL
    description Mozilla Firefox was updated to version 3.5.9 fixing lots of bugs and security issues. The following security issues were fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-16) References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a select event handler for XUL tree items could be called after the tree item was deleted. This results in the execution of previously freed memory which an attacker could use to crash a victim's browser and run arbitrary code on the victim's computer. (MFSA 2010-17 / CVE-2010-0175) - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the way elements are inserted into a XUL tree optgroup. In certain cases, the number of references to an element is under-counted so that when the element is deleted, a live pointer to its old location is kept around and may later be used. An attacker could potentially use these conditions to run arbitrary code on a victim's computer. (MFSA 2010-18 / CVE-2010-0176) - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the implementation of the window.navigator.plugins object. When a page reloads, the plugins array would reallocate all of its members without checking for existing references to each member. This could result in the deletion of objects for which valid pointers still exist. An attacker could use this vulnerability to crash a victim's browser and run arbitrary code on the victim's machine. (MFSA 2010-19 / CVE-2010-0177) - Security researcher Paul Stone reported that a browser applet could be used to turn a simple mouse click into a drag-and-drop action, potentially resulting in the unintended loading of resources in a user's browser. This behavior could be used twice in succession to first load a privileged chrome: URL in a victim's browser, then load a malicious javascript: URL on top of the same document resulting in arbitrary script execution with chrome privileges. (MFSA 2010-20 / CVE-2010-0178) - Mozilla security researcher moz_bug_r_a4 reported that the XMLHttpRequestSpy module in the Firebug add-on was exposing an underlying chrome privilege escalation vulnerability. When the XMLHttpRequestSpy object was created, it would attach various properties of itself to objects defined in web content, which were not being properly wrapped to prevent their exposure to chrome privileged objects. This could result in an attacker running arbitrary JavaScript on a victim's machine, though it required the victim to have Firebug installed, so the overall severity of the issue was determined to be High. (MFSA 2010-21 / CVE-2010-0179) - Mozilla developers added support in the Network Security Services module for preventing a type of man-in-the-middle attack against TLS using forced renegotiation. (MFSA 2010-22 / CVE-2009-3555) Note that to benefit from the fix, Firefox 3.6 and Firefox 3.5 users will need to set their security.ssl.require_safe_negotiation preference to true. Firefox 3 does not contain the fix for this issue. - phpBB developer Henry Sudhof reported that when an image tag points to a resource that redirects to a mailto: URL, the external mail handler application is launched. This issue poses no security threat to users but could create an annoyance when browsing a site that allows users to post arbitrary images. (MFSA 2010-23 / CVE-2010-0181) - Mozilla community member Wladimir Palant reported that XML documents were failing to call certain security checks when loading new content. This could result in certain resources being loaded that would otherwise violate security policies set by the browser or installed add-ons. (MFSA 2010-24 / CVE-2010-0182)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 52686
    published 2011-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52686
    title SuSE 11 Security Update : MozillaFirefox, MozillaFirefox-branding-upstream, etc (SAT Patch Number 2254)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-921-1.NASL
    description Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered flaws in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0173, CVE-2010-0174) It was discovered that Firefox could be made to access previously freed memory. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) Paul Stone discovered that Firefox could be made to change a mouse click into a drag and drop event. If the user could be tricked into performing this action twice on a crafted website, an attacker could execute arbitrary JavaScript with chrome privileges. (CVE-2010-0178) It was discovered that the XMLHttpRequestSpy module as used by the Firebug add-on could be used to escalate privileges within the browser. If the user had the Firebug add-on installed and were tricked into viewing a malicious website, an attacker could potentially run arbitrary JavaScript. (CVE-2010-0179) Henry Sudhof discovered that an image tag could be used as a redirect to a mailto: URL to launch an external mail handler. (CVE-2010-0181) Wladimir Palant discovered that Firefox did not always perform security checks on XML content. An attacker could exploit this to bypass security policies to load certain resources. (CVE-2010-0182). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 45484
    published 2010-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45484
    title Ubuntu 9.10 : firefox-3.5, xulrunner-1.9.1 vulnerabilities (USN-921-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-920-1.NASL
    description Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered flaws in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0174) It was discovered that Firefox could be made to access previously freed memory. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) Paul Stone discovered that Firefox could be made to change a mouse click into a drag and drop event. If the user could be tricked into performing this action twice on a crafted website, an attacker could execute arbitrary JavaScript with chrome privileges. (CVE-2010-0178) It was discovered that the XMLHttpRequestSpy module as used by the Firebug add-on could be used to escalate privileges within the browser. If the user had the Firebug add-on installed and were tricked into viewing a malicious website, an attacker could potentially run arbitrary JavaScript. (CVE-2010-0179). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 45483
    published 2010-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45483
    title Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-920-1)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_359.NASL
    description The installed version of Firefox is earlier than 3.5.9. Such versions are potentially affected by the following security issues : - Multiple crashes can result in arbitrary code execution. (MFSA 2010-16) - A select event handler for XUL tree items can be called after the item is deleted. (MFSA 2010-17) - An error exists in the way '' (MFSA 2010-18) - An error exists in the implementation of the 'windows.navigator.plugins' object. (MFSA 2010-19) - A browser applet can be used to turn a simple mouse click into a drag-and-drop action, potentially resulting in the unintended loading of resources in a user's browser. (MFSA 2010-20) - Session renegotiations are not handled properly, which can be exploited to insert arbitrary plaintext by a man-in-the-middle. (MFSA 2010-22) - When an image points to a resource that redirects to a 'mailto:' URL, the external mail handler application is launched. (MFSA 2010-23) - XML documents fail to call certain security checks when loading new content. (MFSA 2010-24)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 45393
    published 2010-03-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45393
    title Firefox < 3.5.9 Multiple Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2027.NASL
    description Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0174 Jesse Ruderman and Ehsan Akhgari discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2010-0175 It was discovered that incorrect memory handling in the XUL event handler might allow the execution of arbitrary code. - CVE-2010-0176 It was discovered that incorrect memory handling in the XUL event handler might allow the execution of arbitrary code. - CVE-2010-0177 It was discovered that incorrect memory handling in the plugin code might allow the execution of arbitrary code. - CVE-2010-0178 Paul Stone discovered that forced drag-and-drop events could lead to Chrome privilege escalation. - CVE-2010-0179 It was discovered that a programming error in the XMLHttpRequestSpy module could lead to the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 45412
    published 2010-04-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45412
    title Debian DSA-2027-1 : xulrunner - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_MOZILLA-XULRUNNER190-100406.NASL
    description Mozilla XULRunner was updated to version 1.9.0.19 fixing lots of bugs and security issues. The following security issues were fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-16) References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a select event handler for XUL tree items could be called after the tree item was deleted. This results in the execution of previously freed memory which an attacker could use to crash a victim's browser and run arbitrary code on the victim's computer. (MFSA 2010-17 / CVE-2010-0175) - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the way option elements are inserted into a XUL tree optgroup. In certain cases, the number of references to an option element is under-counted so that when the element is deleted, a live pointer to its old location is kept around and may later be used. An attacker could potentially use these conditions to run arbitrary code on a victim's computer. (MFSA 2010-18 / CVE-2010-0176) - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the implementation of the window.navigator.plugins object. When a page reloads, the plugins array would reallocate all of its members without checking for existing references to each member. This could result in the deletion of objects for which valid pointers still exist. An attacker could use this vulnerability to crash a victim's browser and run arbitrary code on the victim's machine. (MFSA 2010-19 / CVE-2010-0177) - Security researcher Paul Stone reported that a browser applet could be used to turn a simple mouse click into a drag-and-drop action, potentially resulting in the unintended loading of resources in a user's browser. This behavior could be used twice in succession to first load a privileged chrome: URL in a victim's browser, then load a malicious javascript: URL on top of the same document resulting in arbitrary script execution with chrome privileges. (MFSA 2010-20 / CVE-2010-0178) - Mozilla security researcher moz_bug_r_a4 reported that the XMLHttpRequestSpy module in the Firebug add-on was exposing an underlying chrome privilege escalation vulnerability. When the XMLHttpRequestSpy object was created, it would attach various properties of itself to objects defined in web content, which were not being properly wrapped to prevent their exposure to chrome privileged objects. This could result in an attacker running arbitrary JavaScript on a victim's machine, though it required the victim to have Firebug installed, so the overall severity of the issue was determined to be High. (MFSA 2010-21 / CVE-2010-0179) - Mozilla developers added support in the Network Security Services module for preventing a type of man-in-the-middle attack against TLS using forced renegotiation. (MFSA 2010-22 / CVE-2009-3555) Note that to benefit from the fix, Firefox 3.6 and Firefox 3.5 users will need to set their security.ssl.require_safe_negotiation preference to true. Firefox 3 does not contain the fix for this issue. - phpBB developer Henry Sudhof reported that when an image tag points to a resource that redirects to a mailto: URL, the external mail handler application is launched. This issue poses no security threat to users but could create an annoyance when browsing a site that allows users to post arbitrary images. (MFSA 2010-23 / CVE-2010-0181) - Mozilla community member Wladimir Palant reported that XML documents were failing to call certain security checks when loading new content. This could result in certain resources being loaded that would otherwise violate security policies set by the browser or installed add-ons. (MFSA 2010-24 / CVE-2010-0182)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 50950
    published 2010-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50950
    title SuSE 11 Security Update : Mozilla XULrunner (SAT Patch Number 2255)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_FIREFOX35UPGRADE-100407.NASL
    description This patch updates Mozilla Firefox from the 3.0 stable branch to the 3.5.9 release. It includes also following security fixes: MFSA 2010-16: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) MFSA 2010-17 / CVE-2010-0175: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a select event handler for XUL tree items could be called after the tree item was deleted. This results in the execution of previously freed memory which an attacker could use to crash a victim's browser and run arbitrary code on the victim's computer. MFSA 2010-18 / CVE-2010-0176: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the way . In certain cases, the number of references to an
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 45525
    published 2010-04-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45525
    title openSUSE Security Update : firefox35upgrade (firefox35upgrade-2262)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_MOZILLAFIREFOX-100406.NASL
    description Mozilla Firefox was updated to version 3.5.9 fixing lots of bugs and security issues. The following security issues were fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-16) References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a select event handler for XUL tree items could be called after the tree item was deleted. This results in the execution of previously freed memory which an attacker could use to crash a victim's browser and run arbitrary code on the victim's computer. (MFSA 2010-17 / CVE-2010-0175) - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the way elements are inserted into a XUL tree optgroup. In certain cases, the number of references to an element is under-counted so that when the element is deleted, a live pointer to its old location is kept around and may later be used. An attacker could potentially use these conditions to run arbitrary code on a victim's computer. (MFSA 2010-18 / CVE-2010-0176) - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the implementation of the window.navigator.plugins object. When a page reloads, the plugins array would reallocate all of its members without checking for existing references to each member. This could result in the deletion of objects for which valid pointers still exist. An attacker could use this vulnerability to crash a victim's browser and run arbitrary code on the victim's machine. (MFSA 2010-19 / CVE-2010-0177) - Security researcher Paul Stone reported that a browser applet could be used to turn a simple mouse click into a drag-and-drop action, potentially resulting in the unintended loading of resources in a user's browser. This behavior could be used twice in succession to first load a privileged chrome: URL in a victim's browser, then load a malicious javascript: URL on top of the same document resulting in arbitrary script execution with chrome privileges. (MFSA 2010-20 / CVE-2010-0178) - Mozilla security researcher moz_bug_r_a4 reported that the XMLHttpRequestSpy module in the Firebug add-on was exposing an underlying chrome privilege escalation vulnerability. When the XMLHttpRequestSpy object was created, it would attach various properties of itself to objects defined in web content, which were not being properly wrapped to prevent their exposure to chrome privileged objects. This could result in an attacker running arbitrary JavaScript on a victim's machine, though it required the victim to have Firebug installed, so the overall severity of the issue was determined to be High. (MFSA 2010-21 / CVE-2010-0179) - Mozilla developers added support in the Network Security Services module for preventing a type of man-in-the-middle attack against TLS using forced renegotiation. (MFSA 2010-22 / CVE-2009-3555) Note that to benefit from the fix, Firefox 3.6 and Firefox 3.5 users will need to set their security.ssl.require_safe_negotiation preference to true. Firefox 3 does not contain the fix for this issue. - phpBB developer Henry Sudhof reported that when an image tag points to a resource that redirects to a mailto: URL, the external mail handler application is launched. This issue poses no security threat to users but could create an annoyance when browsing a site that allows users to post arbitrary images. (MFSA 2010-23 / CVE-2010-0181) - Mozilla community member Wladimir Palant reported that XML documents were failing to call certain security checks when loading new content. This could result in certain resources being loaded that would otherwise violate security policies set by the browser or installed add-ons. (MFSA 2010-24 / CVE-2010-0182)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 50872
    published 2010-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50872
    title SuSE 11 Security Update : MozillaFirefox, MozillaFirefox-branding-upstream, etc (SAT Patch Number 2254)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100330_FIREFOX_ON_SL4_X.NASL
    description Several use-after-free flaws were found in Firefox. Visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privileges of the user running Firefox. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in Firefox that could allow an applet to generate a drag and drop action from a mouse click. Such an action could be used to execute arbitrary JavaScript with the privileges of the user running Firefox. (CVE-2010-0178) A privilege escalation flaw was found in Firefox when the Firebug add-on is in use. The XMLHttpRequestSpy module in the Firebug add-on exposes a Chrome privilege escalation flaw that could be used to execute arbitrary JavaScript with the privileges of the user running Firefox. (CVE-2010-0179) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-0174) After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60766
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60766
    title Scientific Linux Security Update : firefox on SL4.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLAFIREFOX-6970.NASL
    description Mozilla Firefox was updated to version 3.5.9 fixing lots of bugs and security issues. The following security issues were fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-16) References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a select event handler for XUL tree items could be called after the tree item was deleted. This results in the execution of previously freed memory which an attacker could use to crash a victim's browser and run arbitrary code on the victim's computer. (MFSA 2010-17 / CVE-2010-0175) - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the way option elements are inserted into a XUL tree optgroup. In certain cases, the number of references to an option element is under-counted so that when the element is deleted, a live pointer to its old location is kept around and may later be used. An attacker could potentially use these conditions to run arbitrary code on a victim's computer. (MFSA 2010-18 / CVE-2010-0176) - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the implementation of the window.navigator.plugins object. When a page reloads, the plugins array would reallocate all of its members without checking for existing references to each member. This could result in the deletion of objects for which valid pointers still exist. An attacker could use this vulnerability to crash a victim's browser and run arbitrary code on the victim's machine. (MFSA 2010-19 / CVE-2010-0177) - Security researcher Paul Stone reported that a browser applet could be used to turn a simple mouse click into a drag-and-drop action, potentially resulting in the unintended loading of resources in a user's browser. This behavior could be used twice in succession to first load a privileged chrome: URL in a victim's browser, then load a malicious javascript: URL on top of the same document resulting in arbitrary script execution with chrome privileges. (MFSA 2010-20 / CVE-2010-0178) - Mozilla security researcher moz_bug_r_a4 reported that the XMLHttpRequestSpy module in the Firebug add-on was exposing an underlying chrome privilege escalation vulnerability. When the XMLHttpRequestSpy object was created, it would attach various properties of itself to objects defined in web content, which were not being properly wrapped to prevent their exposure to chrome privileged objects. This could result in an attacker running arbitrary JavaScript on a victim's machine, though it required the victim to have Firebug installed, so the overall severity of the issue was determined to be High. (MFSA 2010-21 / CVE-2010-0179) - Mozilla developers added support in the Network Security Services module for preventing a type of man-in-the-middle attack against TLS using forced renegotiation. (MFSA 2010-22 / CVE-2009-3555) Note that to benefit from the fix, Firefox 3.6 and Firefox 3.5 users will need to set their security.ssl.require_safe_negotiation preference to true. Firefox 3 does not contain the fix for this issue. - phpBB developer Henry Sudhof reported that when an image tag points to a resource that redirects to a mailto: URL, the external mail handler application is launched. This issue poses no security threat to users but could create an annoyance when browsing a site that allows users to post arbitrary images. (MFSA 2010-23 / CVE-2010-0181) - Mozilla community member Wladimir Palant reported that XML documents were failing to call certain security checks when loading new content. This could result in certain resources being loaded that would otherwise violate security policies set by the browser or installed add-ons. (MFSA 2010-24 / CVE-2010-0182)
    last seen 2019-02-21
    modified 2012-06-14
    plugin id 45498
    published 2010-04-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45498
    title SuSE 10 Security Update : MozillaFirefox, MozillaFirefox-branding-upstream, MozillaFirefox-translations, mozilla-xulrunner191, mozilla-xulrunner191-devel, mozilla-xulrunner191-gnomevfs, mozilla-xulrunner191-translations, python-xpcom191 (ZYPP Patch Number 6970)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-6236.NASL
    description Update to new upstream SeaMonkey version 2.0.4, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/seamonkey20.html#seamonkey2.0.4 CVE-2010-0173 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0181 CVE-2010-0182 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 47425
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47425
    title Fedora 13 : seamonkey-2.0.4-1.fc13 (2010-6236)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLAFIREFOX-6979.NASL
    description Mozilla Firefox was updated to version 3.5.9 fixing lots of bugs and security issues. The following security issues were fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-16) References Martijn Wargers, Josh Soref, and Jesse Ruderman reported crashes in the browser engine that affected Firefox 3.5 and Firefox 3.6. (CVE-2010-0173) Jesse Ruderman and Ehsan Akhgari reported crashes that affected all supported versions of the browser engine. (CVE-2010-0174) - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a select event handler for XUL tree items could be called after the tree item was deleted. This results in the execution of previously freed memory which an attacker could use to crash a victim's browser and run arbitrary code on the victim's computer. (MFSA 2010-17 / CVE-2010-0175) - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the way option elements are inserted into a XUL tree optgroup. In certain cases, the number of references to an option element is under-counted so that when the element is deleted, a live pointer to its old location is kept around and may later be used. An attacker could potentially use these conditions to run arbitrary code on a victim's computer. (MFSA 2010-18 / CVE-2010-0176) - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the implementation of the window.navigator.plugins object. When a page reloads, the plugins array would reallocate all of its members without checking for existing references to each member. This could result in the deletion of objects for which valid pointers still exist. An attacker could use this vulnerability to crash a victim's browser and run arbitrary code on the victim's machine. (MFSA 2010-19 / CVE-2010-0177) - Security researcher Paul Stone reported that a browser applet could be used to turn a simple mouse click into a drag-and-drop action, potentially resulting in the unintended loading of resources in a user's browser. This behavior could be used twice in succession to first load a privileged chrome: URL in a victim's browser, then load a malicious javascript: URL on top of the same document resulting in arbitrary script execution with chrome privileges. (MFSA 2010-20 / CVE-2010-0178) - Mozilla security researcher moz_bug_r_a4 reported that the XMLHttpRequestSpy module in the Firebug add-on was exposing an underlying chrome privilege escalation vulnerability. When the XMLHttpRequestSpy object was created, it would attach various properties of itself to objects defined in web content, which were not being properly wrapped to prevent their exposure to chrome privileged objects. This could result in an attacker running arbitrary JavaScript on a victim's machine, though it required the victim to have Firebug installed, so the overall severity of the issue was determined to be High. (MFSA 2010-21 / CVE-2010-0179) - Mozilla developers added support in the Network Security Services module for preventing a type of man-in-the-middle attack against TLS using forced renegotiation. (MFSA 2010-22 / CVE-2009-3555) Note that to benefit from the fix, Firefox 3.6 and Firefox 3.5 users will need to set their security.ssl.require_safe_negotiation preference to true. Firefox 3 does not contain the fix for this issue. - phpBB developer Henry Sudhof reported that when an image tag points to a resource that redirects to a mailto: URL, the external mail handler application is launched. This issue poses no security threat to users but could create an annoyance when browsing a site that allows users to post arbitrary images. (MFSA 2010-23 / CVE-2010-0181) - Mozilla community member Wladimir Palant reported that XML documents were failing to call certain security checks when loading new content. This could result in certain resources being loaded that would otherwise violate security policies set by the browser or installed add-ons. (MFSA 2010-24 / CVE-2010-0182)
    last seen 2019-02-21
    modified 2012-06-14
    plugin id 49892
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49892
    title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6979)
oval via4
  • accepted 2013-04-29T04:05:52.216-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL.
    family unix
    id oval:org.mitre.oval:def:10460
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL.
    version 24
  • accepted 2014-10-06T04:04:21.564-04:00
    class vulnerability
    contributors
    • name J. Daniel Brown
      organization DTCC
    • name Sergey Artykhov
      organization ALTX-SOFT
    • name Sergey Artykhov
      organization ALTX-SOFT
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Kedovskaya
      organization ALTX-SOFT
    • name Evgeniy Pavlov
      organization ALTX-SOFT
    • name Evgeniy Pavlov
      organization ALTX-SOFT
    • name Evgeniy Pavlov
      organization ALTX-SOFT
    definition_extensions
    • comment Mozilla Firefox Mainline release is installed
      oval oval:org.mitre.oval:def:22259
    • comment Mozilla Seamonkey is installed
      oval oval:org.mitre.oval:def:6372
    description Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL.
    family windows
    id oval:org.mitre.oval:def:6975
    status accepted
    submitted 2010-04-05T10:30:00.000-05:00
    title Mozilla Firefox and SeaMonkey Chrome Privilege Escalation Vulnerability
    version 29
redhat via4
advisories
rhsa
id RHSA-2010:0332
rpms
  • firefox-0:3.0.19-1.el4
  • xulrunner-0:1.9.0.19-1.el5_5
  • xulrunner-devel-0:1.9.0.19-1.el5_5
  • xulrunner-devel-unstable-0:1.9.0.19-1.el5_5
  • firefox-0:3.0.19-1.el5_5
refmap via4
confirm
debian DSA-2027
mandriva MDVSA-2010:070
sectrack 1023776
secunia
  • 39136
  • 39240
  • 39243
  • 39308
  • 39397
suse SUSE-SR:2010:013
ubuntu USN-921-1
vupen
  • ADV-2010-0748
  • ADV-2010-0764
  • ADV-2010-0781
  • ADV-2010-0849
xf firefox-draganddrop-code-execution(57391)
Last major update 14-09-2012 - 00:00
Published 05-04-2010 - 13:30
Last modified 30-10-2018 - 12:25
Back to Top