ID CVE-2010-1200
Summary Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
References
Vulnerable Configurations
  • Mozilla Firefox 3.5
    cpe:2.3:a:mozilla:firefox:3.5
  • Mozilla Firefox 3.5.1
    cpe:2.3:a:mozilla:firefox:3.5.1
  • Mozilla Firefox 3.5.2
    cpe:2.3:a:mozilla:firefox:3.5.2
  • Mozilla Firefox 3.5.3
    cpe:2.3:a:mozilla:firefox:3.5.3
  • Mozilla Firefox 3.5.4
    cpe:2.3:a:mozilla:firefox:3.5.4
  • Mozilla Firefox 3.5.5
    cpe:2.3:a:mozilla:firefox:3.5.5
  • Mozilla Firefox 3.5.6
    cpe:2.3:a:mozilla:firefox:3.5.6
  • Mozilla Firefox 3.5.7
    cpe:2.3:a:mozilla:firefox:3.5.7
  • Mozilla Firefox 3.5.9
    cpe:2.3:a:mozilla:firefox:3.5.9
  • Mozilla SeaMonkey 2.0.4
    cpe:2.3:a:mozilla:seamonkey:2.0.4
  • Mozilla SeaMonkey 2.0.3
    cpe:2.3:a:mozilla:seamonkey:2.0.3
  • Mozilla SeaMonkey 2.0.2
    cpe:2.3:a:mozilla:seamonkey:2.0.2
  • Mozilla SeaMonkey 2.0.1
    cpe:2.3:a:mozilla:seamonkey:2.0.1
  • Mozilla SeaMonkey 2.0
    cpe:2.3:a:mozilla:seamonkey:2.0
  • Mozilla SeaMonkey 2.0 RC2
    cpe:2.3:a:mozilla:seamonkey:2.0:rc2
  • Mozilla SeaMonkey 2.0 RC1
    cpe:2.3:a:mozilla:seamonkey:2.0:rc1
  • Mozilla SeaMonkey 2.0 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.0:beta_2
  • Mozilla SeaMonkey 2.0 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.0:beta_1
  • Mozilla SeaMonkey 2.0 Alpha 3
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3
  • Mozilla SeaMonkey 2.0 Alpha 2
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2
  • Mozilla SeaMonkey 2.0 Alpha 1
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1
  • Mozilla Seamonkey 1.1.19
    cpe:2.3:a:mozilla:seamonkey:1.1.19
  • Mozilla Seamonkey 1.1.18
    cpe:2.3:a:mozilla:seamonkey:1.1.18
  • Mozilla SeaMonkey 1.1.17
    cpe:2.3:a:mozilla:seamonkey:1.1.17
  • Mozilla SeaMonkey 1.1.16
    cpe:2.3:a:mozilla:seamonkey:1.1.16
  • Mozilla SeaMonkey 1.1.15
    cpe:2.3:a:mozilla:seamonkey:1.1.15
  • Mozilla SeaMonkey 1.1.14
    cpe:2.3:a:mozilla:seamonkey:1.1.14
  • Mozilla SeaMonkey 1.1.13
    cpe:2.3:a:mozilla:seamonkey:1.1.13
  • Mozilla SeaMonkey 1.1.12
    cpe:2.3:a:mozilla:seamonkey:1.1.12
  • Mozilla SeaMonkey 1.1.11
    cpe:2.3:a:mozilla:seamonkey:1.1.11
  • Mozilla SeaMonkey 1.1.10
    cpe:2.3:a:mozilla:seamonkey:1.1.10
  • Mozilla SeaMonkey 1.1.9
    cpe:2.3:a:mozilla:seamonkey:1.1.9
  • Mozilla SeaMonkey 1.1.8
    cpe:2.3:a:mozilla:seamonkey:1.1.8
  • Mozilla Seamonkey 1.1.7
    cpe:2.3:a:mozilla:seamonkey:1.1.7
  • Mozilla Seamonkey 1.1.6
    cpe:2.3:a:mozilla:seamonkey:1.1.6
  • Mozilla Seamonkey 1.1.5
    cpe:2.3:a:mozilla:seamonkey:1.1.5
  • Mozilla Seamonkey 1.1.4
    cpe:2.3:a:mozilla:seamonkey:1.1.4
  • Mozilla Seamonkey 1.1.3
    cpe:2.3:a:mozilla:seamonkey:1.1.3
  • Mozilla Seamonkey 1.1.2
    cpe:2.3:a:mozilla:seamonkey:1.1.2
  • Mozilla Seamonkey 1.1.1
    cpe:2.3:a:mozilla:seamonkey:1.1.1
  • Mozilla SeaMonkey 1.1
    cpe:2.3:a:mozilla:seamonkey:1.1
  • Mozilla SeaMonkey 1.1 beta
    cpe:2.3:a:mozilla:seamonkey:1.1:beta
  • Mozilla SeaMonkey 1.1 alpha
    cpe:2.3:a:mozilla:seamonkey:1.1:alpha
  • Mozilla SeaMonkey 1.0.9
    cpe:2.3:a:mozilla:seamonkey:1.0.9
  • Mozilla SeaMonkey 1.0.8
    cpe:2.3:a:mozilla:seamonkey:1.0.8
  • Mozilla SeaMonkey 1.0.7
    cpe:2.3:a:mozilla:seamonkey:1.0.7
  • Mozilla SeaMonkey 1.0.6
    cpe:2.3:a:mozilla:seamonkey:1.0.6
  • Mozilla SeaMonkey 1.0.5
    cpe:2.3:a:mozilla:seamonkey:1.0.5
  • Mozilla SeaMonkey 1.0.4
    cpe:2.3:a:mozilla:seamonkey:1.0.4
  • Mozilla SeaMonkey 1.0.3
    cpe:2.3:a:mozilla:seamonkey:1.0.3
  • Mozilla SeaMonkey 1.0.2
    cpe:2.3:a:mozilla:seamonkey:1.0.2
  • Mozilla SeaMonkey 1.0.1
    cpe:2.3:a:mozilla:seamonkey:1.0.1
  • Mozilla SeaMonkey 1.0
    cpe:2.3:a:mozilla:seamonkey:1.0
  • Mozilla SeaMonkey 1.0 beta
    cpe:2.3:a:mozilla:seamonkey:1.0:beta
  • Mozilla SeaMonkey 1.0 alpha
    cpe:2.3:a:mozilla:seamonkey:1.0:alpha
  • Mozilla Firefox 3.6.2
    cpe:2.3:a:mozilla:firefox:3.6.2
  • Mozilla Firefox 3.6.3
    cpe:2.3:a:mozilla:firefox:3.6.3
  • Mozilla Firefox 3.6
    cpe:2.3:a:mozilla:firefox:3.6
  • Mozilla Thunderbird 3.0.4
    cpe:2.3:a:mozilla:thunderbird:3.0.4
  • Mozilla Thunderbird 3.0.3
    cpe:2.3:a:mozilla:thunderbird:3.0.3
  • Mozilla Thunderbird 3.0.2
    cpe:2.3:a:mozilla:thunderbird:3.0.2
  • Mozilla Thunderbird 3.0.1
    cpe:2.3:a:mozilla:thunderbird:3.0.1
  • Mozilla Thunderbird 3.0
    cpe:2.3:a:mozilla:thunderbird:3.0
  • Mozilla Thunderbird 2.0.0.19
    cpe:2.3:a:mozilla:thunderbird:2.0.0.19
  • Mozilla Thunderbird 2.0.0.18
    cpe:2.3:a:mozilla:thunderbird:2.0.0.18
  • Mozilla Thunderbird 2.0.0.17
    cpe:2.3:a:mozilla:thunderbird:2.0.0.17
  • Mozilla Thunderbird 2.0.0.16
    cpe:2.3:a:mozilla:thunderbird:2.0.0.16
  • Mozilla Thunderbird 2.0.0.14
    cpe:2.3:a:mozilla:thunderbird:2.0.0.14
  • Mozilla Thunderbird 2.0.0.12
    cpe:2.3:a:mozilla:thunderbird:2.0.0.12
  • Mozilla Thunderbird 2.0.0.9
    cpe:2.3:a:mozilla:thunderbird:2.0.0.9
  • Mozilla Thunderbird 2.0.0.6
    cpe:2.3:a:mozilla:thunderbird:2.0.0.6
  • Mozilla Thunderbird 2.0.0.5
    cpe:2.3:a:mozilla:thunderbird:2.0.0.5
  • Mozilla Thunderbird 2.0.0.4
    cpe:2.3:a:mozilla:thunderbird:2.0.0.4
  • Mozilla Thunderbird 2.0.0.0
    cpe:2.3:a:mozilla:thunderbird:2.0.0.0
  • Mozilla Thunderbird 1.5.0.14
    cpe:2.3:a:mozilla:thunderbird:1.5.0.14
  • Mozilla Thunderbird 1.5.0.13
    cpe:2.3:a:mozilla:thunderbird:1.5.0.13
  • Mozilla Thunderbird 1.5.0.12
    cpe:2.3:a:mozilla:thunderbird:1.5.0.12
  • Mozilla Thunderbird 1.5.0.10
    cpe:2.3:a:mozilla:thunderbird:1.5.0.10
  • Mozilla Thunderbird 1.5.0.9
    cpe:2.3:a:mozilla:thunderbird:1.5.0.9
  • Mozilla Thunderbird 1.5.0.8
    cpe:2.3:a:mozilla:thunderbird:1.5.0.8
  • Mozilla Thunderbird 1.5.0.7
    cpe:2.3:a:mozilla:thunderbird:1.5.0.7
  • Mozilla Thunderbird 1.5.0.5
    cpe:2.3:a:mozilla:thunderbird:1.5.0.5
  • Mozilla Thunderbird 1.5.0.4
    cpe:2.3:a:mozilla:thunderbird:1.5.0.4
  • Mozilla Thunderbird 1.5.0.2
    cpe:2.3:a:mozilla:thunderbird:1.5.0.2
  • Mozilla Thunderbird 1.5
    cpe:2.3:a:mozilla:thunderbird:1.5
  • Mozilla Thunderbird 1.0.8
    cpe:2.3:a:mozilla:thunderbird:1.0.8
  • Mozilla Thunderbird 1.0.7
    cpe:2.3:a:mozilla:thunderbird:1.0.7
  • Mozilla Thunderbird 1.0.6
    cpe:2.3:a:mozilla:thunderbird:1.0.6
  • Mozilla Thunderbird 1.0.5
    cpe:2.3:a:mozilla:thunderbird:1.0.5
  • Mozilla Thunderbird 1.0.2
    cpe:2.3:a:mozilla:thunderbird:1.0.2
  • Mozilla Thunderbird 1.0
    cpe:2.3:a:mozilla:thunderbird:1.0
  • Mozilla Thunderbird 0.9
    cpe:2.3:a:mozilla:thunderbird:0.9
  • Mozilla Thunderbird 0.8
    cpe:2.3:a:mozilla:thunderbird:0.8
  • Mozilla Thunderbird 0.7
    cpe:2.3:a:mozilla:thunderbird:0.7
  • Mozilla Thunderbird 0.6
    cpe:2.3:a:mozilla:thunderbird:0.6
  • Mozilla Thunderbird 0.5
    cpe:2.3:a:mozilla:thunderbird:0.5
  • Mozilla Thunderbird 0.4
    cpe:2.3:a:mozilla:thunderbird:0.4
  • Mozilla Thunderbird 0.3
    cpe:2.3:a:mozilla:thunderbird:0.3
  • Mozilla Thunderbird 0.2
    cpe:2.3:a:mozilla:thunderbird:0.2
  • Mozilla Thunderbird 0.1
    cpe:2.3:a:mozilla:thunderbird:0.1
CVSS
Base: 9.3 (as of 24-06-2010 - 13:37)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0500.NASL
    description An updated firefox package that addresses security issues, fixes bugs, adds numerous enhancements, and upgrades Firefox to version 3.6.4, is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203) A flaw was found in the way browser plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Firefox. (CVE-2010-1198) Several integer overflow flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1196, CVE-2010-1199) A focus stealing flaw was found in the way Firefox handled focus changes. A malicious website could use this flaw to steal sensitive data from a user, such as usernames and passwords. (CVE-2010-1125) A flaw was found in the way Firefox handled the 'Content-Disposition: attachment' HTTP header when the 'Content-Type: multipart' HTTP header was also present. A website that allows arbitrary uploads and relies on the 'Content-Disposition: attachment' HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A flaw was found in the Firefox Math.random() function. This function could be used to identify a browsing session and track a user across different websites. (CVE-2008-5913) A flaw was found in the Firefox XML document loading security checks. Certain security checks were not being called when an XML document was loaded. This could possibly be leveraged later by an attacker to load certain resources that violate the security policies of the browser or its add-ons. Note that this issue cannot be exploited by only loading an XML document. (CVE-2010-0182) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.4. You can find a link to the Mozilla advisories in the References section of this erratum. This erratum upgrades Firefox from version 3.0.19 to version 3.6.4, and as such, contains multiple bug fixes and numerous enhancements. Space precludes documenting these changes in this advisory. For details concerning these changes, refer to the Firefox Release Notes links in the References section of this erratum. Important: Firefox 3.6.4 is not completely backwards-compatible with all Mozilla Add-ons and Firefox plug-ins that worked with Firefox 3.0.19. Firefox 3.6 checks compatibility on first-launch, and, depending on the individual configuration and the installed Add-ons and plug-ins, may disable said Add-ons and plug-ins, or attempt to check for updates and upgrade them. Add-ons and plug-ins may have to be manually updated. All Firefox users should upgrade to this updated package, which contains Firefox version 3.6.4. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 48265
    published 2010-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48265
    title CentOS 4 : firefox (CESA-2010:0500)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0501.NASL
    description From Red Hat Security Advisory 2010:0501 : Updated firefox packages that address several security issues, fix bugs, add numerous enhancements, and upgrade Firefox to version 3.6.4, are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Updated 25 June 2010] The original packages distributed with this erratum had a bug which could cause unintended dependencies to be installed when upgrading. We have updated the packages to correct this bug. Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203) A flaw was found in the way browser plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Firefox. (CVE-2010-1198) Several integer overflow flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1196, CVE-2010-1199) A focus stealing flaw was found in the way Firefox handled focus changes. A malicious website could use this flaw to steal sensitive data from a user, such as usernames and passwords. (CVE-2010-1125) A flaw was found in the way Firefox handled the 'Content-Disposition: attachment' HTTP header when the 'Content-Type: multipart' HTTP header was also present. A website that allows arbitrary uploads and relies on the 'Content-Disposition: attachment' HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A flaw was found in the Firefox Math.random() function. This function could be used to identify a browsing session and track a user across different websites. (CVE-2008-5913) A flaw was found in the Firefox XML document loading security checks. Certain security checks were not being called when an XML document was loaded. This could possibly be leveraged later by an attacker to load certain resources that violate the security policies of the browser or its add-ons. Note that this issue cannot be exploited by only loading an XML document. (CVE-2010-0182) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.4. You can find a link to the Mozilla advisories in the References section of this erratum. This erratum upgrades Firefox from version 3.0.19 to version 3.6.4. Due to the requirements of Firefox 3.6.4, this erratum also provides a number of other updated packages, including esc, totem, and yelp. This erratum also contains multiple bug fixes and numerous enhancements. Space precludes documenting these changes in this advisory. For details concerning these changes, refer to the Firefox Release Notes links in the References section of this erratum. Important: Firefox 3.6.4 is not completely backwards-compatible with all Mozilla Add-ons and Firefox plug-ins that worked with Firefox 3.0.19. Firefox 3.6 checks compatibility on first-launch, and, depending on the individual configuration and the installed Add-ons and plug-ins, may disable said Add-ons and plug-ins, or attempt to check for updates and upgrade them. Add-ons and plug-ins may have to be manually updated. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.4. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68055
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68055
    title Oracle Linux 5 : firefox (ELSA-2010-0501)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0500.NASL
    description An updated firefox package that addresses security issues, fixes bugs, adds numerous enhancements, and upgrades Firefox to version 3.6.4, is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203) A flaw was found in the way browser plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Firefox. (CVE-2010-1198) Several integer overflow flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1196, CVE-2010-1199) A focus stealing flaw was found in the way Firefox handled focus changes. A malicious website could use this flaw to steal sensitive data from a user, such as usernames and passwords. (CVE-2010-1125) A flaw was found in the way Firefox handled the 'Content-Disposition: attachment' HTTP header when the 'Content-Type: multipart' HTTP header was also present. A website that allows arbitrary uploads and relies on the 'Content-Disposition: attachment' HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A flaw was found in the Firefox Math.random() function. This function could be used to identify a browsing session and track a user across different websites. (CVE-2008-5913) A flaw was found in the Firefox XML document loading security checks. Certain security checks were not being called when an XML document was loaded. This could possibly be leveraged later by an attacker to load certain resources that violate the security policies of the browser or its add-ons. Note that this issue cannot be exploited by only loading an XML document. (CVE-2010-0182) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.4. You can find a link to the Mozilla advisories in the References section of this erratum. This erratum upgrades Firefox from version 3.0.19 to version 3.6.4, and as such, contains multiple bug fixes and numerous enhancements. Space precludes documenting these changes in this advisory. For details concerning these changes, refer to the Firefox Release Notes links in the References section of this erratum. Important: Firefox 3.6.4 is not completely backwards-compatible with all Mozilla Add-ons and Firefox plug-ins that worked with Firefox 3.0.19. Firefox 3.6 checks compatibility on first-launch, and, depending on the individual configuration and the installed Add-ons and plug-ins, may disable said Add-ons and plug-ins, or attempt to check for updates and upgrade them. Add-ons and plug-ins may have to be manually updated. All Firefox users should upgrade to this updated package, which contains Firefox version 3.6.4. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 47118
    published 2010-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47118
    title RHEL 4 : firefox (RHSA-2010:0500)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0499.NASL
    description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1200) A flaw was found in the way browser plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1198) An integer overflow flaw was found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1199) A flaw was found in the way SeaMonkey processed mail attachments. A specially crafted mail message could cause SeaMonkey to crash. (CVE-2010-0163) A flaw was found in the way SeaMonkey handled the 'Content-Disposition: attachment' HTTP header when the 'Content-Type: multipart' HTTP header was also present. A website that allows arbitrary uploads and relies on the 'Content-Disposition: attachment' HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 47117
    published 2010-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47117
    title RHEL 3 / 4 : seamonkey (RHSA-2010:0499)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0500.NASL
    description From Red Hat Security Advisory 2010:0500 : An updated firefox package that addresses security issues, fixes bugs, adds numerous enhancements, and upgrades Firefox to version 3.6.4, is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203) A flaw was found in the way browser plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Firefox. (CVE-2010-1198) Several integer overflow flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1196, CVE-2010-1199) A focus stealing flaw was found in the way Firefox handled focus changes. A malicious website could use this flaw to steal sensitive data from a user, such as usernames and passwords. (CVE-2010-1125) A flaw was found in the way Firefox handled the 'Content-Disposition: attachment' HTTP header when the 'Content-Type: multipart' HTTP header was also present. A website that allows arbitrary uploads and relies on the 'Content-Disposition: attachment' HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A flaw was found in the Firefox Math.random() function. This function could be used to identify a browsing session and track a user across different websites. (CVE-2008-5913) A flaw was found in the Firefox XML document loading security checks. Certain security checks were not being called when an XML document was loaded. This could possibly be leveraged later by an attacker to load certain resources that violate the security policies of the browser or its add-ons. Note that this issue cannot be exploited by only loading an XML document. (CVE-2010-0182) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.4. You can find a link to the Mozilla advisories in the References section of this erratum. This erratum upgrades Firefox from version 3.0.19 to version 3.6.4, and as such, contains multiple bug fixes and numerous enhancements. Space precludes documenting these changes in this advisory. For details concerning these changes, refer to the Firefox Release Notes links in the References section of this erratum. Important: Firefox 3.6.4 is not completely backwards-compatible with all Mozilla Add-ons and Firefox plug-ins that worked with Firefox 3.0.19. Firefox 3.6 checks compatibility on first-launch, and, depending on the individual configuration and the installed Add-ons and plug-ins, may disable said Add-ons and plug-ins, or attempt to check for updates and upgrade them. Add-ons and plug-ins may have to be manually updated. All Firefox users should upgrade to this updated package, which contains Firefox version 3.6.4. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68054
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68054
    title Oracle Linux 4 : firefox (ELSA-2010-0500)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-126.NASL
    description Multiple vulnerabilities has been found and corrected in mozilla-thunderbird : Unspecified vulnerability in Mozilla Firefox 3 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010 (CVE-2010-1121). Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow (CVE-2010-1196). Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node (CVE-2010-1199). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2010-1200). Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2010-1202). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 Additionally, some packages which require so, have been rebuilt and are being provided as updates.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 47133
    published 2010-06-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47133
    title Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:126)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0499.NASL
    description From Red Hat Security Advisory 2010:0499 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1200) A flaw was found in the way browser plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1198) An integer overflow flaw was found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1199) A flaw was found in the way SeaMonkey processed mail attachments. A specially crafted mail message could cause SeaMonkey to crash. (CVE-2010-0163) A flaw was found in the way SeaMonkey handled the 'Content-Disposition: attachment' HTTP header when the 'Content-Type: multipart' HTTP header was also present. A website that allows arbitrary uploads and relies on the 'Content-Disposition: attachment' HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68053
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68053
    title Oracle Linux 3 / 4 : seamonkey (ELSA-2010-0499)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0501.NASL
    description Updated firefox packages that address several security issues, fix bugs, add numerous enhancements, and upgrade Firefox to version 3.6.4, are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Updated 25 June 2010] The original packages distributed with this erratum had a bug which could cause unintended dependencies to be installed when upgrading. We have updated the packages to correct this bug. Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203) A flaw was found in the way browser plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Firefox. (CVE-2010-1198) Several integer overflow flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1196, CVE-2010-1199) A focus stealing flaw was found in the way Firefox handled focus changes. A malicious website could use this flaw to steal sensitive data from a user, such as usernames and passwords. (CVE-2010-1125) A flaw was found in the way Firefox handled the 'Content-Disposition: attachment' HTTP header when the 'Content-Type: multipart' HTTP header was also present. A website that allows arbitrary uploads and relies on the 'Content-Disposition: attachment' HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A flaw was found in the Firefox Math.random() function. This function could be used to identify a browsing session and track a user across different websites. (CVE-2008-5913) A flaw was found in the Firefox XML document loading security checks. Certain security checks were not being called when an XML document was loaded. This could possibly be leveraged later by an attacker to load certain resources that violate the security policies of the browser or its add-ons. Note that this issue cannot be exploited by only loading an XML document. (CVE-2010-0182) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.4. You can find a link to the Mozilla advisories in the References section of this erratum. This erratum upgrades Firefox from version 3.0.19 to version 3.6.4. Due to the requirements of Firefox 3.6.4, this erratum also provides a number of other updated packages, including esc, totem, and yelp. This erratum also contains multiple bug fixes and numerous enhancements. Space precludes documenting these changes in this advisory. For details concerning these changes, refer to the Firefox Release Notes links in the References section of this erratum. Important: Firefox 3.6.4 is not completely backwards-compatible with all Mozilla Add-ons and Firefox plug-ins that worked with Firefox 3.0.19. Firefox 3.6 checks compatibility on first-launch, and, depending on the individual configuration and the installed Add-ons and plug-ins, may disable said Add-ons and plug-ins, or attempt to check for updates and upgrade them. Add-ons and plug-ins may have to be manually updated. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.4. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 47129
    published 2010-06-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47129
    title CentOS 5 : firefox (CESA-2010:0501)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-943-1.NASL
    description Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199) An integer overflow was discovered in Thunderbird. If a user were tricked into viewing malicious content, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1196) Several flaws were discovered in the browser engine of Thunderbird. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203) If was discovered that Thunderbird could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1121). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 47618
    published 2010-07-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47618
    title Ubuntu 10.04 LTS : thunderbird vulnerabilities (USN-943-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0499.NASL
    description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1200) A flaw was found in the way browser plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1198) An integer overflow flaw was found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1199) A flaw was found in the way SeaMonkey processed mail attachments. A specially crafted mail message could cause SeaMonkey to crash. (CVE-2010-0163) A flaw was found in the way SeaMonkey handled the 'Content-Disposition: attachment' HTTP header when the 'Content-Type: multipart' HTTP header was also present. A website that allows arbitrary uploads and relies on the 'Content-Disposition: attachment' HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 47788
    published 2010-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47788
    title CentOS 3 / 4 : seamonkey (CESA-2010:0499)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0501.NASL
    description Updated firefox packages that address several security issues, fix bugs, add numerous enhancements, and upgrade Firefox to version 3.6.4, are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Updated 25 June 2010] The original packages distributed with this erratum had a bug which could cause unintended dependencies to be installed when upgrading. We have updated the packages to correct this bug. Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203) A flaw was found in the way browser plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Firefox. (CVE-2010-1198) Several integer overflow flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1196, CVE-2010-1199) A focus stealing flaw was found in the way Firefox handled focus changes. A malicious website could use this flaw to steal sensitive data from a user, such as usernames and passwords. (CVE-2010-1125) A flaw was found in the way Firefox handled the 'Content-Disposition: attachment' HTTP header when the 'Content-Type: multipart' HTTP header was also present. A website that allows arbitrary uploads and relies on the 'Content-Disposition: attachment' HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A flaw was found in the Firefox Math.random() function. This function could be used to identify a browsing session and track a user across different websites. (CVE-2008-5913) A flaw was found in the Firefox XML document loading security checks. Certain security checks were not being called when an XML document was loaded. This could possibly be leveraged later by an attacker to load certain resources that violate the security policies of the browser or its add-ons. Note that this issue cannot be exploited by only loading an XML document. (CVE-2010-0182) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.4. You can find a link to the Mozilla advisories in the References section of this erratum. This erratum upgrades Firefox from version 3.0.19 to version 3.6.4. Due to the requirements of Firefox 3.6.4, this erratum also provides a number of other updated packages, including esc, totem, and yelp. This erratum also contains multiple bug fixes and numerous enhancements. Space precludes documenting these changes in this advisory. For details concerning these changes, refer to the Firefox Release Notes links in the References section of this erratum. Important: Firefox 3.6.4 is not completely backwards-compatible with all Mozilla Add-ons and Firefox plug-ins that worked with Firefox 3.0.19. Firefox 3.6 checks compatibility on first-launch, and, depending on the individual configuration and the installed Add-ons and plug-ins, may disable said Add-ons and plug-ins, or attempt to check for updates and upgrade them. Add-ons and plug-ins may have to be manually updated. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.4. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 47119
    published 2010-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47119
    title RHEL 5 : firefox (RHSA-2010:0501)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100622_SEAMONKEY_ON_SL3_X.NASL
    description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1200) A flaw was found in the way browser plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1198) An integer overflow flaw was found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1199) A flaw was found in the way SeaMonkey processed mail attachments. A specially crafted mail message could cause SeaMonkey to crash. (CVE-2010-0163) A flaw was found in the way SeaMonkey handled the 'Content-Disposition: attachment' HTTP header when the 'Content-Type: multipart' HTTP header was also present. A website that allows arbitrary uploads and relies on the 'Content-Disposition: attachment' HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60809
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60809
    title Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201301-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 63402
    published 2013-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63402
    title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100720_THUNDERBIRD_ON_SL5_X.NASL
    description A memory corruption flaw was found in the way Thunderbird decoded certain PNG images. An attacker could create a mail message containing a specially crafted PNG image that, when opened, could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1205) Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753) An integer overflow flaw was found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1199) Several use-after-free flaws were found in Thunderbird. Viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in the way Thunderbird plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1198) A flaw was found in the way Thunderbird handled the 'Content-Disposition: attachment' HTTP header when the 'Content-Type: multipart' HTTP header was also present. Loading remote HTTP content that allows arbitrary uploads and relies on the 'Content-Disposition: attachment' HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird has loaded. (CVE-2010-2754) All running instances of Thunderbird must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60822
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60822
    title Scientific Linux Security Update : thunderbird on SL5.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0545.NASL
    description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A memory corruption flaw was found in the way Thunderbird decoded certain PNG images. An attacker could create a mail message containing a specially crafted PNG image that, when opened, could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1205) Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753) An integer overflow flaw was found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1199) Several use-after-free flaws were found in Thunderbird. Viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in the way Thunderbird plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1198) A flaw was found in the way Thunderbird handled the 'Content-Disposition: attachment' HTTP header when the 'Content-Type: multipart' HTTP header was also present. Loading remote HTTP content that allows arbitrary uploads and relies on the 'Content-Disposition: attachment' HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird has loaded. (CVE-2010-2754) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 47805
    published 2010-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47805
    title CentOS 5 : thunderbird (CESA-2010:0545)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0545.NASL
    description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A memory corruption flaw was found in the way Thunderbird decoded certain PNG images. An attacker could create a mail message containing a specially crafted PNG image that, when opened, could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1205) Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753) An integer overflow flaw was found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1199) Several use-after-free flaws were found in Thunderbird. Viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in the way Thunderbird plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1198) A flaw was found in the way Thunderbird handled the 'Content-Disposition: attachment' HTTP header when the 'Content-Type: multipart' HTTP header was also present. Loading remote HTTP content that allows arbitrary uploads and relies on the 'Content-Disposition: attachment' HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird has loaded. (CVE-2010-2754) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 63939
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63939
    title RHEL 5 : thunderbird (RHSA-2010:0545)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLAFIREFOX-7083.NASL
    description Mozilla Firefox has been updated to version 3.5.10, fixing various bugs and security issues. - Security researcher Amit Klein reported that it was possible to reverse engineer the value used to seed Math.random(). Since the pseudo-random number generator was only seeded once per browsing session, this seed value could be used as a unique token to identify and track users across different web sites. (MFSA 2010-33/ CVE-2008-5913) - Security researcher Ilja van Sprundel of IOActive reported that the Content-Disposition: attachment HTTP header was ignored when `Content-Type: multipart` was also present. This issue could potentially lead to XSS problems in sites that allow users to upload arbitrary files and specify a content type but rely on Content-Disposition: attachment to prevent the content from being displayed inline. (MFSA 2010-32/ CVE-2010-1197) - Google security researcher Michal Zalewski reported that focus() could be used to change a user's cursor focus while they are typing, potentially directing their keyboard input to an unintended location. This behaviour was also present across origins when content from one domain was embedded within another via an iframe. A malicious web page could use this behaviour to steal keystrokes from a victim while they were typing sensitive information such as a password. (MFSA 2010-31/ CVE-2010-1125) - Security researcher Martin Barbella reported via TippingPoint's Zero Day Initiative that an XSLT node sorting routine contained an integer overflow vulnerability. In cases where one of the nodes to be sorted contained a very large text value, the integer used to allocate a memory buffer to store its value would overflow, resulting in too small a buffer being created. An attacker could use this vulnerability to write data past the end of the buffer, causing the browser to crash and potentially running arbitrary code on a victim's computer. (MFSA 2010-30/ CVE-2010-1199) - Security researcher Nils of MWR InfoSecurity reported that the routine for setting the text value for certain types of DOM nodes contained an integer overflow vulnerability. When a very long string was passed to this routine, the integer value used in creating a new memory buffer to hold the string would overflow, resulting in too small a buffer being allocated. An attacker could use this vulnerability to write data past the end of the buffer, causing a crash and potentially running arbitrary code on a victim's computer. . (MFSA 2010-29/ CVE-2010-1196) - Microsoft Vulnerability Research reported that two plugin instances could interact in a way in which one plugin gets a reference to an object owned by a second plugin and continues to hold that reference after the second plugin is unloaded and its object is destroyed. In these cases, the first plugin would contain a pointer to freed memory which, if accessed, could be used by an attacker to execute arbitrary code on a victim's computer. (MFSA 2010-28/ CVE-2010-1198) - Security researcher Wushi of Team509 reported that the frame construction process for certain types of menus could result in a menu containing a pointer to a previously freed menu item. During the cycle collection process, this freed item could be accessed, resulting in the execution of a section of code potentially controlled by an attacker. (MFSA 2010-27/ CVE-2010-0183) - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-26/ CVE-2010-1200 / CVE-2010-1201 / CVE-2010-1202 / CVE-2010-1203) - A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint's Zero Day Initiative. By moving DOM nodes between documents, Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object. The exploit only affects Firefox 3.6 and not earlier versions. Updated (June 22, 2010): Firefox 3.5, SeaMonkey 2.0, and Thunderbird 3.0 based on earlier versions of the browser engine were patched just in case there is an alternate way of triggering the underlying flaw. (MFSA 2010-25/ CVE-2010-1121)
    last seen 2019-02-21
    modified 2012-06-14
    plugin id 49893
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49893
    title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7083)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100622_FIREFOX_ON_SL5_X.NASL
    description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203) A flaw was found in the way browser plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Firefox. (CVE-2010-1198) Several integer overflow flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1196, CVE-2010-1199) A focus stealing flaw was found in the way Firefox handled focus changes. A malicious website could use this flaw to steal sensitive data from a user, such as usernames and passwords. (CVE-2010-1125) A flaw was found in the way Firefox handled the 'Content-Disposition: attachment' HTTP header when the 'Content-Type: multipart' HTTP header was also present. A website that allows arbitrary uploads and relies on the 'Content-Disposition: attachment' HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A flaw was found in the Firefox Math.random() function. This function could be used to identify a browsing session and track a user across different websites. (CVE-2008-5913) A flaw was found in the Firefox XML document loading security checks. Certain security checks were not being called when an XML document was loaded. This could possibly be leveraged later by an attacker to load certain resources that violate the security policies of the browser or its add-ons. Note that this issue cannot be exploited by only loading an XML document. (CVE-2010-0182) This erratum upgrades Firefox from version 3.0.19 to version 3.6.4. Due to the requirements of Firefox 3.6.4, this erratum also provides a number of other updated packages, including esc, totem, and yelp. This erratum also contains multiple bug fixes and numerous enhancements. Space precludes documenting these changes in this advisory. Important: Firefox 3.6.4 is not completely backwards-compatible with all Mozilla Add-ons and Firefox plug-ins that worked with Firefox 3.0.19. Firefox 3.6 checks compatibility on first-launch, and, depending on the individual configuration and the installed Add-ons and plug-ins, may disable said Add-ons and plug-ins, or attempt to check for updates and upgrade them. Add-ons and plug-ins may have to be manually updated. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60808
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60808
    title Scientific Linux Security Update : firefox on SL5.x i386/x86_64
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-930-3.NASL
    description USN-930-1 fixed vulnerabilities in Firefox. Due to a software packaging problem, the Firefox 3.6 update could not be installed when the firefox-2 package was also installed. This update fixes the problem and updates apturl for the change. If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2010-1121) Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203) A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1198) An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1196) Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199) Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. (CVE-2010-1125) Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. (CVE-2010-1197) Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different websites. (CVE-2008-5913). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 47574
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47574
    title Ubuntu 8.04 LTS : firefox regression (USN-930-3)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-11361.NASL
    description Update to new upstream Thunderbird version 3.0.6, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security /known-vulnerabilities/thunderbird30.html#thunderbird3.0.5 http://www.mozilla.org/security/known- vulnerabilities/thunderbird30.html#thunderbird3.0.6 Update also includes sunbird package rebuilt against new version of Thunderbird. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 47810
    published 2010-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47810
    title Fedora 12 : sunbird-1.0-0.23.20090916hg.fc12 / thunderbird-3.0.6-1.fc12 (2010-11361)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-930-5.NASL
    description USN-930-4 fixed vulnerabilities in Firefox and Xulrunner on Ubuntu 9.04 and 9.10. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2. If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2010-1121) Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203) A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1198) An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1196) Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199) Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. (CVE-2010-1125) Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. (CVE-2010-1197) Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different websites. (CVE-2008-5913) Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212) An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1214) A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. (CVE-2010-1215) An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752) An integer overflow was discovered in how Firefox interpreted the XUL element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753) Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205) Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-1213, CVE-2010-1207) O. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-1210) Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no content) code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-1206) Jordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-2751) Chris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0654) Soroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 47825
    published 2010-07-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47825
    title Ubuntu 9.04 / 9.10 : ant, apturl, epiphany-browser, gluezilla, gnome-python-extras, liferea, mozvoikko, openjdk-6, packagekit, ubufox, webfav, yelp update (USN-930-5)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0544.NASL
    description From Red Hat Security Advisory 2010:0544 : An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753) An integer overflow flaw was found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1199) Several use-after-free flaws were found in Thunderbird. Viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in the way Thunderbird plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1198) A flaw was found in the way Thunderbird handled the 'Content-Disposition: attachment' HTTP header when the 'Content-Type: multipart' HTTP header was also present. Loading remote HTTP content that allows arbitrary uploads and relies on the 'Content-Disposition: attachment' HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird has loaded. (CVE-2010-2754) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 68066
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68066
    title Oracle Linux 4 : thunderbird (ELSA-2010-0544)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0544.NASL
    description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753) An integer overflow flaw was found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1199) Several use-after-free flaws were found in Thunderbird. Viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in the way Thunderbird plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1198) A flaw was found in the way Thunderbird handled the 'Content-Disposition: attachment' HTTP header when the 'Content-Type: multipart' HTTP header was also present. Loading remote HTTP content that allows arbitrary uploads and relies on the 'Content-Disposition: attachment' HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird has loaded. (CVE-2010-2754) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 47879
    published 2010-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47879
    title RHEL 4 : thunderbird (RHSA-2010:0544)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0544.NASL
    description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753) An integer overflow flaw was found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1199) Several use-after-free flaws were found in Thunderbird. Viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in the way Thunderbird plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1198) A flaw was found in the way Thunderbird handled the 'Content-Disposition: attachment' HTTP header when the 'Content-Type: multipart' HTTP header was also present. Loading remote HTTP content that allows arbitrary uploads and relies on the 'Content-Disposition: attachment' HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird has loaded. (CVE-2010-2754) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 48266
    published 2010-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48266
    title CentOS 4 : thunderbird (CESA-2010:0544)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100720_THUNDERBIRD_ON_SL4_X.NASL
    description Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753) An integer overflow flaw was found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1199) Several use-after-free flaws were found in Thunderbird. Viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in the way Thunderbird plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1198) A flaw was found in the way Thunderbird handled the 'Content-Disposition: attachment' HTTP header when the 'Content-Type: multipart' HTTP header was also present. Loading remote HTTP content that allows arbitrary uploads and relies on the 'Content-Disposition: attachment' HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird has loaded. (CVE-2010-2754) All running instances of Thunderbird must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60821
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60821
    title Scientific Linux Security Update : thunderbird on SL4.x i386/x86_64
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_3510.NASL
    description The installed version of Firefox is earlier than 3.5.10. Such versions are potentially affected by the following security issues : - A memory corruption vulnerability can lead to arbitrary code execution if garbage collection is carefully timed after DOM nodes are moved between documents. (MFSA 2010-25) - Multiple crashes can result in arbitrary code execution. (MFSA 2010-26) - An error in 'nsCycleCollector' may allow access to a previously freed resource leading to arbitrary code execution. (MFSA 2010-27) - A plugin is allowed to hold a reference to an object owned by a second plugin even after the second plugin is unloaded and the referenced object no longer exists. This could allow arbitrary code execution. (MFSA 2010-28) - An error in 'nsGenericDOMDataNode' allows a buffer overflow in certain DOM nodes leading to arbitrary code execution. (MFSA 2010-29) - An error in a XSLT node sorting function contains an integer overflow leading to application crashes and possible arbitrary code execution. (MFSA 2010-30) - A cross-site scripting vulnerability exists when content from one domain is embedded in pages from other domains and the 'focus()' function is used, leading to information disclosure. (MFSA 2010-31) - The HTTP header, 'Content-Disposition: attachment', is ignored when the HTTP header 'Content-Type: multipart' is present. This could allow cross-site scripting to occur. (MFSA 2010-32) - The pseudo-random number generator is only seeded once per browsing session and 'Math.random()' may be used to recover the seed value allowing the browser instance to be tracked across different websites. (MFSA 2010-33)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 47123
    published 2010-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47123
    title Firefox < 3.5.10 Multiple Vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_99858B7C7ECE11DFA007000F20797EDE.NASL
    description Mozilla Project reports : MFSA 2010-33 User tracking across sites using Math.random() MFSA 2010-32 Content-Disposition: attachment ignored if Content-Type: multipart also present MFSA 2010-31 focus() behavior can be used to inject or steal keystrokes MFSA 2010-30 Integer Overflow in XSLT Node Sorting MFSA 2010-29 Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal MFSA 2010-28 Freed object reuse across plugin instances MFSA 2010-27 Use-after-free error in nsCycleCollector::MarkRoots() MFSA 2010-26 Crashes with evidence of memory corruption (rv:1.9.2.4/ 1.9.1.10) MFSA 2010-25 Re-use of freed object due to scope confusion
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 47130
    published 2010-06-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47130
    title FreeBSD : mozilla -- multiple vulnerabilities (99858b7c-7ece-11df-a007-000f20797ede)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2064.NASL
    description Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0183 'wushi' discovered that incorrect pointer handling in the frame processing code could lead to the execution of arbitrary code. - CVE-2010-1196 'Nils' discovered that an integer overflow in DOM node parsing could lead to the execution of arbitrary code. - CVE-2010-1197 Ilja von Sprundel discovered that incorrect parsing of Content-Disposition headers could lead to cross-site scripting. - CVE-2010-1198 Microsoft engineers discovered that incorrect memory handling in the interaction of browser plugins could lead to the execution of arbitrary code. - CVE-2010-1199 Martin Barbella discovered that an integer overflow in XSLT node parsing could lead to the execution of arbitrary code. - CVE-2010-1200 Olli Pettay, Martijn Wargers, Justin Lebar, Jesse Ruderman, Ben Turner, Jonathan Kew and David Humphrey discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2010-1201 'boardraider' and 'stedenon' discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2010-1202 Bob Clary, Igor Bukanov, Gary Kwong and Andreas Gal discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 47153
    published 2010-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47153
    title Debian DSA-2064-1 : xulrunner - several vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100622_FIREFOX_ON_SL4_X.NASL
    description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203) A flaw was found in the way browser plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Firefox. (CVE-2010-1198) Several integer overflow flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1196, CVE-2010-1199) A focus stealing flaw was found in the way Firefox handled focus changes. A malicious website could use this flaw to steal sensitive data from a user, such as usernames and passwords. (CVE-2010-1125) A flaw was found in the way Firefox handled the 'Content-Disposition: attachment' HTTP header when the 'Content-Type: multipart' HTTP header was also present. A website that allows arbitrary uploads and relies on the 'Content-Disposition: attachment' HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A flaw was found in the Firefox Math.random() function. This function could be used to identify a browsing session and track a user across different websites. (CVE-2008-5913) A flaw was found in the Firefox XML document loading security checks. Certain security checks were not being called when an XML document was loaded. This could possibly be leveraged later by an attacker to load certain resources that violate the security policies of the browser or its add-ons. Note that this issue cannot be exploited by only loading an XML document. (CVE-2010-0182) This erratum upgrades Firefox from version 3.0.19 to version 3.6.4, and as such, contains multiple bug fixes and numerous enhancements. Space precludes documenting these changes in this advisory. Important: Firefox 3.6.4 is not completely backwards-compatible with all Mozilla Add-ons and Firefox plug-ins that worked with Firefox 3.0.19. Firefox 3.6 checks compatibility on first-launch, and, depending on the individual configuration and the installed Add-ons and plug-ins, may disable said Add-ons and plug-ins, or attempt to check for updates and upgrade them. Add-ons and plug-ins may have to be manually updated. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60807
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60807
    title Scientific Linux Security Update : firefox on SL4.x i386/x86_64
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-930-4.NASL
    description USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides the corresponding updates for Ubuntu 9.04 and 9.10, along with additional updates affecting Firefox 3.6.6. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212) An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1214) A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. (CVE-2010-1215) An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752) An integer overflow was discovered in how Firefox interpreted the XUL element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753) Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205) Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-1213, CVE-2010-1207) O. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-1210) Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no content) code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-1206) Jordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-2751) Chris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0654) Soroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754) If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1121) Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203) A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1198) An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1196) Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199) Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. (CVE-2010-1125) Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. (CVE-2010-1197) Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different websites. (CVE-2008-5913). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 47824
    published 2010-07-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47824
    title Ubuntu 9.04 / 9.10 : firefox-3.0, firefox-3.5, xulrunner-1.9.2 vulnerabilities (USN-930-4)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-125.NASL
    description Security issues were identified and fixed in firefox : An unspecified function in the JavaScript implementation in Mozilla Firefox creates and exposes a temporary footprint when there is a current login to a website, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an in-session phishing attack. (CVE-2008-5913). The JavaScript implementation in Mozilla Firefox 3.x allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method (CVE-2010-1125). Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow (CVE-2010-1196). Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both Content-Disposition: attachment and Content-Type: multipart are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document (CVE-2010-1197). Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances (CVE-2010-1198). Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node (CVE-2010-1199). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2010-1200). Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2010-1202). Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2010-1203). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 Additionally, some packages which require so, have been rebuilt and are being provided as updates.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 47132
    published 2010-06-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47132
    title Mandriva Linux Security Advisory : firefox (MDVSA-2010:125)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_MOZILLAFIREFOX-100628.NASL
    description Mozilla Firefox has been updated to version 3.5.10, fixing various bugs and security issues. - Security researcher Amit Klein reported that it was possible to reverse engineer the value used to seed Math.random(). Since the pseudo-random number generator was only seeded once per browsing session, this seed value could be used as a unique token to identify and track users across different web sites. (MFSA 2010-33/ CVE-2008-5913) - Security researcher Ilja van Sprundel of IOActive reported that the Content-Disposition: attachment HTTP header was ignored when `Content-Type: multipart` was also present. This issue could potentially lead to XSS problems in sites that allow users to upload arbitrary files and specify a content type but rely on Content-Disposition: attachment to prevent the content from being displayed inline. (MFSA 2010-32/ CVE-2010-1197) - Google security researcher Michal Zalewski reported that focus() could be used to change a user's cursor focus while they are typing, potentially directing their keyboard input to an unintended location. This behaviour was also present across origins when content from one domain was embedded within another via an iframe. A malicious web page could use this behaviour to steal keystrokes from a victim while they were typing sensitive information such as a password. (MFSA 2010-31/ CVE-2010-1125) - Security researcher Martin Barbella reported via TippingPoint's Zero Day Initiative that an XSLT node sorting routine contained an integer overflow vulnerability. In cases where one of the nodes to be sorted contained a very large text value, the integer used to allocate a memory buffer to store its value would overflow, resulting in too small a buffer being created. An attacker could use this vulnerability to write data past the end of the buffer, causing the browser to crash and potentially running arbitrary code on a victim's computer. (MFSA 2010-30/ CVE-2010-1199) - Security researcher Nils of MWR InfoSecurity reported that the routine for setting the text value for certain types of DOM nodes contained an integer overflow vulnerability. When a very long string was passed to this routine, the integer value used in creating a new memory buffer to hold the string would overflow, resulting in too small a buffer being allocated. An attacker could use this vulnerability to write data past the end of the buffer, causing a crash and potentially running arbitrary code on a victim's computer. (MFSA 2010-29/ CVE-2010-1196) - Microsoft Vulnerability Research reported that two plugin instances could interact in a way in which one plugin gets a reference to an object owned by a second plugin and continues to hold that reference after the second plugin is unloaded and its object is destroyed. In these cases, the first plugin would contain a pointer to freed memory which, if accessed, could be used by an attacker to execute arbitrary code on a victim's computer. (MFSA 2010-28/ CVE-2010-1198) - Security researcher Wushi of Team509 reported that the frame construction process for certain types of menus could result in a menu containing a pointer to a previously freed menu item. During the cycle collection process, this freed item could be accessed, resulting in the execution of a section of code potentially controlled by an attacker. (MFSA 2010-27/ CVE-2010-0183) - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-26/ CVE-2010-1200 / CVE-2010-1201 / CVE-2010-1202 / CVE-2010-1203) - A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint's Zero Day Initiative. By moving DOM nodes between documents, Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object. The exploit only affects Firefox 3.6 and not earlier versions. Updated (June 22, 2010): Firefox 3.5, SeaMonkey 2.0, and Thunderbird 3.0 based on earlier versions of the browser engine were patched just in case there is an alternate way of triggering the underlying flaw. (MFSA 2010-25/ CVE-2010-1121)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 50873
    published 2010-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50873
    title SuSE 11 / 11.1 Security Update : Mozilla Firefox (SAT Patch Numbers 2608 / 2609)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_364.NASL
    description The installed version of Firefox 3.6.x is earlier than 3.6.4. Such versions are potentially affected by the following security issues : - Multiple crashes can result in arbitrary code execution. (MFSA 2010-26) - A plugin is allowed to hold a reference to an object owned by a second plugin even after the second plugin is unloaded and the referenced object no longer exists. This could allow arbitrary code execution. (MFSA 2010-28) - An error in 'nsGenericDOMDataNode' allows a buffer overflow in certain DOM nodes leading to arbitrary code execution. (MFSA 2010-29) - An error in a XSLT node sorting function contains an integer overflow leading to application crashes and possible arbitrary code execution. (MFSA 2010-30) - A cross-site scripting vulnerability exists when content from one domain is embedded in pages from other domains and the 'focus()' function is used, leading to information disclosure. (MFSA 2010-31) - The HTTP header, 'Content-Disposition: attachment', is ignored when the HTTP header 'Content-Type: multipart' is present. This could allow cross-site scripting to occur. (MFSA 2010-32) - The pseudo-random number generator is only seeded once per browsing session and 'Math.random()' may be used to recover the seed value allowing the browser instance to be tracked across different websites. (MFSA 2010-33)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 47124
    published 2010-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47124
    title Firefox 3.6 < 3.6.4 Multiple Vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-930-1.NASL
    description If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2010-1121) Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203) A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1198) An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1196) Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199) Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. (CVE-2010-1125) Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. (CVE-2010-1197) Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different websites. (CVE-2008-5913). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 47161
    published 2010-06-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47161
    title Ubuntu 8.04 LTS / 10.04 LTS : firefox, firefox-3.0, xulrunner-1.9.2 vulnerabilities (USN-930-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_MOZILLAFIREFOX-100628.NASL
    description Mozilla Firefox was updated to version 3.5.10, fixing various bugs and security issues. MFSA 2010-33 / CVE-2008-5913: Security researcher Amit Klein reported that it was possible to reverse engineer the value used to seed Math.random(). Since the pseudo-random number generator was only seeded once per browsing session, this seed value could be used as a unique token to identify and track users across different websites. MFSA 2010-32 / CVE-2010-1197: Security researcher Ilja van Sprundel of IOActive reported that the Content-Disposition: attachment HTTP header was ignored when Content-Type: multipart was also present. This issue could potentially lead to XSS problems in sites that allow users to upload arbitrary files and specify a Content-Type but rely on Content-Disposition: attachment to prevent the content from being displayed inline. MFSA 2010-31 / CVE-2010-1125: Google security researcher Michal Zalewski reported that focus() could be used to change a user's cursor focus while they are typing, potentially directing their keyboard input to an unintended location. This behaviour was also present across origins when content from one domain was embedded within another via an iframe. A malicious web page could use this behaviour to steal keystrokes from a victim while they were typing sensitive information such as a password. MFSA 2010-30 / CVE-2010-1199: Security researcher Martin Barbella reported via TippingPoint's Zero Day Initiative that an XSLT node sorting routine contained an integer overflow vulnerability. In cases where one of the nodes to be sorted contained a very large text value, the integer used to allocate a memory buffer to store its value would overflow, resulting in too small a buffer being created. An attacker could use this vulnerability to write data past the end of the buffer, causing the browser to crash and potentially running arbitrary code on a victim's computer. MFSA 2010-29 / CVE-2010-1196: Security researcher Nils of MWR InfoSecurity reported that the routine for setting the text value for certain types of DOM nodes contained an integer overflow vulnerability. When a very long string was passed to this routine, the integer value used in creating a new memory buffer to hold the string would overflow, resulting in too small a buffer being allocated. An attacker could use this vulnerability to write data past the end of the buffer, causing a crash and potentially running arbitrary code on a victim's computer. MFSA 2010-28 / CVE-2010-1198: Microsoft Vulnerability Research reported that two plugin instances could interact in a way in which one plugin gets a reference to an object owned by a second plugin and continues to hold that reference after the second plugin is unloaded and its object is destroyed. In these cases, the first plugin would contain a pointer to freed memory which, if accessed, could be used by an attacker to execute arbitrary code on a victim's computer. MFSA 2010-27 / CVE-2010-0183: Security researcher wushi of team509 reported that the frame construction process for certain types of menus could result in a menu containing a pointer to a previously freed menu item. During the cycle collection process, this freed item could be accessed, resulting in the execution of a section of code potentially controlled by an attacker. MFSA 2010-26 / CVE-2010-1200 / CVE-2010-1201 / CVE-2010-1202 / CVE-2010-1203: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-25 / CVE-2010-1121: A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint's Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object. The contest winning exploit only affects Firefox 3.6 and not earlier versions. Updated (June 22, 2010): Firefox 3.5, SeaMonkey 2.0, and Thunderbird 3.0 based on earlier versions of the browser engine were patched just in case there is an alternate way of triggering the underlying flaw.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 47691
    published 2010-07-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47691
    title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0358-2)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_MOZILLAFIREFOX-100625.NASL
    description Mozilla Firefox was updated to version 3.5.10, fixing various bugs and security issues. MFSA 2010-33 / CVE-2008-5913: Security researcher Amit Klein reported that it was possible to reverse engineer the value used to seed Math.random(). Since the pseudo-random number generator was only seeded once per browsing session, this seed value could be used as a unique token to identify and track users across different websites. MFSA 2010-32 / CVE-2010-1197: Security researcher Ilja van Sprundel of IOActive reported that the Content-Disposition: attachment HTTP header was ignored when Content-Type: multipart was also present. This issue could potentially lead to XSS problems in sites that allow users to upload arbitrary files and specify a Content-Type but rely on Content-Disposition: attachment to prevent the content from being displayed inline. MFSA 2010-31 / CVE-2010-1125: Google security researcher Michal Zalewski reported that focus() could be used to change a user's cursor focus while they are typing, potentially directing their keyboard input to an unintended location. This behaviour was also present across origins when content from one domain was embedded within another via an iframe. A malicious web page could use this behaviour to steal keystrokes from a victim while they were typing sensitive information such as a password. MFSA 2010-30 / CVE-2010-1199: Security researcher Martin Barbella reported via TippingPoint's Zero Day Initiative that an XSLT node sorting routine contained an integer overflow vulnerability. In cases where one of the nodes to be sorted contained a very large text value, the integer used to allocate a memory buffer to store its value would overflow, resulting in too small a buffer being created. An attacker could use this vulnerability to write data past the end of the buffer, causing the browser to crash and potentially running arbitrary code on a victim's computer. MFSA 2010-29 / CVE-2010-1196: Security researcher Nils of MWR InfoSecurity reported that the routine for setting the text value for certain types of DOM nodes contained an integer overflow vulnerability. When a very long string was passed to this routine, the integer value used in creating a new memory buffer to hold the string would overflow, resulting in too small a buffer being allocated. An attacker could use this vulnerability to write data past the end of the buffer, causing a crash and potentially running arbitrary code on a victim's computer. MFSA 2010-28 / CVE-2010-1198: Microsoft Vulnerability Research reported that two plugin instances could interact in a way in which one plugin gets a reference to an object owned by a second plugin and continues to hold that reference after the second plugin is unloaded and its object is destroyed. In these cases, the first plugin would contain a pointer to freed memory which, if accessed, could be used by an attacker to execute arbitrary code on a victim's computer. MFSA 2010-27 / CVE-2010-0183: Security researcher wushi of team509 reported that the frame construction process for certain types of menus could result in a menu containing a pointer to a previously freed menu item. During the cycle collection process, this freed item could be accessed, resulting in the execution of a section of code potentially controlled by an attacker. MFSA 2010-26 / CVE-2010-1200 / CVE-2010-1201 / CVE-2010-1202 / CVE-2010-1203: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-25 / CVE-2010-1121: A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint's Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object. The contest winning exploit only affects Firefox 3.6 and not earlier versions. Updated (June 22, 2010): Firefox 3.5, SeaMonkey 2.0, and Thunderbird 3.0 based on earlier versions of the browser engine were patched just in case there is an alternate way of triggering the underlying flaw.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 47693
    published 2010-07-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47693
    title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0358-2)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-10361.NASL
    description Update to new upstream Firefox version 3.6.4, fixing a security issue detailed in the upstream advisory: http://www.mozilla.org/security/known- vulnerabilities/firefox36.html#firefox3.6.4 Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. CVE-2010-1200 CVE-2010-1202 CVE-2010-1203 CVE-2010-1198 CVE-2010-1196 CVE-2010-1199 CVE-2010-1125 CVE-2010-1197 CVE-2008-5913 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 47225
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47225
    title Fedora 13 : firefox-3.6.4-1.fc13 / galeon-2.0.7-29.fc13 / gnome-python2-extras-2.25.3-19.fc13 / etc (2010-10361)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-10344.NASL
    description Update to new upstream Firefox version 3.5.10, fixing a security issue detailed in the upstream advisory: http://www.mozilla.org/security/known- vulnerabilities/firefox36.html#firefox3.5.10 Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. CVE-2010-1121 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-0183 CVE-2010-1198 CVE-2010-1196 CVE-2010-1199 CVE-2010-1125 CVE-2010-1197 CVE-2008-5913 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 47223
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47223
    title Fedora 12 : firefox-3.5.10-1.fc12 / galeon-2.0.7-23.fc12 / gnome-python2-extras-2.25.3-18.fc12 / etc (2010-10344)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_MOZILLAFIREFOX-100625.NASL
    description Mozilla Firefox was updated to version 3.5.10, fixing various bugs and security issues. MFSA 2010-33 / CVE-2008-5913: Security researcher Amit Klein reported that it was possible to reverse engineer the value used to seed Math.random(). Since the pseudo-random number generator was only seeded once per browsing session, this seed value could be used as a unique token to identify and track users across different websites. MFSA 2010-32 / CVE-2010-1197: Security researcher Ilja van Sprundel of IOActive reported that the Content-Disposition: attachment HTTP header was ignored when Content-Type: multipart was also present. This issue could potentially lead to XSS problems in sites that allow users to upload arbitrary files and specify a Content-Type but rely on Content-Disposition: attachment to prevent the content from being displayed inline. MFSA 2010-31 / CVE-2010-1125: Google security researcher Michal Zalewski reported that focus() could be used to change a user's cursor focus while they are typing, potentially directing their keyboard input to an unintended location. This behaviour was also present across origins when content from one domain was embedded within another via an iframe. A malicious web page could use this behaviour to steal keystrokes from a victim while they were typing sensitive information such as a password. MFSA 2010-30 / CVE-2010-1199: Security researcher Martin Barbella reported via TippingPoint's Zero Day Initiative that an XSLT node sorting routine contained an integer overflow vulnerability. In cases where one of the nodes to be sorted contained a very large text value, the integer used to allocate a memory buffer to store its value would overflow, resulting in too small a buffer being created. An attacker could use this vulnerability to write data past the end of the buffer, causing the browser to crash and potentially running arbitrary code on a victim's computer. MFSA 2010-29 / CVE-2010-1196: Security researcher Nils of MWR InfoSecurity reported that the routine for setting the text value for certain types of DOM nodes contained an integer overflow vulnerability. When a very long string was passed to this routine, the integer value used in creating a new memory buffer to hold the string would overflow, resulting in too small a buffer being allocated. An attacker could use this vulnerability to write data past the end of the buffer, causing a crash and potentially running arbitrary code on a victim's computer. MFSA 2010-28 / CVE-2010-1198: Microsoft Vulnerability Research reported that two plugin instances could interact in a way in which one plugin gets a reference to an object owned by a second plugin and continues to hold that reference after the second plugin is unloaded and its object is destroyed. In these cases, the first plugin would contain a pointer to freed memory which, if accessed, could be used by an attacker to execute arbitrary code on a victim's computer. MFSA 2010-27 / CVE-2010-0183: Security researcher wushi of team509 reported that the frame construction process for certain types of menus could result in a menu containing a pointer to a previously freed menu item. During the cycle collection process, this freed item could be accessed, resulting in the execution of a section of code potentially controlled by an attacker. MFSA 2010-26 / CVE-2010-1200 / CVE-2010-1201 / CVE-2010-1202 / CVE-2010-1203: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-25 / CVE-2010-1121: A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint's Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object. The contest winning exploit only affects Firefox 3.6 and not earlier versions. Updated (June 22, 2010): Firefox 3.5, SeaMonkey 2.0, and Thunderbird 3.0 based on earlier versions of the browser engine were patched just in case there is an alternate way of triggering the underlying flaw.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 47689
    published 2010-07-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47689
    title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0358-2)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-930-6.NASL
    description USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. (CVE-2010-2755) This update fixes the problem. If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2010-1121) Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203) A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1198) An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1196) Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199) Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. (CVE-2010-1125) Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. (CVE-2010-1197) Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different websites. (CVE-2008-5913). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 47855
    published 2010-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47855
    title Ubuntu 9.04 / 9.10 : firefox, firefox-3.0, xulrunner-1.9.2 vulnerability (USN-930-6)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-930-2.NASL
    description USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2 on Ubuntu 8.04 LTS. If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2010-1121) Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203) A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1198) An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1196) Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199) Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. (CVE-2010-1125) Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. (CVE-2010-1197) Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different websites. (CVE-2008-5913). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 47162
    published 2010-06-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47162
    title Ubuntu 8.04 LTS : apturl, epiphany-browser, gecko-sharp, gnome-python-extras, liferea, rhythmbox, totem, ubufox, yelp update (USN-930-2)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-10329.NASL
    description Update to new upstream SeaMonkey version 2.0.5, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/seamonkey20.html#seamonkey2.0.5 CVE-2010-1121 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-0183 CVE-2010-1198 CVE-2010-1196 CVE-2010-1199 CVE-2010-1125 CVE-2010-1197 CVE-2008-5913 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 47222
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47222
    title Fedora 12 : seamonkey-2.0.5-1.fc12 (2010-10329)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-10363.NASL
    description Update to new upstream SeaMonkey version 2.0.5, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/seamonkey20.html#seamonkey2.0.5 CVE-2010-1121 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-0183 CVE-2010-1198 CVE-2010-1196 CVE-2010-1199 CVE-2010-1125 CVE-2010-1197 CVE-2008-5913 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 47226
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47226
    title Fedora 13 : seamonkey-2.0.5-1.fc13 (2010-10363)
oval via4
  • accepted 2013-04-29T04:09:01.775-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
    family unix
    id oval:org.mitre.oval:def:10816
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
    version 25
  • accepted 2014-10-06T04:01:26.826-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization DTCC
    • name Sergey Artykhov
      organization ALTX-SOFT
    • name Sergey Artykhov
      organization ALTX-SOFT
    • name Maria Kedovskaya
      organization ALTX-SOFT
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Kedovskaya
      organization ALTX-SOFT
    • name Richard Helbing
      organization baramundi software
    • name Evgeniy Pavlov
      organization ALTX-SOFT
    • name Evgeniy Pavlov
      organization ALTX-SOFT
    • name Evgeniy Pavlov
      organization ALTX-SOFT
    • name Evgeniy Pavlov
      organization ALTX-SOFT
    • name Evgeniy Pavlov
      organization ALTX-SOFT
    definition_extensions
    • comment Mozilla Seamonkey is installed
      oval oval:org.mitre.oval:def:6372
    • comment Mozilla Thunderbird Mainline release is installed
      oval oval:org.mitre.oval:def:22093
    • comment Mozilla Seamonkey is installed
      oval oval:org.mitre.oval:def:6372
    • comment Mozilla Firefox Mainline release is installed
      oval oval:org.mitre.oval:def:22259
    • comment Mozilla Thunderbird Mainline release is installed
      oval oval:org.mitre.oval:def:22093
    • comment Mozilla Thunderbird Mainline release is installed
      oval oval:org.mitre.oval:def:22093
    • comment Mozilla Thunderbird Mainline release is installed
      oval oval:org.mitre.oval:def:22093
    description Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
    family windows
    id oval:org.mitre.oval:def:14326
    status accepted
    submitted 2011-11-25T18:06:05.000-05:00
    title Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
    version 34
redhat via4
advisories
  • bugzilla
    id 590850
    title CVE-2010-1197 Mozilla Content-Disposition: attachment ignored if Content-Type: multipart also present
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 3 is installed
        oval oval:com.redhat.rhba:tst:20070026001
      • OR
        • AND
          • comment seamonkey is earlier than 0:1.0.9-0.55.el3
            oval oval:com.redhat.rhsa:tst:20100499002
          • comment seamonkey is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734003
        • AND
          • comment seamonkey-chat is earlier than 0:1.0.9-0.55.el3
            oval oval:com.redhat.rhsa:tst:20100499014
          • comment seamonkey-chat is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734021
        • AND
          • comment seamonkey-devel is earlier than 0:1.0.9-0.55.el3
            oval oval:com.redhat.rhsa:tst:20100499020
          • comment seamonkey-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734005
        • AND
          • comment seamonkey-dom-inspector is earlier than 0:1.0.9-0.55.el3
            oval oval:com.redhat.rhsa:tst:20100499016
          • comment seamonkey-dom-inspector is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734011
        • AND
          • comment seamonkey-js-debugger is earlier than 0:1.0.9-0.55.el3
            oval oval:com.redhat.rhsa:tst:20100499010
          • comment seamonkey-js-debugger is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734013
        • AND
          • comment seamonkey-mail is earlier than 0:1.0.9-0.55.el3
            oval oval:com.redhat.rhsa:tst:20100499006
          • comment seamonkey-mail is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734019
        • AND
          • comment seamonkey-nspr is earlier than 0:1.0.9-0.55.el3
            oval oval:com.redhat.rhsa:tst:20100499008
          • comment seamonkey-nspr is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734007
        • AND
          • comment seamonkey-nspr-devel is earlier than 0:1.0.9-0.55.el3
            oval oval:com.redhat.rhsa:tst:20100499004
          • comment seamonkey-nspr-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734009
        • AND
          • comment seamonkey-nss is earlier than 0:1.0.9-0.55.el3
            oval oval:com.redhat.rhsa:tst:20100499012
          • comment seamonkey-nss is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734015
        • AND
          • comment seamonkey-nss-devel is earlier than 0:1.0.9-0.55.el3
            oval oval:com.redhat.rhsa:tst:20100499018
          • comment seamonkey-nss-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734017
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304001
      • OR
        • AND
          • comment seamonkey is earlier than 0:1.0.9-58.el4_8
            oval oval:com.redhat.rhsa:tst:20100499023
          • comment seamonkey is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734003
        • AND
          • comment seamonkey-chat is earlier than 0:1.0.9-58.el4_8
            oval oval:com.redhat.rhsa:tst:20100499024
          • comment seamonkey-chat is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734021
        • AND
          • comment seamonkey-devel is earlier than 0:1.0.9-58.el4_8
            oval oval:com.redhat.rhsa:tst:20100499027
          • comment seamonkey-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734005
        • AND
          • comment seamonkey-dom-inspector is earlier than 0:1.0.9-58.el4_8
            oval oval:com.redhat.rhsa:tst:20100499028
          • comment seamonkey-dom-inspector is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734011
        • AND
          • comment seamonkey-js-debugger is earlier than 0:1.0.9-58.el4_8
            oval oval:com.redhat.rhsa:tst:20100499025
          • comment seamonkey-js-debugger is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734013
        • AND
          • comment seamonkey-mail is earlier than 0:1.0.9-58.el4_8
            oval oval:com.redhat.rhsa:tst:20100499026
          • comment seamonkey-mail is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734019
    rhsa
    id RHSA-2010:0499
    released 2010-06-22
    severity Critical
    title RHSA-2010:0499: seamonkey security update (Critical)
  • rhsa
    id RHSA-2010:0500
  • rhsa
    id RHSA-2010:0501
rpms
  • seamonkey-0:1.0.9-0.55.el3
  • seamonkey-chat-0:1.0.9-0.55.el3
  • seamonkey-devel-0:1.0.9-0.55.el3
  • seamonkey-dom-inspector-0:1.0.9-0.55.el3
  • seamonkey-js-debugger-0:1.0.9-0.55.el3
  • seamonkey-mail-0:1.0.9-0.55.el3
  • seamonkey-nspr-0:1.0.9-0.55.el3
  • seamonkey-nspr-devel-0:1.0.9-0.55.el3
  • seamonkey-nss-0:1.0.9-0.55.el3
  • seamonkey-nss-devel-0:1.0.9-0.55.el3
  • seamonkey-0:1.0.9-58.el4_8
  • seamonkey-chat-0:1.0.9-58.el4_8
  • seamonkey-devel-0:1.0.9-58.el4_8
  • seamonkey-dom-inspector-0:1.0.9-58.el4_8
  • seamonkey-js-debugger-0:1.0.9-58.el4_8
  • seamonkey-mail-0:1.0.9-58.el4_8
  • firefox-0:3.6.4-8.el4
  • devhelp-0:0.12-21.el5
  • devhelp-devel-0:0.12-21.el5
  • gnome-python2-extras-0:2.14.2-7.el5
  • gnome-python2-gtkhtml2-0:2.14.2-7.el5
  • gnome-python2-gtkmozembed-0:2.14.2-7.el5
  • gnome-python2-gtkspell-0:2.14.2-7.el5
  • gnome-python2-libegg-0:2.14.2-7.el5
  • esc-0:1.1.0-12.el5
  • totem-0:2.16.7-7.el5
  • totem-devel-0:2.16.7-7.el5
  • totem-mozplugin-0:2.16.7-7.el5
  • yelp-0:2.16.0-26.el5
  • firefox-0:3.6.4-8.el5
  • xulrunner-0:1.9.2.4-10.el5
  • xulrunner-devel-0:1.9.2.4-10.el5
  • thunderbird-0:1.5.0.12-28.el4
  • thunderbird-0:2.0.0.24-6.el5
refmap via4
bid
  • 41050
  • 41090
confirm
fedora
  • FEDORA-2010-10344
  • FEDORA-2010-10361
mandriva MDVSA-2010:125
sectrack
  • 1024138
  • 1024139
secunia
  • 40323
  • 40326
  • 40401
  • 40481
suse SUSE-SA:2010:030
ubuntu
  • USN-930-1
  • USN-930-2
vupen
  • ADV-2010-1551
  • ADV-2010-1556
  • ADV-2010-1557
  • ADV-2010-1592
  • ADV-2010-1640
  • ADV-2010-1773
xf firefox-seamonkey-browser-code-exec(59659)
Last major update 14-07-2013 - 02:05
Published 24-06-2010 - 08:30
Last modified 18-09-2017 - 21:30
Back to Top