ID CVE-2010-1205
Summary Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
References
Vulnerable Configurations
  • libpng 0.89c
    cpe:2.3:a:libpng:libpng:0.89c
  • libpng 0.95
    cpe:2.3:a:libpng:libpng:0.95
  • libpng 1.0.0
    cpe:2.3:a:libpng:libpng:1.0.0
  • libpng 1.0.1
    cpe:2.3:a:libpng:libpng:1.0.1
  • libpng 1.0.10
    cpe:2.3:a:libpng:libpng:1.0.10
  • cpe:2.3:a:libpng:libpng:1.0.10:beta1
    cpe:2.3:a:libpng:libpng:1.0.10:beta1
  • cpe:2.3:a:libpng:libpng:1.0.10:rc1
    cpe:2.3:a:libpng:libpng:1.0.10:rc1
  • libpng 1.0.11
    cpe:2.3:a:libpng:libpng:1.0.11
  • cpe:2.3:a:libpng:libpng:1.0.11:beta1
    cpe:2.3:a:libpng:libpng:1.0.11:beta1
  • cpe:2.3:a:libpng:libpng:1.0.11:beta2
    cpe:2.3:a:libpng:libpng:1.0.11:beta2
  • cpe:2.3:a:libpng:libpng:1.0.11:beta3
    cpe:2.3:a:libpng:libpng:1.0.11:beta3
  • cpe:2.3:a:libpng:libpng:1.0.11:rc1
    cpe:2.3:a:libpng:libpng:1.0.11:rc1
  • libpng 1.0.12
    cpe:2.3:a:libpng:libpng:1.0.12
  • cpe:2.3:a:libpng:libpng:1.0.12:beta1
    cpe:2.3:a:libpng:libpng:1.0.12:beta1
  • cpe:2.3:a:libpng:libpng:1.0.12:rc1
    cpe:2.3:a:libpng:libpng:1.0.12:rc1
  • libpng 1.0.13
    cpe:2.3:a:libpng:libpng:1.0.13
  • libpng 1.0.14
    cpe:2.3:a:libpng:libpng:1.0.14
  • libpng 1.0.15
    cpe:2.3:a:libpng:libpng:1.0.15
  • cpe:2.3:a:libpng:libpng:1.0.15:rc1
    cpe:2.3:a:libpng:libpng:1.0.15:rc1
  • cpe:2.3:a:libpng:libpng:1.0.15:rc2
    cpe:2.3:a:libpng:libpng:1.0.15:rc2
  • cpe:2.3:a:libpng:libpng:1.0.15:rc3
    cpe:2.3:a:libpng:libpng:1.0.15:rc3
  • libpng 1.0.16
    cpe:2.3:a:libpng:libpng:1.0.16
  • libpng 1.0.17
    cpe:2.3:a:libpng:libpng:1.0.17
  • cpe:2.3:a:libpng:libpng:1.0.17:rc1
    cpe:2.3:a:libpng:libpng:1.0.17:rc1
  • libpng 1.0.18
    cpe:2.3:a:libpng:libpng:1.0.18
  • libpng 1.0.19
    cpe:2.3:a:libpng:libpng:1.0.19
  • cpe:2.3:a:libpng:libpng:1.0.19:rc1
    cpe:2.3:a:libpng:libpng:1.0.19:rc1
  • cpe:2.3:a:libpng:libpng:1.0.19:rc2
    cpe:2.3:a:libpng:libpng:1.0.19:rc2
  • cpe:2.3:a:libpng:libpng:1.0.19:rc3
    cpe:2.3:a:libpng:libpng:1.0.19:rc3
  • cpe:2.3:a:libpng:libpng:1.0.19:rc5
    cpe:2.3:a:libpng:libpng:1.0.19:rc5
  • libpng 1.0.2
    cpe:2.3:a:libpng:libpng:1.0.2
  • libpng 1.0.20
    cpe:2.3:a:libpng:libpng:1.0.20
  • libpng 1.0.21
    cpe:2.3:a:libpng:libpng:1.0.21
  • cpe:2.3:a:libpng:libpng:1.0.21:rc1
    cpe:2.3:a:libpng:libpng:1.0.21:rc1
  • cpe:2.3:a:libpng:libpng:1.0.21:rc2
    cpe:2.3:a:libpng:libpng:1.0.21:rc2
  • libpng 1.0.22
    cpe:2.3:a:libpng:libpng:1.0.22
  • cpe:2.3:a:libpng:libpng:1.0.22:rc1
    cpe:2.3:a:libpng:libpng:1.0.22:rc1
  • libpng 1.0.23
    cpe:2.3:a:libpng:libpng:1.0.23
  • cpe:2.3:a:libpng:libpng:1.0.23:rc1
    cpe:2.3:a:libpng:libpng:1.0.23:rc1
  • cpe:2.3:a:libpng:libpng:1.0.23:rc2
    cpe:2.3:a:libpng:libpng:1.0.23:rc2
  • cpe:2.3:a:libpng:libpng:1.0.23:rc3
    cpe:2.3:a:libpng:libpng:1.0.23:rc3
  • cpe:2.3:a:libpng:libpng:1.0.23:rc4
    cpe:2.3:a:libpng:libpng:1.0.23:rc4
  • cpe:2.3:a:libpng:libpng:1.0.23:rc5
    cpe:2.3:a:libpng:libpng:1.0.23:rc5
  • libpng 1.0.24
    cpe:2.3:a:libpng:libpng:1.0.24
  • cpe:2.3:a:libpng:libpng:1.0.24:rc1
    cpe:2.3:a:libpng:libpng:1.0.24:rc1
  • libpng 1.0.25
    cpe:2.3:a:libpng:libpng:1.0.25
  • cpe:2.3:a:libpng:libpng:1.0.25:rc1
    cpe:2.3:a:libpng:libpng:1.0.25:rc1
  • cpe:2.3:a:libpng:libpng:1.0.25:rc2
    cpe:2.3:a:libpng:libpng:1.0.25:rc2
  • libpng 1.0.26
    cpe:2.3:a:libpng:libpng:1.0.26
  • libpng 1.0.27
    cpe:2.3:a:libpng:libpng:1.0.27
  • cpe:2.3:a:libpng:libpng:1.0.27:rc1
    cpe:2.3:a:libpng:libpng:1.0.27:rc1
  • cpe:2.3:a:libpng:libpng:1.0.27:rc2
    cpe:2.3:a:libpng:libpng:1.0.27:rc2
  • cpe:2.3:a:libpng:libpng:1.0.27:rc3
    cpe:2.3:a:libpng:libpng:1.0.27:rc3
  • cpe:2.3:a:libpng:libpng:1.0.27:rc4
    cpe:2.3:a:libpng:libpng:1.0.27:rc4
  • cpe:2.3:a:libpng:libpng:1.0.27:rc5
    cpe:2.3:a:libpng:libpng:1.0.27:rc5
  • cpe:2.3:a:libpng:libpng:1.0.27:rc6
    cpe:2.3:a:libpng:libpng:1.0.27:rc6
  • libpng 1.0.28
    cpe:2.3:a:libpng:libpng:1.0.28
  • cpe:2.3:a:libpng:libpng:1.0.28:rc2
    cpe:2.3:a:libpng:libpng:1.0.28:rc2
  • cpe:2.3:a:libpng:libpng:1.0.28:rc3
    cpe:2.3:a:libpng:libpng:1.0.28:rc3
  • cpe:2.3:a:libpng:libpng:1.0.28:rc4
    cpe:2.3:a:libpng:libpng:1.0.28:rc4
  • cpe:2.3:a:libpng:libpng:1.0.28:rc5
    cpe:2.3:a:libpng:libpng:1.0.28:rc5
  • cpe:2.3:a:libpng:libpng:1.0.28:rc6
    cpe:2.3:a:libpng:libpng:1.0.28:rc6
  • libpng 1.0.29
    cpe:2.3:a:libpng:libpng:1.0.29
  • cpe:2.3:a:libpng:libpng:1.0.29:beta1
    cpe:2.3:a:libpng:libpng:1.0.29:beta1
  • cpe:2.3:a:libpng:libpng:1.0.29:rc1
    cpe:2.3:a:libpng:libpng:1.0.29:rc1
  • cpe:2.3:a:libpng:libpng:1.0.29:rc2
    cpe:2.3:a:libpng:libpng:1.0.29:rc2
  • cpe:2.3:a:libpng:libpng:1.0.29:rc3
    cpe:2.3:a:libpng:libpng:1.0.29:rc3
  • libpng 1.0.3
    cpe:2.3:a:libpng:libpng:1.0.3
  • libpng 1.0.30
    cpe:2.3:a:libpng:libpng:1.0.30
  • cpe:2.3:a:libpng:libpng:1.0.30:rc1
    cpe:2.3:a:libpng:libpng:1.0.30:rc1
  • libpng 1.0.31
    cpe:2.3:a:libpng:libpng:1.0.31
  • cpe:2.3:a:libpng:libpng:1.0.31:rc01
    cpe:2.3:a:libpng:libpng:1.0.31:rc01
  • libpng 1.0.32
    cpe:2.3:a:libpng:libpng:1.0.32
  • libpng 1.0.33
    cpe:2.3:a:libpng:libpng:1.0.33
  • libpng 1.0.34
    cpe:2.3:a:libpng:libpng:1.0.34
  • libpng 1.0.35
    cpe:2.3:a:libpng:libpng:1.0.35
  • libpng 1.0.37
    cpe:2.3:a:libpng:libpng:1.0.37
  • libpng 1.0.38
    cpe:2.3:a:libpng:libpng:1.0.38
  • libpng 1.0.39
    cpe:2.3:a:libpng:libpng:1.0.39
  • libpng 1.0.40
    cpe:2.3:a:libpng:libpng:1.0.40
  • libpng 1.0.41
    cpe:2.3:a:libpng:libpng:1.0.41
  • libpng 1.0.42
    cpe:2.3:a:libpng:libpng:1.0.42
  • libpng 1.0.44
    cpe:2.3:a:libpng:libpng:1.0.44
  • libpng 1.0.45
    cpe:2.3:a:libpng:libpng:1.0.45
  • libpng 1.0.46
    cpe:2.3:a:libpng:libpng:1.0.46
  • libpng 1.0.47
    cpe:2.3:a:libpng:libpng:1.0.47
  • libpng 1.0.48
    cpe:2.3:a:libpng:libpng:1.0.48
  • libpng 1.0.5
    cpe:2.3:a:libpng:libpng:1.0.5
  • libpng 1.0.50
    cpe:2.3:a:libpng:libpng:1.0.50
  • libpng 1.0.51
    cpe:2.3:a:libpng:libpng:1.0.51
  • libpng 1.0.52
    cpe:2.3:a:libpng:libpng:1.0.52
  • libpng 1.0.53
    cpe:2.3:a:libpng:libpng:1.0.53
  • libpng 1.0.6
    cpe:2.3:a:libpng:libpng:1.0.6
  • cpe:2.3:a:libpng:libpng:1.0.6:a
    cpe:2.3:a:libpng:libpng:1.0.6:a
  • cpe:2.3:a:libpng:libpng:1.0.6:d
    cpe:2.3:a:libpng:libpng:1.0.6:d
  • cpe:2.3:a:libpng:libpng:1.0.6:e
    cpe:2.3:a:libpng:libpng:1.0.6:e
  • cpe:2.3:a:libpng:libpng:1.0.6:f
    cpe:2.3:a:libpng:libpng:1.0.6:f
  • cpe:2.3:a:libpng:libpng:1.0.6:g
    cpe:2.3:a:libpng:libpng:1.0.6:g
  • libpng 1.2.19
    cpe:2.3:a:libpng:libpng:1.2.19
  • cpe:2.3:a:libpng:libpng:1.2.1:beta4
    cpe:2.3:a:libpng:libpng:1.2.1:beta4
  • libpng 1.2.18
    cpe:2.3:a:libpng:libpng:1.2.18
  • cpe:2.3:a:libpng:libpng:1.2.1:beta3
    cpe:2.3:a:libpng:libpng:1.2.1:beta3
  • cpe:2.3:a:libpng:libpng:1.2.1:beta2
    cpe:2.3:a:libpng:libpng:1.2.1:beta2
  • cpe:2.3:a:libpng:libpng:1.2.1:beta1
    cpe:2.3:a:libpng:libpng:1.2.1:beta1
  • libpng 1.2.15
    cpe:2.3:a:libpng:libpng:1.2.15
  • cpe:2.3:a:libpng:libpng:1.2.1:rc2
    cpe:2.3:a:libpng:libpng:1.2.1:rc2
  • libpng 1.2.14
    cpe:2.3:a:libpng:libpng:1.2.14
  • cpe:2.3:a:libpng:libpng:1.2.1:rc1
    cpe:2.3:a:libpng:libpng:1.2.1:rc1
  • libpng 1.2.17
    cpe:2.3:a:libpng:libpng:1.2.17
  • libpng 1.2.16
    cpe:2.3:a:libpng:libpng:1.2.16
  • libpng 1.2.1
    cpe:2.3:a:libpng:libpng:1.2.1
  • libpng 1.2.0
    cpe:2.3:a:libpng:libpng:1.2.0
  • libpng 1.2.10
    cpe:2.3:a:libpng:libpng:1.2.10
  • libpng 1.2.11
    cpe:2.3:a:libpng:libpng:1.2.11
  • libpng 1.2.13
    cpe:2.3:a:libpng:libpng:1.2.13
  • cpe:2.3:a:libpng:libpng:1.2.0:beta1
    cpe:2.3:a:libpng:libpng:1.2.0:beta1
  • cpe:2.3:a:libpng:libpng:1.2.0:beta5
    cpe:2.3:a:libpng:libpng:1.2.0:beta5
  • cpe:2.3:a:libpng:libpng:1.2.0:beta4
    cpe:2.3:a:libpng:libpng:1.2.0:beta4
  • cpe:2.3:a:libpng:libpng:1.2.0:beta3
    cpe:2.3:a:libpng:libpng:1.2.0:beta3
  • cpe:2.3:a:libpng:libpng:1.2.0:beta2
    cpe:2.3:a:libpng:libpng:1.2.0:beta2
  • cpe:2.3:a:libpng:libpng:1.2.10:beta3
    cpe:2.3:a:libpng:libpng:1.2.10:beta3
  • cpe:2.3:a:libpng:libpng:1.2.10:beta2
    cpe:2.3:a:libpng:libpng:1.2.10:beta2
  • cpe:2.3:a:libpng:libpng:1.2.10:beta1
    cpe:2.3:a:libpng:libpng:1.2.10:beta1
  • cpe:2.3:a:libpng:libpng:1.2.0:rc1
    cpe:2.3:a:libpng:libpng:1.2.0:rc1
  • cpe:2.3:a:libpng:libpng:1.0.8:beta4
    cpe:2.3:a:libpng:libpng:1.0.8:beta4
  • cpe:2.3:a:libpng:libpng:1.0.9:rc1
    cpe:2.3:a:libpng:libpng:1.0.9:rc1
  • cpe:2.3:a:libpng:libpng:1.2.16:beta1
    cpe:2.3:a:libpng:libpng:1.2.16:beta1
  • cpe:2.3:a:libpng:libpng:1.0.8:beta2
    cpe:2.3:a:libpng:libpng:1.0.8:beta2
  • cpe:2.3:a:libpng:libpng:1.2.16:rc1
    cpe:2.3:a:libpng:libpng:1.2.16:rc1
  • cpe:2.3:a:libpng:libpng:1.0.8:beta3
    cpe:2.3:a:libpng:libpng:1.0.8:beta3
  • cpe:2.3:a:libpng:libpng:1.2.16:beta2
    cpe:2.3:a:libpng:libpng:1.2.16:beta2
  • cpe:2.3:a:libpng:libpng:1.0.9:beta2
    cpe:2.3:a:libpng:libpng:1.0.9:beta2
  • cpe:2.3:a:libpng:libpng:1.2.17:beta1
    cpe:2.3:a:libpng:libpng:1.2.17:beta1
  • cpe:2.3:a:libpng:libpng:1.0.9:beta3
    cpe:2.3:a:libpng:libpng:1.0.9:beta3
  • cpe:2.3:a:libpng:libpng:1.2.17:beta2
    cpe:2.3:a:libpng:libpng:1.2.17:beta2
  • cpe:2.3:a:libpng:libpng:1.0.9:rc2
    cpe:2.3:a:libpng:libpng:1.0.9:rc2
  • cpe:2.3:a:libpng:libpng:1.2.17:rc1
    cpe:2.3:a:libpng:libpng:1.2.17:rc1
  • cpe:2.3:a:libpng:libpng:1.0.9:beta1
    cpe:2.3:a:libpng:libpng:1.0.9:beta1
  • cpe:2.3:a:libpng:libpng:1.2.17:rc2
    cpe:2.3:a:libpng:libpng:1.2.17:rc2
  • cpe:2.3:a:libpng:libpng:1.0.9:beta6
    cpe:2.3:a:libpng:libpng:1.0.9:beta6
  • cpe:2.3:a:libpng:libpng:1.2.17:rc3
    cpe:2.3:a:libpng:libpng:1.2.17:rc3
  • cpe:2.3:a:libpng:libpng:1.0.9:beta7
    cpe:2.3:a:libpng:libpng:1.0.9:beta7
  • cpe:2.3:a:libpng:libpng:1.2.17:rc4
    cpe:2.3:a:libpng:libpng:1.2.17:rc4
  • cpe:2.3:a:libpng:libpng:1.0.9:beta4
    cpe:2.3:a:libpng:libpng:1.0.9:beta4
  • cpe:2.3:a:libpng:libpng:1.0.9:beta5
    cpe:2.3:a:libpng:libpng:1.0.9:beta5
  • cpe:2.3:a:libpng:libpng:1.0.9:beta10
    cpe:2.3:a:libpng:libpng:1.0.9:beta10
  • cpe:2.3:a:libpng:libpng:1.0.9:beta8
    cpe:2.3:a:libpng:libpng:1.0.9:beta8
  • cpe:2.3:a:libpng:libpng:1.0.9:beta9
    cpe:2.3:a:libpng:libpng:1.0.9:beta9
  • cpe:2.3:a:libpng:libpng:1.0.6:h
    cpe:2.3:a:libpng:libpng:1.0.6:h
  • cpe:2.3:a:libpng:libpng:1.2.14:beta1
    cpe:2.3:a:libpng:libpng:1.2.14:beta1
  • cpe:2.3:a:libpng:libpng:1.2.14:rc1
    cpe:2.3:a:libpng:libpng:1.2.14:rc1
  • cpe:2.3:a:libpng:libpng:1.0.6:j
    cpe:2.3:a:libpng:libpng:1.0.6:j
  • cpe:2.3:a:libpng:libpng:1.2.13:rc2
    cpe:2.3:a:libpng:libpng:1.2.13:rc2
  • cpe:2.3:a:libpng:libpng:1.0.6:i
    cpe:2.3:a:libpng:libpng:1.0.6:i
  • cpe:2.3:a:libpng:libpng:1.2.13:rc1
    cpe:2.3:a:libpng:libpng:1.2.13:rc1
  • cpe:2.3:a:libpng:libpng:1.0.7:rc2
    cpe:2.3:a:libpng:libpng:1.0.7:rc2
  • cpe:2.3:a:libpng:libpng:1.2.15:beta3
    cpe:2.3:a:libpng:libpng:1.2.15:beta3
  • cpe:2.3:a:libpng:libpng:1.0.7:rc1
    cpe:2.3:a:libpng:libpng:1.0.7:rc1
  • cpe:2.3:a:libpng:libpng:1.2.15:beta2
    cpe:2.3:a:libpng:libpng:1.2.15:beta2
  • cpe:2.3:a:libpng:libpng:1.0.7:beta12
    cpe:2.3:a:libpng:libpng:1.0.7:beta12
  • cpe:2.3:a:libpng:libpng:1.2.15:beta1
    cpe:2.3:a:libpng:libpng:1.2.15:beta1
  • cpe:2.3:a:libpng:libpng:1.0.7:beta11
    cpe:2.3:a:libpng:libpng:1.0.7:beta11
  • cpe:2.3:a:libpng:libpng:1.2.14:beta2
    cpe:2.3:a:libpng:libpng:1.2.14:beta2
  • cpe:2.3:a:libpng:libpng:1.0.7:beta14
    cpe:2.3:a:libpng:libpng:1.0.7:beta14
  • cpe:2.3:a:libpng:libpng:1.2.15:rc1
    cpe:2.3:a:libpng:libpng:1.2.15:rc1
  • cpe:2.3:a:libpng:libpng:1.0.7:beta13
    cpe:2.3:a:libpng:libpng:1.0.7:beta13
  • cpe:2.3:a:libpng:libpng:1.2.15:beta6
    cpe:2.3:a:libpng:libpng:1.2.15:beta6
  • cpe:2.3:a:libpng:libpng:1.0.7:beta16
    cpe:2.3:a:libpng:libpng:1.0.7:beta16
  • cpe:2.3:a:libpng:libpng:1.2.15:beta5
    cpe:2.3:a:libpng:libpng:1.2.15:beta5
  • cpe:2.3:a:libpng:libpng:1.0.7:beta15
    cpe:2.3:a:libpng:libpng:1.0.7:beta15
  • cpe:2.3:a:libpng:libpng:1.2.15:beta4
    cpe:2.3:a:libpng:libpng:1.2.15:beta4
  • cpe:2.3:a:libpng:libpng:1.0.7:beta18
    cpe:2.3:a:libpng:libpng:1.0.7:beta18
  • cpe:2.3:a:libpng:libpng:1.2.15:rc5
    cpe:2.3:a:libpng:libpng:1.2.15:rc5
  • cpe:2.3:a:libpng:libpng:1.0.7:beta17
    cpe:2.3:a:libpng:libpng:1.0.7:beta17
  • cpe:2.3:a:libpng:libpng:1.2.15:rc4
    cpe:2.3:a:libpng:libpng:1.2.15:rc4
  • cpe:2.3:a:libpng:libpng:1.0.8:beta1
    cpe:2.3:a:libpng:libpng:1.0.8:beta1
  • cpe:2.3:a:libpng:libpng:1.2.15:rc3
    cpe:2.3:a:libpng:libpng:1.2.15:rc3
  • cpe:2.3:a:libpng:libpng:1.0.8:rc1
    cpe:2.3:a:libpng:libpng:1.0.8:rc1
  • cpe:2.3:a:libpng:libpng:1.2.15:rc2
    cpe:2.3:a:libpng:libpng:1.2.15:rc2
  • cpe:2.3:a:libpng:libpng:1.2.10:beta6
    cpe:2.3:a:libpng:libpng:1.2.10:beta6
  • cpe:2.3:a:libpng:libpng:1.2.10:beta7
    cpe:2.3:a:libpng:libpng:1.2.10:beta7
  • cpe:2.3:a:libpng:libpng:1.2.10:beta4
    cpe:2.3:a:libpng:libpng:1.2.10:beta4
  • cpe:2.3:a:libpng:libpng:1.2.10:beta5
    cpe:2.3:a:libpng:libpng:1.2.10:beta5
  • cpe:2.3:a:libpng:libpng:1.2.10:rc3
    cpe:2.3:a:libpng:libpng:1.2.10:rc3
  • cpe:2.3:a:libpng:libpng:1.2.11:beta1
    cpe:2.3:a:libpng:libpng:1.2.11:beta1
  • cpe:2.3:a:libpng:libpng:1.2.10:rc1
    cpe:2.3:a:libpng:libpng:1.2.10:rc1
  • cpe:2.3:a:libpng:libpng:1.2.10:rc2
    cpe:2.3:a:libpng:libpng:1.2.10:rc2
  • cpe:2.3:a:libpng:libpng:1.2.11:beta4
    cpe:2.3:a:libpng:libpng:1.2.11:beta4
  • cpe:2.3:a:libpng:libpng:1.2.11:rc1
    cpe:2.3:a:libpng:libpng:1.2.11:rc1
  • cpe:2.3:a:libpng:libpng:1.2.11:beta2
    cpe:2.3:a:libpng:libpng:1.2.11:beta2
  • cpe:2.3:a:libpng:libpng:1.2.11:beta3
    cpe:2.3:a:libpng:libpng:1.2.11:beta3
  • cpe:2.3:a:libpng:libpng:1.2.11:rc5
    cpe:2.3:a:libpng:libpng:1.2.11:rc5
  • cpe:2.3:a:libpng:libpng:1.2.13:beta1
    cpe:2.3:a:libpng:libpng:1.2.13:beta1
  • cpe:2.3:a:libpng:libpng:1.2.11:rc2
    cpe:2.3:a:libpng:libpng:1.2.11:rc2
  • cpe:2.3:a:libpng:libpng:1.2.11:rc3
    cpe:2.3:a:libpng:libpng:1.2.11:rc3
  • libpng 1.0.7
    cpe:2.3:a:libpng:libpng:1.0.7
  • libpng 1.0.9
    cpe:2.3:a:libpng:libpng:1.0.9
  • libpng 1.0.8
    cpe:2.3:a:libpng:libpng:1.0.8
  • cpe:2.3:a:libpng:libpng:1.2.23:beta02-1.2.22
    cpe:2.3:a:libpng:libpng:1.2.23:beta02-1.2.22
  • cpe:2.3:a:libpng:libpng:1.2.23:beta01-1.2.22
    cpe:2.3:a:libpng:libpng:1.2.23:beta01-1.2.22
  • cpe:2.3:a:libpng:libpng:1.2.23:beta04-1.2.22
    cpe:2.3:a:libpng:libpng:1.2.23:beta04-1.2.22
  • cpe:2.3:a:libpng:libpng:1.2.23:beta03-1.2.22
    cpe:2.3:a:libpng:libpng:1.2.23:beta03-1.2.22
  • cpe:2.3:a:libpng:libpng:1.2.23:beta03
    cpe:2.3:a:libpng:libpng:1.2.23:beta03
  • cpe:2.3:a:libpng:libpng:1.2.23:beta02
    cpe:2.3:a:libpng:libpng:1.2.23:beta02
  • cpe:2.3:a:libpng:libpng:1.2.23:beta05
    cpe:2.3:a:libpng:libpng:1.2.23:beta05
  • cpe:2.3:a:libpng:libpng:1.2.23:beta04
    cpe:2.3:a:libpng:libpng:1.2.23:beta04
  • cpe:2.3:a:libpng:libpng:1.2.24:beta03-1.2.23
    cpe:2.3:a:libpng:libpng:1.2.24:beta03-1.2.23
  • cpe:2.3:a:libpng:libpng:1.2.24:beta02-1.2.23
    cpe:2.3:a:libpng:libpng:1.2.24:beta02-1.2.23
  • cpe:2.3:a:libpng:libpng:1.2.24:beta01
    cpe:2.3:a:libpng:libpng:1.2.24:beta01
  • cpe:2.3:a:libpng:libpng:1.2.24:rc01-1.2.23
    cpe:2.3:a:libpng:libpng:1.2.24:rc01-1.2.23
  • cpe:2.3:a:libpng:libpng:1.2.23:rc01-1.2.22
    cpe:2.3:a:libpng:libpng:1.2.23:rc01-1.2.22
  • cpe:2.3:a:libpng:libpng:1.2.23:beta05-1.2.22
    cpe:2.3:a:libpng:libpng:1.2.23:beta05-1.2.22
  • cpe:2.3:a:libpng:libpng:1.2.24:beta01-1.2.23
    cpe:2.3:a:libpng:libpng:1.2.24:beta01-1.2.23
  • cpe:2.3:a:libpng:libpng:1.2.23:rc01
    cpe:2.3:a:libpng:libpng:1.2.23:rc01
  • cpe:2.3:a:libpng:libpng:1.2.21:rc2
    cpe:2.3:a:libpng:libpng:1.2.21:rc2
  • cpe:2.3:a:libpng:libpng:1.2.21:rc3
    cpe:2.3:a:libpng:libpng:1.2.21:rc3
  • cpe:2.3:a:libpng:libpng:1.2.22:beta1
    cpe:2.3:a:libpng:libpng:1.2.22:beta1
  • cpe:2.3:a:libpng:libpng:1.2.22:beta2
    cpe:2.3:a:libpng:libpng:1.2.22:beta2
  • cpe:2.3:a:libpng:libpng:1.2.20:rc6
    cpe:2.3:a:libpng:libpng:1.2.20:rc6
  • cpe:2.3:a:libpng:libpng:1.2.21:beta1
    cpe:2.3:a:libpng:libpng:1.2.21:beta1
  • cpe:2.3:a:libpng:libpng:1.2.21:beta2
    cpe:2.3:a:libpng:libpng:1.2.21:beta2
  • cpe:2.3:a:libpng:libpng:1.2.21:rc1
    cpe:2.3:a:libpng:libpng:1.2.21:rc1
  • cpe:2.3:a:libpng:libpng:1.2.22:beta4-1.2.21
    cpe:2.3:a:libpng:libpng:1.2.22:beta4-1.2.21
  • cpe:2.3:a:libpng:libpng:1.2.22:rc1-1.2.21
    cpe:2.3:a:libpng:libpng:1.2.22:rc1-1.2.21
  • cpe:2.3:a:libpng:libpng:1.2.22:rc1
    cpe:2.3:a:libpng:libpng:1.2.22:rc1
  • cpe:2.3:a:libpng:libpng:1.2.23:beta01
    cpe:2.3:a:libpng:libpng:1.2.23:beta01
  • cpe:2.3:a:libpng:libpng:1.2.22:beta3
    cpe:2.3:a:libpng:libpng:1.2.22:beta3
  • cpe:2.3:a:libpng:libpng:1.2.22:beta4
    cpe:2.3:a:libpng:libpng:1.2.22:beta4
  • cpe:2.3:a:libpng:libpng:1.2.22:beta2-1.2.21
    cpe:2.3:a:libpng:libpng:1.2.22:beta2-1.2.21
  • cpe:2.3:a:libpng:libpng:1.2.22:beta3-1.2.21
    cpe:2.3:a:libpng:libpng:1.2.22:beta3-1.2.21
  • cpe:2.3:a:libpng:libpng:1.2.20:beta01
    cpe:2.3:a:libpng:libpng:1.2.20:beta01
  • libpng 1.2.23
    cpe:2.3:a:libpng:libpng:1.2.23
  • libpng 1.2.22
    cpe:2.3:a:libpng:libpng:1.2.22
  • cpe:2.3:a:libpng:libpng:1.2.19:beta33
    cpe:2.3:a:libpng:libpng:1.2.19:beta33
  • cpe:2.3:a:libpng:libpng:1.2.20:rc5
    cpe:2.3:a:libpng:libpng:1.2.20:rc5
  • cpe:2.3:a:libpng:libpng:1.2.20:rc4
    cpe:2.3:a:libpng:libpng:1.2.20:rc4
  • cpe:2.3:a:libpng:libpng:1.2.20:rc3
    cpe:2.3:a:libpng:libpng:1.2.20:rc3
  • cpe:2.3:a:libpng:libpng:1.2.20:rc2
    cpe:2.3:a:libpng:libpng:1.2.20:rc2
  • cpe:2.3:a:libpng:libpng:1.2.20:rc1
    cpe:2.3:a:libpng:libpng:1.2.20:rc1
  • libpng 1.2.25
    cpe:2.3:a:libpng:libpng:1.2.25
  • cpe:2.3:a:libpng:libpng:1.2.20:beta04
    cpe:2.3:a:libpng:libpng:1.2.20:beta04
  • libpng 1.2.24
    cpe:2.3:a:libpng:libpng:1.2.24
  • cpe:2.3:a:libpng:libpng:1.2.20:beta03
    cpe:2.3:a:libpng:libpng:1.2.20:beta03
  • cpe:2.3:a:libpng:libpng:1.2.20:beta02
    cpe:2.3:a:libpng:libpng:1.2.20:beta02
  • cpe:2.3:a:libpng:libpng:1.2.19:beta23
    cpe:2.3:a:libpng:libpng:1.2.19:beta23
  • cpe:2.3:a:libpng:libpng:1.2.19:beta24
    cpe:2.3:a:libpng:libpng:1.2.19:beta24
  • libpng 1.2.2
    cpe:2.3:a:libpng:libpng:1.2.2
  • cpe:2.3:a:libpng:libpng:1.2.19:beta21
    cpe:2.3:a:libpng:libpng:1.2.19:beta21
  • cpe:2.3:a:libpng:libpng:1.2.19:beta22
    cpe:2.3:a:libpng:libpng:1.2.19:beta22
  • cpe:2.3:a:libpng:libpng:1.2.19:beta19
    cpe:2.3:a:libpng:libpng:1.2.19:beta19
  • cpe:2.3:a:libpng:libpng:1.2.19:beta20
    cpe:2.3:a:libpng:libpng:1.2.19:beta20
  • cpe:2.3:a:libpng:libpng:1.2.19:beta17
    cpe:2.3:a:libpng:libpng:1.2.19:beta17
  • cpe:2.3:a:libpng:libpng:1.2.19:beta18
    cpe:2.3:a:libpng:libpng:1.2.19:beta18
  • cpe:2.3:a:libpng:libpng:1.2.19:beta31
    cpe:2.3:a:libpng:libpng:1.2.19:beta31
  • cpe:2.3:a:libpng:libpng:1.2.19:beta32
    cpe:2.3:a:libpng:libpng:1.2.19:beta32
  • cpe:2.3:a:libpng:libpng:1.2.19:beta29
    cpe:2.3:a:libpng:libpng:1.2.19:beta29
  • cpe:2.3:a:libpng:libpng:1.2.19:beta30
    cpe:2.3:a:libpng:libpng:1.2.19:beta30
  • cpe:2.3:a:libpng:libpng:1.2.19:beta27
    cpe:2.3:a:libpng:libpng:1.2.19:beta27
  • cpe:2.3:a:libpng:libpng:1.2.19:beta28
    cpe:2.3:a:libpng:libpng:1.2.19:beta28
  • cpe:2.3:a:libpng:libpng:1.2.19:beta25
    cpe:2.3:a:libpng:libpng:1.2.19:beta25
  • cpe:2.3:a:libpng:libpng:1.2.19:beta26
    cpe:2.3:a:libpng:libpng:1.2.19:beta26
  • cpe:2.3:a:libpng:libpng:1.2.19:beta2
    cpe:2.3:a:libpng:libpng:1.2.19:beta2
  • cpe:2.3:a:libpng:libpng:1.2.19:beta1
    cpe:2.3:a:libpng:libpng:1.2.19:beta1
  • cpe:2.3:a:libpng:libpng:1.2.19:beta4
    cpe:2.3:a:libpng:libpng:1.2.19:beta4
  • cpe:2.3:a:libpng:libpng:1.2.19:beta3
    cpe:2.3:a:libpng:libpng:1.2.19:beta3
  • cpe:2.3:a:libpng:libpng:1.2.19:beta6
    cpe:2.3:a:libpng:libpng:1.2.19:beta6
  • cpe:2.3:a:libpng:libpng:1.2.19:beta5
    cpe:2.3:a:libpng:libpng:1.2.19:beta5
  • cpe:2.3:a:libpng:libpng:1.2.19:beta8
    cpe:2.3:a:libpng:libpng:1.2.19:beta8
  • cpe:2.3:a:libpng:libpng:1.2.19:beta7
    cpe:2.3:a:libpng:libpng:1.2.19:beta7
  • cpe:2.3:a:libpng:libpng:1.2.19:beta10
    cpe:2.3:a:libpng:libpng:1.2.19:beta10
  • cpe:2.3:a:libpng:libpng:1.2.19:beta9
    cpe:2.3:a:libpng:libpng:1.2.19:beta9
  • cpe:2.3:a:libpng:libpng:1.2.19:beta12
    cpe:2.3:a:libpng:libpng:1.2.19:beta12
  • cpe:2.3:a:libpng:libpng:1.2.19:beta11
    cpe:2.3:a:libpng:libpng:1.2.19:beta11
  • cpe:2.3:a:libpng:libpng:1.2.19:beta14
    cpe:2.3:a:libpng:libpng:1.2.19:beta14
  • cpe:2.3:a:libpng:libpng:1.2.19:beta13
    cpe:2.3:a:libpng:libpng:1.2.19:beta13
  • cpe:2.3:a:libpng:libpng:1.2.19:beta16
    cpe:2.3:a:libpng:libpng:1.2.19:beta16
  • cpe:2.3:a:libpng:libpng:1.2.19:beta15
    cpe:2.3:a:libpng:libpng:1.2.19:beta15
  • cpe:2.3:a:libpng:libpng:1.2.19:rc1
    cpe:2.3:a:libpng:libpng:1.2.19:rc1
  • cpe:2.3:a:libpng:libpng:1.2.19:rc2
    cpe:2.3:a:libpng:libpng:1.2.19:rc2
  • cpe:2.3:a:libpng:libpng:1.2.19:rc3
    cpe:2.3:a:libpng:libpng:1.2.19:rc3
  • cpe:2.3:a:libpng:libpng:1.2.19:rc4
    cpe:2.3:a:libpng:libpng:1.2.19:rc4
  • cpe:2.3:a:libpng:libpng:1.2.19:rc5
    cpe:2.3:a:libpng:libpng:1.2.19:rc5
  • cpe:2.3:a:libpng:libpng:1.2.19:rc6
    cpe:2.3:a:libpng:libpng:1.2.19:rc6
  • libpng 1.2.21
    cpe:2.3:a:libpng:libpng:1.2.21
  • libpng 1.2.20
    cpe:2.3:a:libpng:libpng:1.2.20
  • cpe:2.3:a:libpng:libpng:1.2.2:rc1
    cpe:2.3:a:libpng:libpng:1.2.2:rc1
  • cpe:2.3:a:libpng:libpng:1.2.2:beta1
    cpe:2.3:a:libpng:libpng:1.2.2:beta1
  • cpe:2.3:a:libpng:libpng:1.2.2:beta2
    cpe:2.3:a:libpng:libpng:1.2.2:beta2
  • cpe:2.3:a:libpng:libpng:1.2.2:beta5
    cpe:2.3:a:libpng:libpng:1.2.2:beta5
  • cpe:2.3:a:libpng:libpng:1.2.2:beta6
    cpe:2.3:a:libpng:libpng:1.2.2:beta6
  • cpe:2.3:a:libpng:libpng:1.2.2:beta3
    cpe:2.3:a:libpng:libpng:1.2.2:beta3
  • cpe:2.3:a:libpng:libpng:1.2.2:beta4
    cpe:2.3:a:libpng:libpng:1.2.2:beta4
  • cpe:2.3:a:libpng:libpng:1.2.25:beta01
    cpe:2.3:a:libpng:libpng:1.2.25:beta01
  • cpe:2.3:a:libpng:libpng:1.2.24:rc01
    cpe:2.3:a:libpng:libpng:1.2.24:rc01
  • cpe:2.3:a:libpng:libpng:1.2.24:beta03
    cpe:2.3:a:libpng:libpng:1.2.24:beta03
  • cpe:2.3:a:libpng:libpng:1.2.24:beta02
    cpe:2.3:a:libpng:libpng:1.2.24:beta02
  • cpe:2.3:a:libpng:libpng:1.2.25:beta03
    cpe:2.3:a:libpng:libpng:1.2.25:beta03
  • cpe:2.3:a:libpng:libpng:1.2.25:beta02
    cpe:2.3:a:libpng:libpng:1.2.25:beta02
  • cpe:2.3:a:libpng:libpng:1.2.38:rc2
    cpe:2.3:a:libpng:libpng:1.2.38:rc2
  • cpe:2.3:a:libpng:libpng:1.2.38:rc1
    cpe:2.3:a:libpng:libpng:1.2.38:rc1
  • cpe:2.3:a:libpng:libpng:1.2.37:rc1
    cpe:2.3:a:libpng:libpng:1.2.37:rc1
  • cpe:2.3:a:libpng:libpng:1.2.38:rc3
    cpe:2.3:a:libpng:libpng:1.2.38:rc3
  • cpe:2.3:a:libpng:libpng:1.2.39:beta5
    cpe:2.3:a:libpng:libpng:1.2.39:beta5
  • cpe:2.3:a:libpng:libpng:1.2.39:beta4
    cpe:2.3:a:libpng:libpng:1.2.39:beta4
  • cpe:2.3:a:libpng:libpng:1.2.38:beta1
    cpe:2.3:a:libpng:libpng:1.2.38:beta1
  • cpe:2.3:a:libpng:libpng:1.2.39:rc1
    cpe:2.3:a:libpng:libpng:1.2.39:rc1
  • libpng 1.2.41
    cpe:2.3:a:libpng:libpng:1.2.41
  • libpng 1.2.42
    cpe:2.3:a:libpng:libpng:1.2.42
  • libpng 1.2.39
    cpe:2.3:a:libpng:libpng:1.2.39
  • libpng 1.2.40
    cpe:2.3:a:libpng:libpng:1.2.40
  • cpe:2.3:a:libpng:libpng:1.2.37:beta2
    cpe:2.3:a:libpng:libpng:1.2.37:beta2
  • cpe:2.3:a:libpng:libpng:1.2.37:beta1
    cpe:2.3:a:libpng:libpng:1.2.37:beta1
  • cpe:2.3:a:libpng:libpng:1.2.37:beta3
    cpe:2.3:a:libpng:libpng:1.2.37:beta3
  • libpng 1.2.38
    cpe:2.3:a:libpng:libpng:1.2.38
  • libpng 1.2.37
    cpe:2.3:a:libpng:libpng:1.2.37
  • libpng 1.2.34
    cpe:2.3:a:libpng:libpng:1.2.34
  • libpng 1.2.26
    cpe:2.3:a:libpng:libpng:1.2.26
  • libpng 1.2.3
    cpe:2.3:a:libpng:libpng:1.2.3
  • libpng 1.2.4
    cpe:2.3:a:libpng:libpng:1.2.4
  • libpng 1.2.5
    cpe:2.3:a:libpng:libpng:1.2.5
  • libpng 1.2.6
    cpe:2.3:a:libpng:libpng:1.2.6
  • cpe:2.3:a:libpng:libpng:1.2.41:beta17
    cpe:2.3:a:libpng:libpng:1.2.41:beta17
  • libpng 1.2.29
    cpe:2.3:a:libpng:libpng:1.2.29
  • cpe:2.3:a:libpng:libpng:1.2.41:beta16
    cpe:2.3:a:libpng:libpng:1.2.41:beta16
  • libpng 1.2.28
    cpe:2.3:a:libpng:libpng:1.2.28
  • cpe:2.3:a:libpng:libpng:1.2.41:beta14
    cpe:2.3:a:libpng:libpng:1.2.41:beta14
  • libpng 1.2.31
    cpe:2.3:a:libpng:libpng:1.2.31
  • cpe:2.3:a:libpng:libpng:1.2.41:beta13
    cpe:2.3:a:libpng:libpng:1.2.41:beta13
  • libpng 1.2.30
    cpe:2.3:a:libpng:libpng:1.2.30
  • cpe:2.3:a:libpng:libpng:1.2.41:rc3
    cpe:2.3:a:libpng:libpng:1.2.41:rc3
  • libpng 1.2.33
    cpe:2.3:a:libpng:libpng:1.2.33
  • cpe:2.3:a:libpng:libpng:1.2.41:rc2
    cpe:2.3:a:libpng:libpng:1.2.41:rc2
  • libpng 1.2.32
    cpe:2.3:a:libpng:libpng:1.2.32
  • cpe:2.3:a:libpng:libpng:1.2.41:rc1
    cpe:2.3:a:libpng:libpng:1.2.41:rc1
  • cpe:2.3:a:libpng:libpng:1.2.41:beta18
    cpe:2.3:a:libpng:libpng:1.2.41:beta18
  • cpe:2.3:a:libpng:libpng:1.2.6:rc2
    cpe:2.3:a:libpng:libpng:1.2.6:rc2
  • cpe:2.3:a:libpng:libpng:1.2.41:beta7
    cpe:2.3:a:libpng:libpng:1.2.41:beta7
  • cpe:2.3:a:libpng:libpng:1.2.6:rc3
    cpe:2.3:a:libpng:libpng:1.2.6:rc3
  • cpe:2.3:a:libpng:libpng:1.2.41:beta6
    cpe:2.3:a:libpng:libpng:1.2.41:beta6
  • cpe:2.3:a:libpng:libpng:1.2.6:rc4
    cpe:2.3:a:libpng:libpng:1.2.6:rc4
  • cpe:2.3:a:libpng:libpng:1.2.41:beta5
    cpe:2.3:a:libpng:libpng:1.2.41:beta5
  • cpe:2.3:a:libpng:libpng:1.2.41:beta4
    cpe:2.3:a:libpng:libpng:1.2.41:beta4
  • cpe:2.3:a:libpng:libpng:1.2.41:beta12
    cpe:2.3:a:libpng:libpng:1.2.41:beta12
  • cpe:2.3:a:libpng:libpng:1.2.41:beta11
    cpe:2.3:a:libpng:libpng:1.2.41:beta11
  • cpe:2.3:a:libpng:libpng:1.2.41:beta9
    cpe:2.3:a:libpng:libpng:1.2.41:beta9
  • libpng 1.2.27
    cpe:2.3:a:libpng:libpng:1.2.27
  • cpe:2.3:a:libpng:libpng:1.2.41:beta8
    cpe:2.3:a:libpng:libpng:1.2.41:beta8
  • cpe:2.3:a:libpng:libpng:1.2.5:rc2
    cpe:2.3:a:libpng:libpng:1.2.5:rc2
  • cpe:2.3:a:libpng:libpng:1.2.42:rc3
    cpe:2.3:a:libpng:libpng:1.2.42:rc3
  • cpe:2.3:a:libpng:libpng:1.2.5:rc1
    cpe:2.3:a:libpng:libpng:1.2.5:rc1
  • cpe:2.3:a:libpng:libpng:1.2.42:rc4
    cpe:2.3:a:libpng:libpng:1.2.42:rc4
  • cpe:2.3:a:libpng:libpng:1.2.6:beta1
    cpe:2.3:a:libpng:libpng:1.2.6:beta1
  • cpe:2.3:a:libpng:libpng:1.2.42:rc1
    cpe:2.3:a:libpng:libpng:1.2.42:rc1
  • cpe:2.3:a:libpng:libpng:1.2.5:rc3
    cpe:2.3:a:libpng:libpng:1.2.5:rc3
  • cpe:2.3:a:libpng:libpng:1.2.42:rc2
    cpe:2.3:a:libpng:libpng:1.2.42:rc2
  • cpe:2.3:a:libpng:libpng:1.2.6:beta3
    cpe:2.3:a:libpng:libpng:1.2.6:beta3
  • cpe:2.3:a:libpng:libpng:1.2.41:beta2
    cpe:2.3:a:libpng:libpng:1.2.41:beta2
  • cpe:2.3:a:libpng:libpng:1.2.6:beta2
    cpe:2.3:a:libpng:libpng:1.2.6:beta2
  • cpe:2.3:a:libpng:libpng:1.2.41:beta3
    cpe:2.3:a:libpng:libpng:1.2.41:beta3
  • cpe:2.3:a:libpng:libpng:1.2.6:rc1
    cpe:2.3:a:libpng:libpng:1.2.6:rc1
  • cpe:2.3:a:libpng:libpng:1.2.42:rc5
    cpe:2.3:a:libpng:libpng:1.2.42:rc5
  • cpe:2.3:a:libpng:libpng:1.2.6:beta4
    cpe:2.3:a:libpng:libpng:1.2.6:beta4
  • cpe:2.3:a:libpng:libpng:1.2.41:beta1
    cpe:2.3:a:libpng:libpng:1.2.41:beta1
  • cpe:2.3:a:libpng:libpng:1.2.4:beta1
    cpe:2.3:a:libpng:libpng:1.2.4:beta1
  • cpe:2.3:a:libpng:libpng:1.2.4:beta3
    cpe:2.3:a:libpng:libpng:1.2.4:beta3
  • cpe:2.3:a:libpng:libpng:1.2.4:beta2
    cpe:2.3:a:libpng:libpng:1.2.4:beta2
  • cpe:2.3:a:libpng:libpng:1.2.5:beta1
    cpe:2.3:a:libpng:libpng:1.2.5:beta1
  • cpe:2.3:a:libpng:libpng:1.2.42:beta1
    cpe:2.3:a:libpng:libpng:1.2.42:beta1
  • cpe:2.3:a:libpng:libpng:1.2.42:beta2
    cpe:2.3:a:libpng:libpng:1.2.42:beta2
  • cpe:2.3:a:libpng:libpng:1.2.4:rc1
    cpe:2.3:a:libpng:libpng:1.2.4:rc1
  • cpe:2.3:a:libpng:libpng:1.2.5:beta3
    cpe:2.3:a:libpng:libpng:1.2.5:beta3
  • cpe:2.3:a:libpng:libpng:1.2.5:beta2
    cpe:2.3:a:libpng:libpng:1.2.5:beta2
  • cpe:2.3:a:libpng:libpng:1.2.3:rc2
    cpe:2.3:a:libpng:libpng:1.2.3:rc2
  • cpe:2.3:a:libpng:libpng:1.2.3:rc3
    cpe:2.3:a:libpng:libpng:1.2.3:rc3
  • cpe:2.3:a:libpng:libpng:1.2.3:rc1
    cpe:2.3:a:libpng:libpng:1.2.3:rc1
  • cpe:2.3:a:libpng:libpng:1.2.39:beta1
    cpe:2.3:a:libpng:libpng:1.2.39:beta1
  • cpe:2.3:a:libpng:libpng:1.2.3:rc6
    cpe:2.3:a:libpng:libpng:1.2.3:rc6
  • cpe:2.3:a:libpng:libpng:1.2.39:beta3
    cpe:2.3:a:libpng:libpng:1.2.39:beta3
  • cpe:2.3:a:libpng:libpng:1.2.3:rc4
    cpe:2.3:a:libpng:libpng:1.2.3:rc4
  • cpe:2.3:a:libpng:libpng:1.2.39:beta2
    cpe:2.3:a:libpng:libpng:1.2.39:beta2
  • cpe:2.3:a:libpng:libpng:1.2.3:rc5
    cpe:2.3:a:libpng:libpng:1.2.3:rc5
  • cpe:2.3:a:libpng:libpng:1.2.26:beta06
    cpe:2.3:a:libpng:libpng:1.2.26:beta06
  • cpe:2.3:a:libpng:libpng:1.2.26:rc01
    cpe:2.3:a:libpng:libpng:1.2.26:rc01
  • cpe:2.3:a:libpng:libpng:1.2.26:beta01
    cpe:2.3:a:libpng:libpng:1.2.26:beta01
  • cpe:2.3:a:libpng:libpng:1.2.25:rc02
    cpe:2.3:a:libpng:libpng:1.2.25:rc02
  • cpe:2.3:a:libpng:libpng:1.2.25:rc01
    cpe:2.3:a:libpng:libpng:1.2.25:rc01
  • cpe:2.3:a:libpng:libpng:1.2.25:beta06
    cpe:2.3:a:libpng:libpng:1.2.25:beta06
  • cpe:2.3:a:libpng:libpng:1.2.26:beta05
    cpe:2.3:a:libpng:libpng:1.2.26:beta05
  • cpe:2.3:a:libpng:libpng:1.2.26:beta04
    cpe:2.3:a:libpng:libpng:1.2.26:beta04
  • cpe:2.3:a:libpng:libpng:1.2.26:beta03
    cpe:2.3:a:libpng:libpng:1.2.26:beta03
  • cpe:2.3:a:libpng:libpng:1.2.26:beta02
    cpe:2.3:a:libpng:libpng:1.2.26:beta02
  • cpe:2.3:a:libpng:libpng:1.2.40:beta1
    cpe:2.3:a:libpng:libpng:1.2.40:beta1
  • cpe:2.3:a:libpng:libpng:1.2.40:rc1
    cpe:2.3:a:libpng:libpng:1.2.40:rc1
  • libpng 1.2.35
    cpe:2.3:a:libpng:libpng:1.2.35
  • libpng 1.2.36
    cpe:2.3:a:libpng:libpng:1.2.36
  • cpe:2.3:a:libpng:libpng:1.2.25:beta05
    cpe:2.3:a:libpng:libpng:1.2.25:beta05
  • cpe:2.3:a:libpng:libpng:1.2.25:beta04
    cpe:2.3:a:libpng:libpng:1.2.25:beta04
  • libpng 1.0.43
    cpe:2.3:a:libpng:libpng:1.0.43
  • libpng 1.2.43
    cpe:2.3:a:libpng:libpng:1.2.43
  • libpng 1.2.9
    cpe:2.3:a:libpng:libpng:1.2.9
  • libpng 1.2.7
    cpe:2.3:a:libpng:libpng:1.2.7
  • libpng 1.2.8
    cpe:2.3:a:libpng:libpng:1.2.8
  • cpe:2.3:a:libpng:libpng:1.2.9:beta10
    cpe:2.3:a:libpng:libpng:1.2.9:beta10
  • cpe:2.3:a:libpng:libpng:1.2.9:beta9
    cpe:2.3:a:libpng:libpng:1.2.9:beta9
  • cpe:2.3:a:libpng:libpng:1.2.9:beta8
    cpe:2.3:a:libpng:libpng:1.2.9:beta8
  • cpe:2.3:a:libpng:libpng:1.2.9:beta7
    cpe:2.3:a:libpng:libpng:1.2.9:beta7
  • cpe:2.3:a:libpng:libpng:1.2.9:beta6
    cpe:2.3:a:libpng:libpng:1.2.9:beta6
  • cpe:2.3:a:libpng:libpng:1.2.9:beta5
    cpe:2.3:a:libpng:libpng:1.2.9:beta5
  • cpe:2.3:a:libpng:libpng:1.2.9:beta4
    cpe:2.3:a:libpng:libpng:1.2.9:beta4
  • cpe:2.3:a:libpng:libpng:1.2.9:beta3
    cpe:2.3:a:libpng:libpng:1.2.9:beta3
  • cpe:2.3:a:libpng:libpng:1.2.9:beta2
    cpe:2.3:a:libpng:libpng:1.2.9:beta2
  • cpe:2.3:a:libpng:libpng:1.2.9:beta1
    cpe:2.3:a:libpng:libpng:1.2.9:beta1
  • cpe:2.3:a:libpng:libpng:1.2.9:rc1
    cpe:2.3:a:libpng:libpng:1.2.9:rc1
  • cpe:2.3:a:libpng:libpng:1.2.8:beta3
    cpe:2.3:a:libpng:libpng:1.2.8:beta3
  • cpe:2.3:a:libpng:libpng:1.2.8:beta4
    cpe:2.3:a:libpng:libpng:1.2.8:beta4
  • cpe:2.3:a:libpng:libpng:1.2.8:beta5
    cpe:2.3:a:libpng:libpng:1.2.8:beta5
  • cpe:2.3:a:libpng:libpng:1.2.8:rc1
    cpe:2.3:a:libpng:libpng:1.2.8:rc1
  • cpe:2.3:a:libpng:libpng:1.2.8:rc2
    cpe:2.3:a:libpng:libpng:1.2.8:rc2
  • cpe:2.3:a:libpng:libpng:1.2.8:rc3
    cpe:2.3:a:libpng:libpng:1.2.8:rc3
  • cpe:2.3:a:libpng:libpng:1.2.8:rc4
    cpe:2.3:a:libpng:libpng:1.2.8:rc4
  • cpe:2.3:a:libpng:libpng:1.2.8:rc5
    cpe:2.3:a:libpng:libpng:1.2.8:rc5
  • cpe:2.3:a:libpng:libpng:1.2.6:rc5
    cpe:2.3:a:libpng:libpng:1.2.6:rc5
  • cpe:2.3:a:libpng:libpng:1.2.7:beta1
    cpe:2.3:a:libpng:libpng:1.2.7:beta1
  • cpe:2.3:a:libpng:libpng:1.2.7:beta2
    cpe:2.3:a:libpng:libpng:1.2.7:beta2
  • cpe:2.3:a:libpng:libpng:1.2.8:beta1
    cpe:2.3:a:libpng:libpng:1.2.8:beta1
  • cpe:2.3:a:libpng:libpng:1.2.8:beta2
    cpe:2.3:a:libpng:libpng:1.2.8:beta2
  • cpe:2.3:a:libpng:libpng:1.4:beta1
    cpe:2.3:a:libpng:libpng:1.4:beta1
  • cpe:2.3:a:libpng:libpng:1.4:beta2
    cpe:2.3:a:libpng:libpng:1.4:beta2
  • cpe:2.3:a:libpng:libpng:1.4:beta3
    cpe:2.3:a:libpng:libpng:1.4:beta3
  • cpe:2.3:a:libpng:libpng:1.4:beta4
    cpe:2.3:a:libpng:libpng:1.4:beta4
  • cpe:2.3:a:libpng:libpng:1.4:beta5
    cpe:2.3:a:libpng:libpng:1.4:beta5
  • cpe:2.3:a:libpng:libpng:1.4:beta7
    cpe:2.3:a:libpng:libpng:1.4:beta7
  • cpe:2.3:a:libpng:libpng:1.4:beta6
    cpe:2.3:a:libpng:libpng:1.4:beta6
  • cpe:2.3:a:libpng:libpng:1.4:beta9
    cpe:2.3:a:libpng:libpng:1.4:beta9
  • cpe:2.3:a:libpng:libpng:1.4:beta8
    cpe:2.3:a:libpng:libpng:1.4:beta8
  • cpe:2.3:a:libpng:libpng:1.4:beta11
    cpe:2.3:a:libpng:libpng:1.4:beta11
  • cpe:2.3:a:libpng:libpng:1.4:beta10
    cpe:2.3:a:libpng:libpng:1.4:beta10
  • cpe:2.3:a:libpng:libpng:1.4:beta12
    cpe:2.3:a:libpng:libpng:1.4:beta12
  • cpe:2.3:a:libpng:libpng:1.4:beta14
    cpe:2.3:a:libpng:libpng:1.4:beta14
  • cpe:2.3:a:libpng:libpng:1.4:beta13
    cpe:2.3:a:libpng:libpng:1.4:beta13
  • cpe:2.3:a:libpng:libpng:1.4:beta16
    cpe:2.3:a:libpng:libpng:1.4:beta16
  • cpe:2.3:a:libpng:libpng:1.4:beta15
    cpe:2.3:a:libpng:libpng:1.4:beta15
  • cpe:2.3:a:libpng:libpng:1.4:beta18
    cpe:2.3:a:libpng:libpng:1.4:beta18
  • cpe:2.3:a:libpng:libpng:1.4:beta17
    cpe:2.3:a:libpng:libpng:1.4:beta17
  • cpe:2.3:a:libpng:libpng:1.4
    cpe:2.3:a:libpng:libpng:1.4
  • cpe:2.3:a:libpng:libpng:1.4:beta19
    cpe:2.3:a:libpng:libpng:1.4:beta19
  • cpe:2.3:a:libpng:libpng:1.4:beta23
    cpe:2.3:a:libpng:libpng:1.4:beta23
  • cpe:2.3:a:libpng:libpng:1.4:beta22
    cpe:2.3:a:libpng:libpng:1.4:beta22
  • cpe:2.3:a:libpng:libpng:1.4.0:beta36
    cpe:2.3:a:libpng:libpng:1.4.0:beta36
  • cpe:2.3:a:libpng:libpng:1.4:beta24
    cpe:2.3:a:libpng:libpng:1.4:beta24
  • cpe:2.3:a:libpng:libpng:1.4:beta25
    cpe:2.3:a:libpng:libpng:1.4:beta25
  • cpe:2.3:a:libpng:libpng:1.4:beta20
    cpe:2.3:a:libpng:libpng:1.4:beta20
  • cpe:2.3:a:libpng:libpng:1.4:beta31
    cpe:2.3:a:libpng:libpng:1.4:beta31
  • cpe:2.3:a:libpng:libpng:1.4:beta30
    cpe:2.3:a:libpng:libpng:1.4:beta30
  • cpe:2.3:a:libpng:libpng:1.4:beta33
    cpe:2.3:a:libpng:libpng:1.4:beta33
  • cpe:2.3:a:libpng:libpng:1.4:beta27
    cpe:2.3:a:libpng:libpng:1.4:beta27
  • cpe:2.3:a:libpng:libpng:1.4:beta26
    cpe:2.3:a:libpng:libpng:1.4:beta26
  • cpe:2.3:a:libpng:libpng:1.4:beta28
    cpe:2.3:a:libpng:libpng:1.4:beta28
  • cpe:2.3:a:libpng:libpng:1.4:beta29
    cpe:2.3:a:libpng:libpng:1.4:beta29
  • cpe:2.3:a:libpng:libpng:1.4.1:rc01
    cpe:2.3:a:libpng:libpng:1.4.1:rc01
  • cpe:2.3:a:libpng:libpng:1.4.1:rc02
    cpe:2.3:a:libpng:libpng:1.4.1:rc02
  • cpe:2.3:a:libpng:libpng:1.4.1:r03
    cpe:2.3:a:libpng:libpng:1.4.1:r03
  • cpe:2.3:a:libpng:libpng:1.4.1:rc04
    cpe:2.3:a:libpng:libpng:1.4.1:rc04
  • cpe:2.3:a:libpng:libpng:1.4.1:beta01
    cpe:2.3:a:libpng:libpng:1.4.1:beta01
  • cpe:2.3:a:libpng:libpng:1.4.1:beta02
    cpe:2.3:a:libpng:libpng:1.4.1:beta02
  • cpe:2.3:a:libpng:libpng:1.4.1:beta03
    cpe:2.3:a:libpng:libpng:1.4.1:beta03
  • cpe:2.3:a:libpng:libpng:1.4.1:beta04
    cpe:2.3:a:libpng:libpng:1.4.1:beta04
  • cpe:2.3:a:libpng:libpng:1.4.1:beta05
    cpe:2.3:a:libpng:libpng:1.4.1:beta05
  • cpe:2.3:a:libpng:libpng:1.4.1:beta06
    cpe:2.3:a:libpng:libpng:1.4.1:beta06
  • cpe:2.3:a:libpng:libpng:1.4.1:beta07
    cpe:2.3:a:libpng:libpng:1.4.1:beta07
  • cpe:2.3:a:libpng:libpng:1.4.1:beta08
    cpe:2.3:a:libpng:libpng:1.4.1:beta08
  • cpe:2.3:a:libpng:libpng:1.4.1:beta09
    cpe:2.3:a:libpng:libpng:1.4.1:beta09
  • cpe:2.3:a:libpng:libpng:1.4.1:beta10
    cpe:2.3:a:libpng:libpng:1.4.1:beta10
  • cpe:2.3:a:libpng:libpng:1.4.1:beta11
    cpe:2.3:a:libpng:libpng:1.4.1:beta11
  • cpe:2.3:a:libpng:libpng:1.4.1:beta12
    cpe:2.3:a:libpng:libpng:1.4.1:beta12
  • libpng 1.4.1
    cpe:2.3:a:libpng:libpng:1.4.1
  • cpe:2.3:a:libpng:libpng:1.4.2:rc01
    cpe:2.3:a:libpng:libpng:1.4.2:rc01
  • cpe:2.3:a:libpng:libpng:1.4.2:rc02
    cpe:2.3:a:libpng:libpng:1.4.2:rc02
  • cpe:2.3:a:libpng:libpng:1.4.2:rc03
    cpe:2.3:a:libpng:libpng:1.4.2:rc03
  • cpe:2.3:a:libpng:libpng:1.4.2:rc04
    cpe:2.3:a:libpng:libpng:1.4.2:rc04
  • cpe:2.3:a:libpng:libpng:1.4.2:rc05
    cpe:2.3:a:libpng:libpng:1.4.2:rc05
  • cpe:2.3:a:libpng:libpng:1.4.2:rc06
    cpe:2.3:a:libpng:libpng:1.4.2:rc06
  • cpe:2.3:a:libpng:libpng:1.4.2:beta1
    cpe:2.3:a:libpng:libpng:1.4.2:beta1
  • libpng 1.4.2
    cpe:2.3:a:libpng:libpng:1.4.2
  • cpe:2.3:a:libpng:libpng:1.4.0:rc01
    cpe:2.3:a:libpng:libpng:1.4.0:rc01
  • cpe:2.3:a:libpng:libpng:1.4.0:rc02
    cpe:2.3:a:libpng:libpng:1.4.0:rc02
  • cpe:2.3:a:libpng:libpng:1.4.0:rc03
    cpe:2.3:a:libpng:libpng:1.4.0:rc03
  • cpe:2.3:a:libpng:libpng:1.4.0:rc04
    cpe:2.3:a:libpng:libpng:1.4.0:rc04
  • cpe:2.3:a:libpng:libpng:1.4.0:rc05
    cpe:2.3:a:libpng:libpng:1.4.0:rc05
  • cpe:2.3:a:libpng:libpng:1.4.0:rc06
    cpe:2.3:a:libpng:libpng:1.4.0:rc06
  • cpe:2.3:a:libpng:libpng:1.4.0:rc07
    cpe:2.3:a:libpng:libpng:1.4.0:rc07
  • cpe:2.3:a:libpng:libpng:1.4.0:rc08
    cpe:2.3:a:libpng:libpng:1.4.0:rc08
  • cpe:2.3:a:libpng:libpng:1.4.0:beta21
    cpe:2.3:a:libpng:libpng:1.4.0:beta21
  • cpe:2.3:a:libpng:libpng:1.4.0:beta32
    cpe:2.3:a:libpng:libpng:1.4.0:beta32
  • cpe:2.3:a:libpng:libpng:1.4.0:beta34
    cpe:2.3:a:libpng:libpng:1.4.0:beta34
  • cpe:2.3:a:libpng:libpng:1.4.0:beta35
    cpe:2.3:a:libpng:libpng:1.4.0:beta35
  • cpe:2.3:a:libpng:libpng:1.4.0:beta37
    cpe:2.3:a:libpng:libpng:1.4.0:beta37
  • cpe:2.3:a:libpng:libpng:1.4.0:beta38
    cpe:2.3:a:libpng:libpng:1.4.0:beta38
  • cpe:2.3:a:libpng:libpng:1.4.0:beta39
    cpe:2.3:a:libpng:libpng:1.4.0:beta39
  • cpe:2.3:a:libpng:libpng:1.4.0:beta40
    cpe:2.3:a:libpng:libpng:1.4.0:beta40
  • cpe:2.3:a:libpng:libpng:1.4.0:beta41
    cpe:2.3:a:libpng:libpng:1.4.0:beta41
  • cpe:2.3:a:libpng:libpng:1.4.0:beta42
    cpe:2.3:a:libpng:libpng:1.4.0:beta42
  • cpe:2.3:a:libpng:libpng:1.4.0:beta43
    cpe:2.3:a:libpng:libpng:1.4.0:beta43
  • cpe:2.3:a:libpng:libpng:1.4.0:beta44
    cpe:2.3:a:libpng:libpng:1.4.0:beta44
  • cpe:2.3:a:libpng:libpng:1.4.0:beta45
    cpe:2.3:a:libpng:libpng:1.4.0:beta45
  • cpe:2.3:a:libpng:libpng:1.4.0:beta46
    cpe:2.3:a:libpng:libpng:1.4.0:beta46
  • cpe:2.3:a:libpng:libpng:1.4.0:beta47
    cpe:2.3:a:libpng:libpng:1.4.0:beta47
  • cpe:2.3:a:libpng:libpng:1.4.0:beta48
    cpe:2.3:a:libpng:libpng:1.4.0:beta48
  • cpe:2.3:a:libpng:libpng:1.4.0:beta49
    cpe:2.3:a:libpng:libpng:1.4.0:beta49
  • cpe:2.3:a:libpng:libpng:1.4.0:beta50
    cpe:2.3:a:libpng:libpng:1.4.0:beta50
  • cpe:2.3:a:libpng:libpng:1.4.0:beta51
    cpe:2.3:a:libpng:libpng:1.4.0:beta51
  • cpe:2.3:a:libpng:libpng:1.4.0:beta52
    cpe:2.3:a:libpng:libpng:1.4.0:beta52
  • cpe:2.3:a:libpng:libpng:1.4.0:beta53
    cpe:2.3:a:libpng:libpng:1.4.0:beta53
  • cpe:2.3:a:libpng:libpng:1.4.0:beta54
    cpe:2.3:a:libpng:libpng:1.4.0:beta54
  • cpe:2.3:a:libpng:libpng:1.4.0:beta55
    cpe:2.3:a:libpng:libpng:1.4.0:beta55
  • cpe:2.3:a:libpng:libpng:1.4.0:beta56
    cpe:2.3:a:libpng:libpng:1.4.0:beta56
  • cpe:2.3:a:libpng:libpng:1.4.0:beta57
    cpe:2.3:a:libpng:libpng:1.4.0:beta57
  • cpe:2.3:a:libpng:libpng:1.4.0:beta58
    cpe:2.3:a:libpng:libpng:1.4.0:beta58
  • cpe:2.3:a:libpng:libpng:1.4.0:beta59
    cpe:2.3:a:libpng:libpng:1.4.0:beta59
  • cpe:2.3:a:libpng:libpng:1.4.0:beta60
    cpe:2.3:a:libpng:libpng:1.4.0:beta60
  • cpe:2.3:a:libpng:libpng:1.4.0:beta61
    cpe:2.3:a:libpng:libpng:1.4.0:beta61
  • cpe:2.3:a:libpng:libpng:1.4.0:beta62
    cpe:2.3:a:libpng:libpng:1.4.0:beta62
  • cpe:2.3:a:libpng:libpng:1.4.0:beta63
    cpe:2.3:a:libpng:libpng:1.4.0:beta63
  • cpe:2.3:a:libpng:libpng:1.4.0:beta64
    cpe:2.3:a:libpng:libpng:1.4.0:beta64
  • cpe:2.3:a:libpng:libpng:1.4.0:beta65
    cpe:2.3:a:libpng:libpng:1.4.0:beta65
  • cpe:2.3:a:libpng:libpng:1.4.0:beta66
    cpe:2.3:a:libpng:libpng:1.4.0:beta66
  • cpe:2.3:a:libpng:libpng:1.4.0:beta67
    cpe:2.3:a:libpng:libpng:1.4.0:beta67
  • cpe:2.3:a:libpng:libpng:1.4.0:beta68
    cpe:2.3:a:libpng:libpng:1.4.0:beta68
  • cpe:2.3:a:libpng:libpng:1.4.0:beta69
    cpe:2.3:a:libpng:libpng:1.4.0:beta69
  • cpe:2.3:a:libpng:libpng:1.4.0:beta70
    cpe:2.3:a:libpng:libpng:1.4.0:beta70
  • cpe:2.3:a:libpng:libpng:1.4.0:beta71
    cpe:2.3:a:libpng:libpng:1.4.0:beta71
  • cpe:2.3:a:libpng:libpng:1.4.0:beta72
    cpe:2.3:a:libpng:libpng:1.4.0:beta72
  • cpe:2.3:a:libpng:libpng:1.4.0:beta73
    cpe:2.3:a:libpng:libpng:1.4.0:beta73
  • cpe:2.3:a:libpng:libpng:1.4.0:beta74
    cpe:2.3:a:libpng:libpng:1.4.0:beta74
  • cpe:2.3:a:libpng:libpng:1.4.0:beta75
    cpe:2.3:a:libpng:libpng:1.4.0:beta75
  • cpe:2.3:a:libpng:libpng:1.4.0:beta76
    cpe:2.3:a:libpng:libpng:1.4.0:beta76
  • cpe:2.3:a:libpng:libpng:1.4.0:beta77
    cpe:2.3:a:libpng:libpng:1.4.0:beta77
  • cpe:2.3:a:libpng:libpng:1.4.0:beta78
    cpe:2.3:a:libpng:libpng:1.4.0:beta78
  • cpe:2.3:a:libpng:libpng:1.4.0:beta79
    cpe:2.3:a:libpng:libpng:1.4.0:beta79
  • cpe:2.3:a:libpng:libpng:1.4.0:beta80
    cpe:2.3:a:libpng:libpng:1.4.0:beta80
  • cpe:2.3:a:libpng:libpng:1.4.0:beta81
    cpe:2.3:a:libpng:libpng:1.4.0:beta81
  • cpe:2.3:a:libpng:libpng:1.4.0:beta82
    cpe:2.3:a:libpng:libpng:1.4.0:beta82
  • cpe:2.3:a:libpng:libpng:1.4.0:beta83
    cpe:2.3:a:libpng:libpng:1.4.0:beta83
  • cpe:2.3:a:libpng:libpng:1.4.0:beta84
    cpe:2.3:a:libpng:libpng:1.4.0:beta84
  • cpe:2.3:a:libpng:libpng:1.4.0:beta85
    cpe:2.3:a:libpng:libpng:1.4.0:beta85
  • cpe:2.3:a:libpng:libpng:1.4.0:beta86
    cpe:2.3:a:libpng:libpng:1.4.0:beta86
  • cpe:2.3:a:libpng:libpng:1.4.0:beta87
    cpe:2.3:a:libpng:libpng:1.4.0:beta87
  • cpe:2.3:a:libpng:libpng:1.4.0:beta88
    cpe:2.3:a:libpng:libpng:1.4.0:beta88
  • cpe:2.3:a:libpng:libpng:1.4.0:beta89
    cpe:2.3:a:libpng:libpng:1.4.0:beta89
  • cpe:2.3:a:libpng:libpng:1.4.0:beta90
    cpe:2.3:a:libpng:libpng:1.4.0:beta90
  • cpe:2.3:a:libpng:libpng:1.4.0:beta91
    cpe:2.3:a:libpng:libpng:1.4.0:beta91
  • cpe:2.3:a:libpng:libpng:1.4.0:beta92
    cpe:2.3:a:libpng:libpng:1.4.0:beta92
  • cpe:2.3:a:libpng:libpng:1.4.0:beta93
    cpe:2.3:a:libpng:libpng:1.4.0:beta93
  • cpe:2.3:a:libpng:libpng:1.4.0:beta94
    cpe:2.3:a:libpng:libpng:1.4.0:beta94
  • cpe:2.3:a:libpng:libpng:1.4.0:beta95
    cpe:2.3:a:libpng:libpng:1.4.0:beta95
  • cpe:2.3:a:libpng:libpng:1.4.0:beta96
    cpe:2.3:a:libpng:libpng:1.4.0:beta96
  • cpe:2.3:a:libpng:libpng:1.4.0:beta97
    cpe:2.3:a:libpng:libpng:1.4.0:beta97
  • cpe:2.3:a:libpng:libpng:1.4.0:beta98
    cpe:2.3:a:libpng:libpng:1.4.0:beta98
  • cpe:2.3:a:libpng:libpng:1.4.0:beta99
    cpe:2.3:a:libpng:libpng:1.4.0:beta99
  • cpe:2.3:a:libpng:libpng:1.4.0:beta100
    cpe:2.3:a:libpng:libpng:1.4.0:beta100
  • cpe:2.3:a:libpng:libpng:1.4.0:beta101
    cpe:2.3:a:libpng:libpng:1.4.0:beta101
  • cpe:2.3:a:libpng:libpng:1.4.0:beta102
    cpe:2.3:a:libpng:libpng:1.4.0:beta102
  • cpe:2.3:a:libpng:libpng:1.4.0:beta103
    cpe:2.3:a:libpng:libpng:1.4.0:beta103
  • cpe:2.3:a:libpng:libpng:1.4.0:beta104
    cpe:2.3:a:libpng:libpng:1.4.0:beta104
  • cpe:2.3:a:libpng:libpng:1.4.0:beta105
    cpe:2.3:a:libpng:libpng:1.4.0:beta105
  • cpe:2.3:a:libpng:libpng:1.4.0:beta106
    cpe:2.3:a:libpng:libpng:1.4.0:beta106
  • cpe:2.3:a:libpng:libpng:1.4.0:beta107
    cpe:2.3:a:libpng:libpng:1.4.0:beta107
  • cpe:2.3:a:libpng:libpng:1.4.0:beta108
    cpe:2.3:a:libpng:libpng:1.4.0:beta108
  • cpe:2.3:a:libpng:libpng:1.4.0:beta109
    cpe:2.3:a:libpng:libpng:1.4.0:beta109
CVSS
Base: 7.5 (as of 01-07-2010 - 10:09)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description libpng. CVE-2010-1205. Dos exploits for multiple platform
id EDB-ID:14422
last seen 2016-02-01
modified 2010-07-20
published 2010-07-20
reporter kripthor
source https://www.exploit-db.com/download/14422/
title libpng <= 1.4.2 - Denial of Service Vulnerability
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201010-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201010-01 (Libpng: Multiple vulnerabilities) Multiple vulnerabilities were found in libpng: The png_decompress_chunk() function in pngrutil.c does not properly handle certain type of compressed data (CVE-2010-0205) A buffer overflow in pngread.c when using progressive applications (CVE-2010-1205) A memory leak in pngrutil.c when dealing with a certain type of chunks (CVE-2010-2249) Impact : An attacker could exploit these vulnerabilities to cause programs linked against the library to crash or execute arbitrary code with the permissions of the user running the vulnerable program, which could be the root user. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 49771
    published 2010-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49771
    title GLSA-201010-01 : Libpng: Multiple vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_EDEF3F2F82CF11DFBCCE0018F3E2EB82.NASL
    description The PNG project describes the problem in an advisory : Several versions of libpng through 1.4.2 (and through 1.2.43 in the older series) contain a bug whereby progressive applications such as web browsers (or the rpng2 demo app included in libpng) could receive an extra row of image data beyond the height reported in the header, potentially leading to an out-of-bounds write to memory (depending on how the application is written) and the possibility of execution of an attacker's code with the privileges of the libpng user (including remote compromise in the case of a libpng-based browser visiting a hostile website).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 47155
    published 2010-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47155
    title FreeBSD : png -- libpng decompression buffer overflow (edef3f2f-82cf-11df-bcce-0018f3e2eb82)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_6_5.NASL
    description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.5. Mac OS X 10.6.5 contains security fixes for the following products : - AFP Server - Apache mod_perl - Apache - AppKit - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services - diskdev_cmds - Disk Images - Flash Player plug-in - gzip - Image Capture - ImageIO - Image RAW - Kernel - MySQL - neon - Networking - OpenLDAP - OpenSSL - Password Server - PHP - Printing - python - QuickLook - QuickTime - Safari RSS - Time Machine - Wiki Server - X11 - xar
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 50548
    published 2010-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50548
    title Mac OS X 10.6.x < 10.6.5 Multiple Vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-11 (AMD64 x86 emulation base libraries: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-11-11
    plugin id 79964
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79964
    title GLSA-201412-11 : AMD64 x86 emulation base libraries: Multiple vulnerabilities (Heartbleed)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-133.NASL
    description Multiple vulnerabilities has been found and corrected in libpng : Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file (CVE-2008-6218. Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row (CVE-2010-1205). Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks (CVE-2010-2249). As a precaution htmldoc has been rebuilt to link against the system libpng library for CS4 and 2008.0. Latest xulrunner and mozilla-thunderbird has been patched as a precaution for 2008.0 wheres on 2009.0 and up the the system libpng library is used instead of the bundled copy. htmldoc, xulrunner and mozilla-thunderbird packages is therefore also being provided with this advisory. Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 48192
    published 2010-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48192
    title Mandriva Linux Security Advisory : libpng (MDVSA-2010:133)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_MOZILLATHUNDERBIRD-100721.NASL
    description This update brings Mozilla Thunderbird to the 3.0.6 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. MFSA 2010-39 / CVE-2010-2752: Security researcher J23 reported via TippingPoint's Zero Day Initiative that an array class used to store CSS values contained an integer overflow vulnerability. The 16 bit integer value used in allocating the size of the array could overflow, resulting in too small a memory buffer being created. When the array was later populated with CSS values data would be written past the end of the buffer potentially resulting in the execution of attacker-controlled memory. MFSA 2010-40 / CVE-2010-2753: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an integer overflow vulnerability in the implementation of the XUL element's selection attribute. When the size of a new selection is sufficiently large the integer used in calculating the length of the selection can overflow, resulting in a bogus range being marked selected. When adjustSelection is then called on the bogus range the range is deleted leaving dangling references to the ranges which could be used by an attacker to call into deleted memory and run arbitrary code on a victim's computer. MFSA 2010-41 / CVE-2010-1205: OUSPG researcher Aki Helin reported a buffer overflow in Mozilla graphics code which consumes image data processed by libpng. A malformed PNG file could be created which would cause libpng to incorrectly report the size of the image to downstream consumers. When the dimensions of such images are underreported, the Mozilla code responsible for displaying the graphic will allocate too small a memory buffer to contain the image data and will wind up writing data past the end of the buffer. This could result in the execution of attacker-controlled memory. MFSA 2011-42 / CVE-2010-1213: Security researcher Yosuke Hasegawa reported that the Web Worker method importScripts can read and parse resources from other domains even when the content is not valid JavaScript. This is a violation of the same-origin policy and could be used by an attacker to steal information from other sites. MFSA 2010-46 / CVE-2010-0654: Google security researcher Chris Evans reported that data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target page, then the region between the two injection points becomes readable to JavaScript through, for example, the getComputedStyle() API. MFSA 2010-47 / CVE-2010-2754: Security researcher Soroush Dalili reported that potentially sensitive URL parameters could be leaked across domains upon script errors when the script filename and line number is included in the error message.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 47868
    published 2010-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47868
    title openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2010:0430-2)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0534.NASL
    description From Red Hat Security Advisory 2010:0534 : Updated libpng and libpng10 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A memory corruption flaw was found in the way applications, using the libpng library and its progressive reading method, decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1205) A denial of service flaw was found in the way applications using the libpng library decoded PNG images that have certain, highly compressed ancillary chunks. An attacker could create a specially crafted PNG image that could cause an application using libpng to consume excessive amounts of memory and CPU time, and possibly crash. (CVE-2010-0205) A memory leak flaw was found in the way applications using the libpng library decoded PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that could cause an application using libpng to exhaust all available memory and possibly crash or exit. (CVE-2010-2249) A sensitive information disclosure flaw was found in the way applications using the libpng library processed 1-bit interlaced PNG images. An attacker could create a specially crafted PNG image that could cause an application using libpng to disclose uninitialized memory. (CVE-2009-2042) Users of libpng and libpng10 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng or libpng10 must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68063
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68063
    title Oracle Linux 3 / 4 / 5 : libpng (ELSA-2010-0534)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0534.NASL
    description Updated libpng and libpng10 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A memory corruption flaw was found in the way applications, using the libpng library and its progressive reading method, decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1205) A denial of service flaw was found in the way applications using the libpng library decoded PNG images that have certain, highly compressed ancillary chunks. An attacker could create a specially crafted PNG image that could cause an application using libpng to consume excessive amounts of memory and CPU time, and possibly crash. (CVE-2010-0205) A memory leak flaw was found in the way applications using the libpng library decoded PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that could cause an application using libpng to exhaust all available memory and possibly crash or exit. (CVE-2010-2249) A sensitive information disclosure flaw was found in the way applications using the libpng library processed 1-bit interlaced PNG images. An attacker could create a specially crafted PNG image that could cause an application using libpng to disclose uninitialized memory. (CVE-2009-2042) Users of libpng and libpng10 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng or libpng10 must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 47876
    published 2010-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47876
    title RHEL 3 / 4 / 5 : libpng (RHSA-2010:0534)
  • NASL family Windows
    NASL id SAFARI_5_0_4.NASL
    description The version of Safari installed on the remote Windows host is earlier than 5.0.4. It therefore is potentially affected by several issues in the following components : - ImageIO - libxml - WebKit
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 52613
    published 2011-03-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52613
    title Safari < 5.0.4 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2010-007.NASL
    description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-007 applied. This security update contains fixes for the following products : - AFP Server - Apache mod_perl - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services - diskdev_cmds - Disk Images - Flash Player plug-in - gzip - ImageIO - Image RAW - MySQL - Password Server - PHP - Printing - python - QuickLook - Safari RSS - Wiki Server - X11
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 50549
    published 2010-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50549
    title Mac OS X Multiple Vulnerabilities (Security Update 2010-007)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_MOZILLATHUNDERBIRD-100721.NASL
    description This update brings Mozilla Thunderbird to the 3.0.6 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. MFSA 2010-39 / CVE-2010-2752: Security researcher J23 reported via TippingPoint's Zero Day Initiative that an array class used to store CSS values contained an integer overflow vulnerability. The 16 bit integer value used in allocating the size of the array could overflow, resulting in too small a memory buffer being created. When the array was later populated with CSS values data would be written past the end of the buffer potentially resulting in the execution of attacker-controlled memory. MFSA 2010-40 / CVE-2010-2753: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an integer overflow vulnerability in the implementation of the XUL element's selection attribute. When the size of a new selection is sufficiently large the integer used in calculating the length of the selection can overflow, resulting in a bogus range being marked selected. When adjustSelection is then called on the bogus range the range is deleted leaving dangling references to the ranges which could be used by an attacker to call into deleted memory and run arbitrary code on a victim's computer. MFSA 2010-41 / CVE-2010-1205: OUSPG researcher Aki Helin reported a buffer overflow in Mozilla graphics code which consumes image data processed by libpng. A malformed PNG file could be created which would cause libpng to incorrectly report the size of the image to downstream consumers. When the dimensions of such images are underreported, the Mozilla code responsible for displaying the graphic will allocate too small a memory buffer to contain the image data and will wind up writing data past the end of the buffer. This could result in the execution of attacker-controlled memory. MFSA 2011-42 / CVE-2010-1213: Security researcher Yosuke Hasegawa reported that the Web Worker method importScripts can read and parse resources from other domains even when the content is not valid JavaScript. This is a violation of the same-origin policy and could be used by an attacker to steal information from other sites. MFSA 2010-46 / CVE-2010-0654: Google security researcher Chris Evans reported that data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target page, then the region between the two injection points becomes readable to JavaScript through, for example, the getComputedStyle() API. MFSA 2010-47 / CVE-2010-2754: Security researcher Soroush Dalili reported that potentially sensitive URL parameters could be leaked across domains upon script errors when the script filename and line number is included in the error message.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75658
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75658
    title openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2010:0430-2)
  • NASL family Windows
    NASL id BLACKBERRY_ES_PNG_KB27244.NASL
    description The version of BlackBerry Enterprise Server on the remote host reportedly contains multiple remote code execution vulnerabilities in its image processing library : - An unspecified error within the BlackBerry MDS Connection Service when processing PNG and TIFF images on a web page being viewed on a BlackBerry smartphone. - An unspecified error within the BlackBerry Messaging Agent when processing embedded PNG and TIFF images in an email sent to a BlackBerry smartphone. When the image processing library is used on a specially crafted PNG or TIFF image, an attacker may be able to execute arbitrary code in the context of the BlackBerry Enterprise Server login account.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 55819
    published 2011-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55819
    title BlackBerry Enterprise Server PNG and TIFF Image Processing Vulnerabilities (KB27244)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100714_LIBPNG_ON_SL3_X.NASL
    description A memory corruption flaw was found in the way applications, using the libpng library and its progressive reading method, decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1205) A denial of service flaw was found in the way applications using the libpng library decoded PNG images that have certain, highly compressed ancillary chunks. An attacker could create a specially crafted PNG image that could cause an application using libpng to consume excessive amounts of memory and CPU time, and possibly crash. (CVE-2010-0205) A memory leak flaw was found in the way applications using the libpng library decoded PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that could cause an application using libpng to exhaust all available memory and possibly crash or exit. (CVE-2010-2249) A sensitive information disclosure flaw was found in the way applications using the libpng library processed 1-bit interlaced PNG images. An attacker could create a specially crafted PNG image that could cause an application using libpng to disclose uninitialized memory. (CVE-2009-2042) All running applications using libpng or libpng10 must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60816
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60816
    title Scientific Linux Security Update : libpng on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100720_SEAMONKEY_ON_SL3_X.NASL
    description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1211, CVE-2010-2753, CVE-2010-1214) A memory corruption flaw was found in the way SeaMonkey decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1205) A same-origin policy bypass flaw was found in SeaMonkey. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with SeaMonkey. (CVE-2010-2754) A flaw was found in the way SeaMonkey displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60820
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60820
    title Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0534.NASL
    description Updated libpng and libpng10 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A memory corruption flaw was found in the way applications, using the libpng library and its progressive reading method, decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1205) A denial of service flaw was found in the way applications using the libpng library decoded PNG images that have certain, highly compressed ancillary chunks. An attacker could create a specially crafted PNG image that could cause an application using libpng to consume excessive amounts of memory and CPU time, and possibly crash. (CVE-2010-0205) A memory leak flaw was found in the way applications using the libpng library decoded PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially crafted PNG image that could cause an application using libpng to exhaust all available memory and possibly crash or exit. (CVE-2010-2249) A sensitive information disclosure flaw was found in the way applications using the libpng library processed 1-bit interlaced PNG images. An attacker could create a specially crafted PNG image that could cause an application using libpng to disclose uninitialized memory. (CVE-2009-2042) Users of libpng and libpng10 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng or libpng10 must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 47741
    published 2010-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47741
    title CentOS 3 / 4 / 5 : libpng / libpng10 (CESA-2010:0534)
  • NASL family Windows
    NASL id ITUNES_10_2.NASL
    description The version of Apple iTunes installed on the remote Windows host is older than 10.2. As such, it is affected by numerous issues in the following components : - ImageIO - libxml - WebKit
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 52534
    published 2011-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52534
    title Apple iTunes < 10.2 Multiple Vulnerabilities (credentialed check)
  • NASL family Peer-To-Peer File Sharing
    NASL id ITUNES_10_2_BANNER.NASL
    description The version of Apple iTunes on the remote host is prior to version 10.2. It is, therefore, affected by multiple vulnerabilities in the WebKit, ImageIO, and libxml components. Note that these only affect iTunes for Windows.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 52535
    published 2011-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52535
    title Apple iTunes < 10.2 Multiple Vulnerabilities (uncredentialed check)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-08 (Multiple packages, Multiple vulnerabilities fixed in 2010) Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. Insight Perl Tk Module Source-Navigator Tk Partimage Mlmmj acl Xinit gzip ncompress liblzw splashutils GNU M4 KDE Display Manager GTK+ KGet dvipng Beanstalk Policy Mount pam_krb5 GNU gv LFTP Uzbl Slim Bitdefender Console iputils DVBStreamer Impact : A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround : There are no known workarounds at this time.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 79961
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79961
    title GLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_306.NASL
    description The installed version of Thunderbird is earlier than 3.0.6. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could result in memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-34) - The array class used to store CSS values is affected by an integer overflow vulnerability. (MFSA 2010-39) - An integer overflow vulnerability exists in the 'selection' attribute of XUL element. (MFSA 2010-40) - A buffer overflow vulnerability in Mozilla graphics code could lead to arbitrary code execution. (MFSA 2010-41) - It is possible to read and parse resources from other domains even when the content is not valid JavaScript leading to cross-domain data disclosure. (MFSA 2010-42) - It is possible to read data across domains by injecting bogus CSS selectors into a target site. (MFSA 2010-46) - Potentially sensitive URL parameters could be leaked across domains via script errors. (MFSA 2010-47)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 47783
    published 2010-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47783
    title Mozilla Thunderbird < 3.0.6 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2010-005.NASL
    description The remote host is running a version of Mac OS X 10.6 or 10.5 that does not have Security Update 2010-005 applied. This security update contains fixes for the following products : - ATS - CFNetwork - ClamAV - CoreGraphics - libsecurity - PHP - Samba
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 48424
    published 2010-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48424
    title Mac OS X Multiple Vulnerabilities (Security Update 2010-005)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201301-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 63402
    published 2013-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63402
    title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-958-1.NASL
    description Several flaws were discovered in the browser engine of Thunderbird. If a user were tricked into viewing malicious content, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-1211, CVE-2010-1212) An integer overflow was discovered in how Thunderbird processed CSS values. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752) An integer overflow was discovered in how Thunderbird interpreted the XUL element. If a user were tricked into viewing malicious content, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753) Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205) Yosuke Hasegawa discovered that the same-origin check in Thunderbird could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing malicious content, an attacker could exploit this to read data from other domains. (CVE-2010-1213) Chris Evans discovered that Thunderbird did not properly process improper CSS selectors. If a user were tricked into viewing malicious content, an attacker could exploit this to read data from other domains. (CVE-2010-0654) Soroush Dalili discovered that Thunderbird did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 47857
    published 2010-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47857
    title Ubuntu 10.04 LTS : thunderbird vulnerabilities (USN-958-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2075.NASL
    description Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0182 Wladimir Palant discovered that security checks in XML processing were insufficiently enforced. - CVE-2010-0654 Chris Evans discovered that insecure CSS handling could lead to reading data across domain boundaries. - CVE-2010-1205 Aki Helin discovered a buffer overflow in the internal copy of libpng, which could lead to the execution of arbitrary code. - CVE-2010-1208 'regenrecht' discovered that incorrect memory handling in DOM parsing could lead to the execution of arbitrary code. - CVE-2010-1211 Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2010-1214 'JS3' discovered an integer overflow in the plugin code, which could lead to the execution of arbitrary code. - CVE-2010-2751 Jordi Chancel discovered that the location could be spoofed to appear like a secured page. - CVE-2010-2753 'regenrecht' discovered that incorrect memory handling in XUL parsing could lead to the execution of arbitrary code. - CVE-2010-2754 Soroush Dalili discovered an information leak in script processing.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 47889
    published 2010-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47889
    title Debian DSA-2075-1 : xulrunner - several vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100720_THUNDERBIRD_ON_SL5_X.NASL
    description A memory corruption flaw was found in the way Thunderbird decoded certain PNG images. An attacker could create a mail message containing a specially crafted PNG image that, when opened, could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1205) Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753) An integer overflow flaw was found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1199) Several use-after-free flaws were found in Thunderbird. Viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in the way Thunderbird plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1198) A flaw was found in the way Thunderbird handled the 'Content-Disposition: attachment' HTTP header when the 'Content-Type: multipart' HTTP header was also present. Loading remote HTTP content that allows arbitrary uploads and relies on the 'Content-Disposition: attachment' HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird has loaded. (CVE-2010-2754) All running instances of Thunderbird must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60822
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60822
    title Scientific Linux Security Update : thunderbird on SL5.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0545.NASL
    description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A memory corruption flaw was found in the way Thunderbird decoded certain PNG images. An attacker could create a mail message containing a specially crafted PNG image that, when opened, could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1205) Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753) An integer overflow flaw was found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1199) Several use-after-free flaws were found in Thunderbird. Viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in the way Thunderbird plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1198) A flaw was found in the way Thunderbird handled the 'Content-Disposition: attachment' HTTP header when the 'Content-Type: multipart' HTTP header was also present. Loading remote HTTP content that allows arbitrary uploads and relies on the 'Content-Disposition: attachment' HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird has loaded. (CVE-2010-2754) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 47805
    published 2010-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47805
    title CentOS 5 : thunderbird (CESA-2010:0545)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0547.NASL
    description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212, CVE-2010-1214, CVE-2010-1215, CVE-2010-2752, CVE-2010-2753) A memory corruption flaw was found in the way Firefox decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1205) Several same-origin policy bypass flaws were found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with Firefox. (CVE-2010-0654, CVE-2010-1207, CVE-2010-1213, CVE-2010-2754) A flaw was found in the way Firefox presented the location bar to a user. A malicious website could trick a user into thinking they are visiting the site reported by the location bar, when the page is actually content controlled by an attacker. (CVE-2010-1206) A flaw was found in the way Firefox displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) A flaw was found in the way Firefox displayed certain malformed characters. A malicious web page could use this flaw to bypass certain string sanitization methods, allowing it to display malicious information to users. (CVE-2010-1210) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.7. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.7, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 47881
    published 2010-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47881
    title RHEL 4 / 5 : firefox (RHSA-2010:0547)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0546.NASL
    description From Red Hat Security Advisory 2010:0546 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1211, CVE-2010-2753, CVE-2010-1214) A memory corruption flaw was found in the way SeaMonkey decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1205) A same-origin policy bypass flaw was found in SeaMonkey. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with SeaMonkey. (CVE-2010-2754) A flaw was found in the way SeaMonkey displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68067
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68067
    title Oracle Linux 3 / 4 : seamonkey (ELSA-2010-0546)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_MOZILLAFIREFOX-100727.NASL
    description This update brings Mozilla Firefox to the 3.6.8 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211 / CVE-2010-1212: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the DOM attribute cloning routine where under certain circumstances an event attribute node can be deleted while another object still contains a reference to it. This reference could subsequently be accessed, potentially causing the execution of attacker controlled memory. MFSA 2010-36 / CVE-2010-1209: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in Mozilla's implementation of NodeIterator in which a malicious NodeFilter could be created which would detach nodes from the DOM tree while it was being traversed. The use of a detached and subsequently deleted node could result in the execution of attacker-controlled memory. MFSA 2010-37 / CVE-2010-1214: Security researcher J23 reported via TippingPoint's Zero Day Initiative an error in the code used to store the names and values of plugin parameter elements. A malicious page could embed plugin content containing a very large number of parameter elements which would cause an overflow in the integer value counting them. This integer is later used in allocating a memory buffer used to store the plugin parameters. Under such conditions, too small a buffer would be created and attacker-controlled data could be written past the end of the buffer, potentially resulting in code execution. MFSA 2010-38 / CVE-2010-1215: Mozilla security researcher moz_bug_r_a4 reported that when content script which is running in a chrome context accesses a content object via SJOW, the content code can gain access to an object from the chrome scope and use that object to run arbitrary JavaScript with chrome privileges. Firefox 3.5 and other Mozilla products built from Gecko 1.9.1 were not affected by this issue. MFSA 2010-39 / CVE-2010-2752: Security researcher J23 reported via TippingPoint's Zero Day Initiative that an array class used to store CSS values contained an integer overflow vulnerability. The 16 bit integer value used in allocating the size of the array could overflow, resulting in too small a memory buffer being created. When the array was later populated with CSS values data would be written past the end of the buffer potentially resulting in the execution of attacker-controlled memory. MFSA 2010-40 / CVE-2010-2753: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an integer overflow vulnerability in the implementation of the XUL element's selection attribute. When the size of a new selection is sufficiently large the integer used in calculating the length of the selection can overflow, resulting in a bogus range being marked selected. When adjustSelection is then called on the bogus range the range is deleted leaving dangling references to the ranges which could be used by an attacker to call into deleted memory and run arbitrary code on a victim's computer. MFSA 2010-41 / CVE-2010-1205: OUSPG researcher Aki Helin reported a buffer overflow in Mozilla graphics code which consumes image data processed by libpng. A malformed PNG file could be created which would cause libpng to incorrectly report the size of the image to downstream consumers. When the dimensions of such images are underreported, the Mozilla code responsible for displaying the graphic will allocate too small a memory buffer to contain the image data and will wind up writing data past the end of the buffer. This could result in the execution of attacker-controlled memory. MFSA 2010-42 / CVE-2010-1213: Security researcher Yosuke Hasegawa reported that the Web Worker method importScripts can read and parse resources from other domains even when the content is not valid JavaScript. This is a violation of the same-origin policy and could be used by an attacker to steal information from other sites. MFSA 2010-43 / CVE-2010-1207: Mozilla developer Vladimir Vukicevic reported that a canvas element can be used to read data from another site, violating the same-origin policy. The read restriction placed on a canvas element which has had cross-origin data rendered into it can be bypassed by retaining a reference to the canvas element's context and deleting the associated canvas node from the DOM. MFSA 2010-44 / CVE-2010-1210: Security researcher O. Andersen reported that undefined positions within various 8 bit character encodings are mapped to the sequence U+FFFD which when displayed causes the immediately following character to disappear from the text run. This could potentially contribute to XSS problems on sites which expected extra characters to be present within strings being sanitized on the server. MFSA 2010-45 / CVE-2010-1206: Google security researcher Michal Zalewski reported two methods for spoofing the contents of the location bar. The first method works by opening a new window containing a resource that responds with an HTTP 204 (no content) and then using the reference to the new window to insert HTML content into the blank document. The second location bar spoofing method does not require that the resource opened in a new window respond with 204, as long as the opener calls window.stop() before the document is loaded. In either case a user could be mislead as to the correct location of the document they are currently viewing. MFSA 2010-45 / CVE-2010-2751: Security researcher Jordi Chancel reported that the location bar could be spoofed to look like a secure page when the current document was served via plaintext. The vulnerability is triggered by a server by first redirecting a request for a plaintext resource to another resource behind a valid SSL/TLS certificate. A second request made to the original plaintext resource which is responded to not with a redirect but with JavaScript containing history.back() and history.forward() will result in the plaintext resource being displayed with valid SSL/TLS badging in the location bar. References MFSA 2010-46 / CVE-2010-0654: Google security researcher Chris Evans reported that data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target page, then the region between the two injection points becomes readable to JavaScript through, for example, the getComputedStyle() API. MFSA 2010-47 / CVE-2010-2754: Security researcher Soroush Dalili reported that potentially sensitive URL parameters could be leaked across domains upon script errors when the script filename and line number is included in the error message. MFSA 2010-48 / CVE-2010-2755: Mozilla developer Daniel Holbert reported that the fix to the plugin parameter array crash that was fixed in Firefox 3.6.7 caused a crash showing signs of memory corruption. In certain circumstances, properties in the plugin instance's parameter array could be freed prematurely leaving a dangling pointer that the plugin could execute, potentially calling into attacker-controlled memory.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 75646
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75646
    title openSUSE Security Update : MozillaFirefox (MozillaFirefox-2807)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0545.NASL
    description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A memory corruption flaw was found in the way Thunderbird decoded certain PNG images. An attacker could create a mail message containing a specially crafted PNG image that, when opened, could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1205) Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753) An integer overflow flaw was found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1199) Several use-after-free flaws were found in Thunderbird. Viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in the way Thunderbird plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1198) A flaw was found in the way Thunderbird handled the 'Content-Disposition: attachment' HTTP header when the 'Content-Type: multipart' HTTP header was also present. Loading remote HTTP content that allows arbitrary uploads and relies on the 'Content-Disposition: attachment' HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird has loaded. (CVE-2010-2754) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 63939
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63939
    title RHEL 5 : thunderbird (RHSA-2010:0545)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_MOZILLAFIREFOX-100722.NASL
    description This update brings Mozilla Firefox to the 3.5.11 security release. It fixes following security issues : - Several memory safety bugs in habe been identified in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs show evidence of memory corruption under certain circumstances, and it is presumed that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-34 / CVE-2010-1211) - An error in the DOM attribute cloning routine has been reported, where under certain circumstances an event attribute node can be deleted while another object still contains a reference to it. This reference could subsequently be accessed, potentially causing the execution of attacker controlled memory. (MFSA 2010-35 / CVE-2010-1208) - An error in Mozilla's implementation of NodeIterator has been reported which can be used to create a malicious NodeFilter to detach nodes from the DOM tree while it is being traversed. The use of a detached and subsequently deleted node could result in the execution of attacker controlled memory. (MFSA 2010-36 / CVE-2010-1209) - An error in the code used to store the names and values of plugin parameter elements has been found. A malicious page could embed plugin content containing a very large number of parameter elements which would cause an overflow in the integer value counting them. This integer is later used for allocation of a memory buffer to store the plugin parameters. Under such conditions, a buffer that is too small would be created and attacker controlled data could be written past the end of the buffer, potentially resulting in code execution. (MFSA 2010-37 / CVE-2010-1214) - An array class used to store CSS values contains an integer overflow vulnerability. A 16 bit integer used to allocate the memory for the array could overflow, resulting in too small a buffer being created. When the array is later populated with CSS values, data could be written past the end of the buffer, potentially resulting in the execution of attacker controlled memory. (MFSA 2010-39 / CVE-2010-2752) - An integer overflow vulnerability in the implementation of the XUL element's selection attribute has been found. When the size of a new selection is sufficiently large, the integer used in calculating the length of the selection can overflow, resulting in a bogus range being marked as selected. When adjustSelection is then called on the bogus range, the range is deleted, leaving dangling references to the ranges. These could be used by an attacker to call into deleted memory and run arbitrary code on a victim's computer. (MFSA 2010-40 / CVE-2010-2753) - A buffer overflow in Mozilla graphics code which consumes image data processed by libpng has been reported. A malformed PNG file could be created causing libpng to report an incorrect size of the image. When the dimensions of such images are underreported, the Mozilla code displaying the graphic will allocate a memory buffer to small to contain the image data and will wind up writing data past the end of the buffer. This could result in the execution of attacker-controlled memory. (MFSA 2010-41 / CVE-2010-1205) - The Web Worker method importScripts can read and parse resources from other domains even when the content is not valid JavaScript. This is a violation of the same-origin policy and could be used by an attacker to steal information from other sites. (MFSA 2010-42 / CVE-2010-1213) - Two methods for spoofing the content of the location bar have been reported. The first method works by opening a new window containing a resource that responds with an HTTP 204 (no content) and then using the reference to the new window to insert HTML content into the blank document. The second location bar spoofing method does not require that the resource opened in a new window respond with 204, as long as the opener calls window.stop() before the document is loaded. In either case a user could be mislead about the correct location of the document they are currently viewing. (MFSA 2010-45 / CVE-2010-1206) - The location bar can be spoofed to look like a secure page even though the current document was served via plaintext. The vulnerability is triggered by a server by first redirecting a request for a plaintext resource to another resource behind a valid SSL/TLS certificate. A second request made to the original plaintext resource which is responded to not with a redirect, but with JavaScript calling history.back() and history.forward() will result in the plaintext resource being displayed with a valid SSL/TLS badge in the location bar. (MFSA 2010-45 / CVE-2010-2751) - Data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target page, then the region between the two injection points becomes readable to JavaScript through, for example, the getComputedStyle() API. (MFSA 2010-46 / CVE-2010-0654) - Potentially sensitive URL parameters can be leaked across domains upon script errors when the script filename and line number is included in the error message. (MFSA 2010-47 / CVE-2010-2754)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 50874
    published 2010-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50874
    title SuSE 11 / 11.1 Security Update : Mozilla Firefox (SAT Patch Numbers 2780 / 2781)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLAFIREFOX-7101.NASL
    description This update brings Mozilla Firefox to the 3.5.11 security release. It fixes following security issues : - Several memory safety bugs in habe been identified in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs show evidence of memory corruption under certain circumstances, and it is presumed that with enough effort at least some of these could be exploited to run arbitrary code. . (MFSA 2010-34 / CVE-2010-1211) - An error in the DOM attribute cloning routine has been reported, where under certain circumstances an event attribute node can be deleted while another object still contains a reference to it. This reference could subsequently be accessed, potentially causing the execution of attacker controlled memory. . (MFSA 2010-35 / CVE-2010-1208) - An error in Mozilla's implementation of NodeIterator has been reported which can be used to create a malicious NodeFilter to detach nodes from the DOM tree while it is being traversed. The use of a detached and subsequently deleted node could result in the execution of attacker controlled memory. . (MFSA 2010-36 / CVE-2010-1209) - An error in the code used to store the names and values of plugin parameter elements has been found. A malicious page could embed plugin content containing a very large number of parameter elements which would cause an overflow in the integer value counting them. This integer is later used for allocation of a memory buffer to store the plugin parameters. Under such conditions, a buffer that is too small would be created and attacker controlled data could be written past the end of the buffer, potentially resulting in code execution. . (MFSA 2010-37 / CVE-2010-1214) - An array class used to store CSS values contains an integer overflow vulnerability. A 16 bit integer used to allocate the memory for the array could overflow, resulting in too small a buffer being created. When the array is later populated with CSS values, data could be written past the end of the buffer, potentially resulting in the execution of attacker controlled memory. . (MFSA 2010-39 / CVE-2010-2752) - An integer overflow vulnerability in the implementation of the XUL element's selection attribute has been found. When the size of a new selection is sufficiently large, the integer used in calculating the length of the selection can overflow, resulting in a bogus range being marked as selected. When adjustSelection is then called on the bogus range, the range is deleted, leaving dangling references to the ranges. These could be used by an attacker to call into deleted memory and run arbitrary code on a victim's computer. . (MFSA 2010-40 / CVE-2010-2753) - A buffer overflow in Mozilla graphics code which consumes image data processed by libpng has been reported. A malformed PNG file could be created causing libpng to report an incorrect size of the image. When the dimensions of such images are underreported, the Mozilla code displaying the graphic will allocate a memory buffer to small to contain the image data and will wind up writing data past the end of the buffer. This could result in the execution of attacker-controlled memory. . (MFSA 2010-41 / CVE-2010-1205) - The Web Worker method importScripts can read and parse resources from other domains even when the content is not valid JavaScript. This is a violation of the same-origin policy and could be used by an attacker to steal information from other sites. . (MFSA 2010-42 / CVE-2010-1213) - Two methods for spoofing the content of the location bar have been reported. The first method works by opening a new window containing a resource that responds with an HTTP 204 (no content) and then using the reference to the new window to insert HTML content into the blank document. The second location bar spoofing method does not require that the resource opened in a new window respond with 204, as long as the opener calls window.stop() before the document is loaded. In either case a user could be mislead about the correct location of the document they are currently viewing. . (MFSA 2010-45 / CVE-2010-1206) - The location bar can be spoofed to look like a secure page even though the current document was served via plaintext. The vulnerability is triggered by a server by first redirecting a request for a plaintext resource to another resource behind a valid SSL/TLS certificate. A second request made to the original plaintext resource which is responded to not with a redirect, but with JavaScript calling history.back() and history.forward() will result in the plaintext resource being displayed with a valid SSL/TLS badge in the location bar. . (MFSA 2010-45 / CVE-2010-2751) - Data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target page, then the region between the two injection points becomes readable to JavaScript through, for example, the getComputedStyle() API. . (MFSA 2010-46 / CVE-2010-0654) - Potentially sensitive URL parameters can be leaked across domains upon script errors when the script filename and line number is included in the error message. . (MFSA 2010-47 / CVE-2010-2754)
    last seen 2019-02-21
    modified 2012-10-03
    plugin id 49894
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49894
    title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7101)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0546.NASL
    description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1211, CVE-2010-2753, CVE-2010-1214) A memory corruption flaw was found in the way SeaMonkey decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1205) A same-origin policy bypass flaw was found in SeaMonkey. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with SeaMonkey. (CVE-2010-2754) A flaw was found in the way SeaMonkey displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 47880
    published 2010-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47880
    title RHEL 3 / 4 : seamonkey (RHSA-2010:0546)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-10592.NASL
    description Update to libpng 1.2.44, includes fixes for CVE-2010-1205 and CVE-2010-2249 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 47599
    published 2010-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47599
    title Fedora 12 : libpng-1.2.44-1.fc12 (2010-10592)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-11361.NASL
    description Update to new upstream Thunderbird version 3.0.6, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security /known-vulnerabilities/thunderbird30.html#thunderbird3.0.5 http://www.mozilla.org/security/known- vulnerabilities/thunderbird30.html#thunderbird3.0.6 Update also includes sunbird package rebuilt against new version of Thunderbird. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 47810
    published 2010-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47810
    title Fedora 12 : sunbird-1.0-0.23.20090916hg.fc12 / thunderbird-3.0.6-1.fc12 (2010-11361)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBPNG-7144.NASL
    description Specially crafted png files could cause crashes or even execution of arbitrary code in applications using libpng to process such files. (CVE-2010-1205 / CVE-2010-2249)
    last seen 2019-02-21
    modified 2012-06-14
    plugin id 49882
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49882
    title SuSE 10 Security Update : libpng (ZYPP Patch Number 7144)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2010-180-01.NASL
    description New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues.
    last seen 2019-02-21
    modified 2013-06-01
    plugin id 47562
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47562
    title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 8.1 / 9.0 / 9.1 / current : libpng (SSA:2010-180-01)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-10793.NASL
    description - Update to 1.2.44 - Fixes CVE-2010-1205 and CVE-2010-2249 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47837
    published 2010-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47837
    title Fedora 13 : mingw32-libpng-1.2.44-1.fc13 (2010-10793)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_LIBPNG-DEVEL-100901.NASL
    description Specially crafted png files could cause crashes or even execution of arbitrary code in applications using libpng to process such files (CVE-2010-1205, CVE-2010-2249).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 49192
    published 2010-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49192
    title openSUSE Security Update : libpng-devel (openSUSE-SU-2010:0594-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-930-5.NASL
    description USN-930-4 fixed vulnerabilities in Firefox and Xulrunner on Ubuntu 9.04 and 9.10. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2. If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2010-1121) Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203) A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1198) An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1196) Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199) Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. (CVE-2010-1125) Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. (CVE-2010-1197) Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different websites. (CVE-2008-5913) Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212) An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1214) A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. (CVE-2010-1215) An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752) An integer overflow was discovered in how Firefox interpreted the XUL element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753) Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205) Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-1213, CVE-2010-1207) O. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-1210) Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no content) code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-1206) Jordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-2751) Chris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0654) Soroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 47825
    published 2010-07-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47825
    title Ubuntu 9.04 / 9.10 : ant, apturl, epiphany-browser, gluezilla, gnome-python-extras, liferea, mozvoikko, openjdk-6, packagekit, ubufox, webfav, yelp update (USN-930-5)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-11379.NASL
    description Update to new upstream Thunderbird version 3.1.1, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/announce/ Update also includes sunbird package rebuilt against new version of Thunderbird. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 47813
    published 2010-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47813
    title Fedora 13 : sunbird-1.0-0.26.b2pre.fc13 / thunderbird-3.1.1-1.fc13 (2010-11379)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-11345.NASL
    description Update to new upstream Firefox version 3.6.7, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox36.html#firefox3.6.7 Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. CVE-2010-1211 CVE-2010-1212 CVE-2010-1208 CVE-2010-1209 CVE-2010-1214 CVE-2010-1215 CVE-2010-2752 CVE-2010-2753 CVE-2010-1205 CVE-2010-1213 CVE-2010-1207 CVE-2010-1210 CVE-2010-1206 CVE-2010-2751 CVE-2010-0654 CVE-2010-2754 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 47809
    published 2010-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47809
    title Fedora 13 : firefox-3.6.7-1.fc13 / galeon-2.0.7-30.fc13 / gnome-python2-extras-2.25.3-20.fc13 / etc (2010-11345)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0546.NASL
    description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1211, CVE-2010-2753, CVE-2010-1214) A memory corruption flaw was found in the way SeaMonkey decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1205) A same-origin policy bypass flaw was found in SeaMonkey. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with SeaMonkey. (CVE-2010-2754) A flaw was found in the way SeaMonkey displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 48342
    published 2010-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48342
    title CentOS 3 : seamonkey (CESA-2010:0546)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-10833.NASL
    description This update addresses two security issues: * CVE-2010-1205, in which a buffer overflow might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. * CVE-2010-2249, in which a memory leak allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47772
    published 2010-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47772
    title Fedora 12 : libpng10-1.0.54-1.fc12 (2010-10833)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-10776.NASL
    description - Update to 1.2.44 - Fixes CVE-2010-1205 and CVE-2010-2249 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47836
    published 2010-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47836
    title Fedora 12 : mingw32-libpng-1.2.44-1.fc12 (2010-10776)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100720_FIREFOX_ON_SL4_X.NASL
    description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212, CVE-2010-1214, CVE-2010-1215, CVE-2010-2752, CVE-2010-2753) A memory corruption flaw was found in the way Firefox decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1205) Several same-origin policy bypass flaws were found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with Firefox. (CVE-2010-0654, CVE-2010-1207, CVE-2010-1213, CVE-2010-2754) A flaw was found in the way Firefox presented the location bar to a user. A malicious website could trick a user into thinking they are visiting the site reported by the location bar, when the page is actually content controlled by an attacker. (CVE-2010-1206) A flaw was found in the way Firefox displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) A flaw was found in the way Firefox displayed certain malformed characters. A malicious web page could use this flaw to bypass certain string sanitization methods, allowing it to display malicious information to users. (CVE-2010-1210) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.7. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60818
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60818
    title Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-930-4.NASL
    description USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides the corresponding updates for Ubuntu 9.04 and 9.10, along with additional updates affecting Firefox 3.6.6. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212) An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1214) A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. (CVE-2010-1215) An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752) An integer overflow was discovered in how Firefox interpreted the XUL element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753) Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205) Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-1213, CVE-2010-1207) O. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-1210) Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no content) code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-1206) Jordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-2751) Chris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0654) Soroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754) If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1121) Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203) A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1198) An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1196) Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199) Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. (CVE-2010-1125) Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. (CVE-2010-1197) Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different websites. (CVE-2008-5913). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 47824
    published 2010-07-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47824
    title Ubuntu 9.04 / 9.10 : firefox-3.0, firefox-3.5, xulrunner-1.9.2 vulnerabilities (USN-930-4)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_8C2EA875949911DF8E32000F20797EDE.NASL
    description The Mozilla Project reports : MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11) MFSA 2010-35 DOM attribute cloning remote code execution vulnerability MFSA 2010-36 Use-after-free error in NodeIterator MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability MFSA 2010-38 Arbitrary code execution using SJOW and fast native function MFSA 2010-39 nsCSSValue::Array index integer overflow MFSA 2010-40 nsTreeSelection dangling pointer remote code execution vulnerability MFSA 2010-41 Remote code execution using malformed PNG image MFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts MFSA 2010-43 Same-origin bypass using canvas context MFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish MFSA 2010-45 Multiple location bar spoofing vulnerabilities MFSA 2010-46 Cross-domain data theft using CSS MFSA 2010-47 Cross-origin data leakage from script filename in error messages
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 47794
    published 2010-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47794
    title FreeBSD : mozilla -- multiple vulnerabilities (8c2ea875-9499-11df-8e32-000f20797ede)
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_311.NASL
    description The installed version of Thunderbird is earlier than 3.1.1. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could result in memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-34) - It may be possible to run arbitrary JavaScript with chrome privileges using SJOW and fast native function. (MFSA 2010-38) - The array class used to store CSS values is affected by an integer overflow vulnerability. (MFSA 2010-39) - An integer overflow vulnerability exists in the 'selection' attribute of XUL element. (MFSA 2010-40) - A buffer overflow vulnerability in Mozilla graphics code could lead to arbitrary code execution. (MFSA 2010-41) - It is possible to read and parse resources from other domains even when the content is not valid JavaScript leading to cross-domain data disclosure. (MFSA 2010-42) - The canvas element can be used to read data from another site leading to a same-origin bypass vulnerability. (MFSA 2010-43) - Characters mapped to U+FFFD in 8 bit encodings could cause subsequent characters to disappear, potentially contributing to cross-site scripting issues on certain websites. (MFSA 2010-44) - It is possible to read data across domains by injecting bogus CSS selectors into a target site. (MFSA 2010-46) - Potentially sensitive URL parameters could be leaked across domains via script errors. (MFSA 2010-47)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 47784
    published 2010-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47784
    title Mozilla Thunderbird 3.1.x < 3.1.1 Multiple Vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-957-1.NASL
    description Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212) An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1214) A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. (CVE-2010-1215) An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752) An integer overflow was discovered in how Firefox interpreted the XUL element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753) Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205) Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-1213, CVE-2010-1207) O. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-1210) Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no content) code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-1206) Jordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-2751) Chris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0654) Soroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 47826
    published 2010-07-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47826
    title Ubuntu 8.04 LTS / 10.04 LTS : firefox, firefox-3.0, xulrunner-1.9.2 vulnerabilities (USN-957-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_MOZILLAFIREFOX-100722.NASL
    description This update brings Mozilla Firefox to the 3.5.11 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. MFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the DOM attribute cloning routine where under certain circumstances an event attribute node can be deleted while another object still contains a reference to it. This reference could subsequently be accessed, potentially causing the execution of attacker controlled memory. MFSA 2010-36 / CVE-2010-1209: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in Mozilla's implementation of NodeIterator in which a malicious NodeFilter could be created which would detach nodes from the DOM tree while it was being traversed. The use of a detached and subsequently deleted node could result in the execution of attacker-controlled memory. MFSA 2010-37 / CVE-2010-1214: Security researcher J23 reported via TippingPoint's Zero Day Initiative an error in the code used to store the names and values of plugin parameter elements. A malicious page could embed plugin content containing a very large number of parameter elements which would cause an overflow in the integer value counting them. This integer is later used in allocating a memory buffer used to store the plugin parameters. Under such conditions, too small a buffer would be created and attacker-controlled data could be written past the end of the buffer, potentially resulting in code execution. MFSA 2010-39 / CVE-2010-2752: Security researcher J23 reported via TippingPoint's Zero Day Initiative that an array class used to store CSS values contained an integer overflow vulnerability. The 16 bit integer value used in allocating the size of the array could overflow, resulting in too small a memory buffer being created. When the array was later populated with CSS values data would be written past the end of the buffer potentially resulting in the execution of attacker-controlled memory. MFSA 2010-40 / CVE-2010-2753: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an integer overflow vulnerability in the implementation of the XUL element's selection attribute. When the size of a new selection is sufficiently large the integer used in calculating the length of the selection can overflow, resulting in a bogus range being marked selected. When adjustSelection is then called on the bogus range the range is deleted leaving dangling references to the ranges which could be used by an attacker to call into deleted memory and run arbitrary code on a victim's computer. MFSA 2010-41 / CVE-2010-1205: OUSPG researcher Aki Helin reported a buffer overflow in Mozilla graphics code which consumes image data processed by libpng. A malformed PNG file could be created which would cause libpng to incorrectly report the size of the image to downstream consumers. When the dimensions of such images are underreported, the Mozilla code responsible for displaying the graphic will allocate too small a memory buffer to contain the image data and will wind up writing data past the end of the buffer. This could result in the execution of attacker-controlled memory. MFSA 2010-42 / CVE-2010-1213: Security researcher Yosuke Hasegawa reported that the Web Worker method importScripts can read and parse resources from other domains even when the content is not valid JavaScript. This is a violation of the same-origin policy and could be used by an attacker to steal information from other sites. MFSA 2010-45 / CVE-2010-1206: Google security researcher Michal Zalewski reported two methods for spoofing the contents of the location bar. The first method works by opening a new window containing a resource that responds with an HTTP 204 (no content) and then using the reference to the new window to insert HTML content into the blank document. The second location bar spoofing method does not require that the resource opened in a new window respond with 204, as long as the opener calls window.stop() before the document is loaded. In either case a user could be mislead as to the correct location of the document they are currently viewing. MFSA 2010-45 / CVE-2010-2751: Security researcher Jordi Chancel reported that the location bar could be spoofed to look like a secure page when the current document was served via plaintext. The vulnerability is triggered by a server by first redirecting a request for a plaintext resource to another resource behind a valid SSL/TLS certificate. A second request made to the original plaintext resource which is responded to not with a redirect but with JavaScript containing history.back() and history.forward() will result in the plaintext resource being displayed with valid SSL/TLS badging in the location bar. References MFSA 2010-46 / CVE-2010-0654: Google security researcher Chris Evans reported that data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target page, then the region between the two injection points becomes readable to JavaScript through, for example, the getComputedStyle() API. MFSA 2010-47 / CVE-2010-2754: Security researcher Soroush Dalili reported that potentially sensitive URL parameters could be leaked across domains upon script errors when the script filename and line number is included in the error message.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 47907
    published 2010-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47907
    title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0430-3)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-10823.NASL
    description This update addresses two security issues: * CVE-2010-1205, in which a buffer overflow might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. * CVE-2010-2249, in which a memory leak allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47771
    published 2010-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47771
    title Fedora 13 : libpng10-1.0.54-1.fc13 (2010-10823)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_SEAMONKEY-100721.NASL
    description This update brings Mozilla SeaMonkey to the 2.0.6 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. MFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the DOM attribute cloning routine where under certain circumstances an event attribute node can be deleted while another object still contains a reference to it. This reference could subsequently be accessed, potentially causing the execution of attacker controlled memory. MFSA 2010-36 / CVE-2010-1209: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in Mozilla's implementation of NodeIterator in which a malicious NodeFilter could be created which would detach nodes from the DOM tree while it was being traversed. The use of a detached and subsequently deleted node could result in the execution of attacker-controlled memory. MFSA 2010-37 / CVE-2010-1214: Security researcher J23 reported via TippingPoint's Zero Day Initiative an error in the code used to store the names and values of plugin parameter elements. A malicious page could embed plugin content containing a very large number of parameter elements which would cause an overflow in the integer value counting them. This integer is later used in allocating a memory buffer used to store the plugin parameters. Under such conditions, too small a buffer would be created and attacker-controlled data could be written past the end of the buffer, potentially resulting in code execution. MFSA 2010-39 / CVE-2010-2752: Security researcher J23 reported via TippingPoint's Zero Day Initiative that an array class used to store CSS values contained an integer overflow vulnerability. The 16 bit integer value used in allocating the size of the array could overflow, resulting in too small a memory buffer being created. When the array was later populated with CSS values data would be written past the end of the buffer potentially resulting in the execution of attacker-controlled memory. MFSA 2010-40 / CVE-2010-2753: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an integer overflow vulnerability in the implementation of the XUL element's selection attribute. When the size of a new selection is sufficiently large the integer used in calculating the length of the selection can overflow, resulting in a bogus range being marked selected. When adjustSelection is then called on the bogus range the range is deleted leaving dangling references to the ranges which could be used by an attacker to call into deleted memory and run arbitrary code on a victim's computer. MFSA 2010-41 / CVE-2010-1205: OUSPG researcher Aki Helin reported a buffer overflow in Mozilla graphics code which consumes image data processed by libpng. A malformed PNG file could be created which would cause libpng to incorrectly report the size of the image to downstream consumers. When the dimensions of such images are underreported, the Mozilla code responsible for displaying the graphic will allocate too small a memory buffer to contain the image data and will wind up writing data past the end of the buffer. This could result in the execution of attacker-controlled memory. MFSA 2011-42 / CVE-2010-1213: Security researcher Yosuke Hasegawa reported that the Web Worker method importScripts can read and parse resources from other domains even when the content is not valid JavaScript. This is a violation of the same-origin policy and could be used by an attacker to steal information from other sites. MFSA 2010-45 / CVE-2010-1206: Google security researcher Michal Zalewski reported two methods for spoofing the contents of the location bar. The first method works by opening a new window containing a resource that responds with an HTTP 204 (no content) and then using the reference to the new window to insert HTML content into the blank document. The second location bar spoofing method does not require that the resource opened in a new window respond with 204, as long as the opener calls window.stop() before the document is loaded. In either case a user could be mislead as to the correct location of the document they are currently viewing. MFSA 2010-45 / CVE-2010-2751: Security researcher Jordi Chancel reported that the location bar could be spoofed to look like a secure page when the current document was served via plaintext. The vulnerability is triggered by a server by first redirecting a request for a plaintext resource to another resource behind a valid SSL/TLS certificate. A second request made to the original plaintext resource which is responded to not with a redirect but with JavaScript containing history.back() and history.forward() will result in the plaintext resource being displayed with valid SSL/TLS badging in the location bar. References MFSA 2010-46 / CVE-2010-0654: Google security researcher Chris Evans reported that data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target page, then the region between the two injection points becomes readable to JavaScript through, for example, the getComputedStyle() API. MFSA 2010-47 / CVE-2010-2754: Security researcher Soroush Dalili reported that potentially sensitive URL parameters could be leaked across domains upon script errors when the script filename and line number is included in the error message.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 47854
    published 2010-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47854
    title openSUSE Security Update : seamonkey (openSUSE-SU-2010:0430-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_MOZILLA-XULRUNNER191-100722.NASL
    description This update brings Mozilla XULRunner to the 1.9.1.11 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. MFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the DOM attribute cloning routine where under certain circumstances an event attribute node can be deleted while another object still contains a reference to it. This reference could subsequently be accessed, potentially causing the execution of attacker controlled memory. MFSA 2010-36 / CVE-2010-1209: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in Mozilla's implementation of NodeIterator in which a malicious NodeFilter could be created which would detach nodes from the DOM tree while it was being traversed. The use of a detached and subsequently deleted node could result in the execution of attacker-controlled memory. MFSA 2010-37 / CVE-2010-1214: Security researcher J23 reported via TippingPoint's Zero Day Initiative an error in the code used to store the names and values of plugin parameter elements. A malicious page could embed plugin content containing a very large number of parameter elements which would cause an overflow in the integer value counting them. This integer is later used in allocating a memory buffer used to store the plugin parameters. Under such conditions, too small a buffer would be created and attacker-controlled data could be written past the end of the buffer, potentially resulting in code execution. MFSA 2010-39 / CVE-2010-2752: Security researcher J23 reported via TippingPoint's Zero Day Initiative that an array class used to store CSS values contained an integer overflow vulnerability. The 16 bit integer value used in allocating the size of the array could overflow, resulting in too small a memory buffer being created. When the array was later populated with CSS values data would be written past the end of the buffer potentially resulting in the execution of attacker-controlled memory. MFSA 2010-40 / CVE-2010-2753: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an integer overflow vulnerability in the implementation of the XUL element's selection attribute. When the size of a new selection is sufficiently large the integer used in calculating the length of the selection can overflow, resulting in a bogus range being marked selected. When adjustSelection is then called on the bogus range the range is deleted leaving dangling references to the ranges which could be used by an attacker to call into deleted memory and run arbitrary code on a victim's computer. MFSA 2010-41 / CVE-2010-1205: OUSPG researcher Aki Helin reported a buffer overflow in Mozilla graphics code which consumes image data processed by libpng. A malformed PNG file could be created which would cause libpng to incorrectly report the size of the image to downstream consumers. When the dimensions of such images are underreported, the Mozilla code responsible for displaying the graphic will allocate too small a memory buffer to contain the image data and will wind up writing data past the end of the buffer. This could result in the execution of attacker-controlled memory. MFSA 2010-42 / CVE-2010-1213: Security researcher Yosuke Hasegawa reported that the Web Worker method importScripts can read and parse resources from other domains even when the content is not valid JavaScript. This is a violation of the same-origin policy and could be used by an attacker to steal information from other sites. MFSA 2010-45 / CVE-2010-1206: Google security researcher Michal Zalewski reported two methods for spoofing the contents of the location bar. The first method works by opening a new window containing a resource that responds with an HTTP 204 (no content) and then using the reference to the new window to insert HTML content into the blank document. The second location bar spoofing method does not require that the resource opened in a new window respond with 204, as long as the opener calls window.stop() before the document is loaded. In either case a user could be mislead as to the correct location of the document they are currently viewing. MFSA 2010-45 / CVE-2010-2751: Security researcher Jordi Chancel reported that the location bar could be spoofed to look like a secure page when the current document was served via plaintext. The vulnerability is triggered by a server by first redirecting a request for a plaintext resource to another resource behind a valid SSL/TLS certificate. A second request made to the original plaintext resource which is responded to not with a redirect but with JavaScript containing history.back() and history.forward() will result in the plaintext resource being displayed with valid SSL/TLS badging in the location bar. References MFSA 2010-46 / CVE-2010-0654: Google security researcher Chris Evans reported that data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target page, then the region between the two injection points becomes readable to JavaScript through, for example, the getComputedStyle() API. MFSA 2010-47 / CVE-2010-2754: Security researcher Soroush Dalili reported that potentially sensitive URL parameters could be leaked across domains upon script errors when the script filename and line number is included in the error message.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 75669
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75669
    title openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-2779)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0547.NASL
    description From Red Hat Security Advisory 2010:0547 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212, CVE-2010-1214, CVE-2010-1215, CVE-2010-2752, CVE-2010-2753) A memory corruption flaw was found in the way Firefox decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1205) Several same-origin policy bypass flaws were found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with Firefox. (CVE-2010-0654, CVE-2010-1207, CVE-2010-1213, CVE-2010-2754) A flaw was found in the way Firefox presented the location bar to a user. A malicious website could trick a user into thinking they are visiting the site reported by the location bar, when the page is actually content controlled by an attacker. (CVE-2010-1206) A flaw was found in the way Firefox displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) A flaw was found in the way Firefox displayed certain malformed characters. A malicious web page could use this flaw to bypass certain string sanitization methods, allowing it to display malicious information to users. (CVE-2010-1210) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.7. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.7, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68068
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68068
    title Oracle Linux 4 / 5 : firefox (ELSA-2010-0547)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0547.NASL
    description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212, CVE-2010-1214, CVE-2010-1215, CVE-2010-2752, CVE-2010-2753) A memory corruption flaw was found in the way Firefox decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1205) Several same-origin policy bypass flaws were found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with Firefox. (CVE-2010-0654, CVE-2010-1207, CVE-2010-1213, CVE-2010-2754) A flaw was found in the way Firefox presented the location bar to a user. A malicious website could trick a user into thinking they are visiting the site reported by the location bar, when the page is actually content controlled by an attacker. (CVE-2010-1206) A flaw was found in the way Firefox displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) A flaw was found in the way Firefox displayed certain malformed characters. A malicious web page could use this flaw to bypass certain string sanitization methods, allowing it to display malicious information to users. (CVE-2010-1210) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.7. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.7, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 47806
    published 2010-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47806
    title CentOS 4 / 5 : firefox (CESA-2010:0547)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-957-2.NASL
    description USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. (CVE-2010-2755) This update fixes the problem. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212) An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1214) A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. (CVE-2010-1215) An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752) An integer overflow was discovered in how Firefox interpreted the XUL element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753) Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205) Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-1213, CVE-2010-1207) O. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-1210) Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no content) code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-1206) Jordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-2751) Chris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0654) Soroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 47856
    published 2010-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47856
    title Ubuntu 8.04 LTS / 10.04 LTS : firefox, firefox-3.0, xulrunner-1.9.2 vulnerability (USN-957-2)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12642.NASL
    description Specially crafted png files could cause crashes or even execution of arbitrary code in applications using libpng to process such files. (CVE-2010-1205, CVE-2010-2249)
    last seen 2019-02-21
    modified 2012-06-14
    plugin id 49191
    published 2010-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49191
    title SuSE9 Security Update : libpng (YOU Patch Number 12642)
  • NASL family Windows
    NASL id SEAMONKEY_206.NASL
    description The installed version of SeaMonkey is earlier than 2.0.6. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could result in memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-34) - An error in DOM attribute cloning could result in arbitrary code execution. (MFSA 2010-35) - An error in Mozilla's 'NodeIterator' implementation could lead to arbitrary code execution. (MFSA 2010-36) - An error in the code to store the names and values of plugin parameters could lead arbitrary code execution. (MFSA 2010-37) - The array class used to store CSS values is affected by an integer overflow vulnerability. (MFSA 2010-39) - An integer overflow vulnerability exists in the 'selection' attribute of XUL element. (MFSA 2010-40) - A buffer overflow vulnerability in Mozilla graphics code could lead to arbitrary code execution. (MFSA 2010-41) - It is possible to read and parse resources from other domains even when the content is not valid JavaScript leading to cross-domain data disclosure. (MFSA 2010-42) - Multiple location bar spoofing vulnerabilities exist. (MFSA 2010-45) - It is possible to read data across domains by injecting bogus CSS selectors into a target site. (MFSA 2010-46) - Potentially sensitive URL parameters could be leaked across domains via script errors. (MFSA 2010-47)
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 47785
    published 2010-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47785
    title SeaMonkey < 2.0.6 Multiple Vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-11363.NASL
    description Update to new upstream SeaMonkey version 2.0.6, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/seamonkey20.html#seamonkey2.0.6 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 47811
    published 2010-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47811
    title Fedora 12 : seamonkey-2.0.6-1.fc12 (2010-11363)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_3511.NASL
    description The installed version of Firefox is earlier than 3.5.11. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could result in memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-34) - An error in DOM attribute cloning could result in arbitrary code execution. (MFSA 2010-35) - An error in Mozilla's 'NodeIterator' implementation could lead to arbitrary code execution. (MFSA 2010-36) - An error in the code to store the names and values of plugin parameters could lead arbitrary code execution. (MFSA 2010-37) - The array class used to store CSS values is affected by an integer overflow vulnerability. (MFSA 2010-39) - An integer overflow vulnerability exists in the 'selection' attribute of XUL element. (MFSA 2010-40) - A buffer overflow vulnerability in Mozilla graphics code could lead to arbitrary code execution. (MFSA 2010-41) - It is possible to read and parse resources from other domains even when the content is not valid JavaScript leading to cross-domain data disclosure. (MFSA 2010-42) - Multiple location bar spoofing vulnerabilities exist. (MFSA 2010-45) - It is possible to read data across domains by injecting bogus CSS selectors into a target site. (MFSA 2010-46) - Potentially sensitive URL parameters could be leaked across domains via script errors. (MFSA 2010-47)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 47781
    published 2010-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47781
    title Firefox < 3.5.11 Multiple Vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-11327.NASL
    description Update to new upstream SeaMonkey version 2.0.6, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/seamonkey20.html#seamonkey2.0.6 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 47807
    published 2010-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47807
    title Fedora 13 : seamonkey-2.0.6-1.fc13 (2010-11327)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-10557.NASL
    description Update to libpng 1.2.44, includes fixes for CVE-2010-1205 and CVE-2010-2249 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47587
    published 2010-07-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47587
    title Fedora 13 : libpng-1.2.44-1.fc13 (2010-10557)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_LIBPNG-DEVEL-100901.NASL
    description Specially crafted png files could cause crashes or even execution of arbitrary code in applications using libpng to process such files (CVE-2010-1205, CVE-2010-2249).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 49193
    published 2010-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49193
    title openSUSE Security Update : libpng-devel (openSUSE-SU-2010:0594-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBPNG-DEVEL-100901.NASL
    description Specially crafted png files could cause crashes or even execution of arbitrary code in applications using libpng to process such files. (CVE-2010-1205 / CVE-2010-2249)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 50941
    published 2010-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50941
    title SuSE 11 / 11.1 Security Update : libpng (SAT Patch Numbers 3045 / 3046)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-960-1.NASL
    description It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205) It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into processing a crafted PNG image, an attacker could possibly use this flaw to consume all available resources, resulting in a denial of service. (CVE-2010-2249). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 47695
    published 2010-07-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47695
    title Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : libpng vulnerabilities (USN-960-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2072.NASL
    description Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-1205 It was discovered a buffer overflow in libpng which allows remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. - CVE-2010-2249 It was discovered a memory leak in libpng which allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 47767
    published 2010-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47767
    title Debian DSA-2072-1 : libpng - several vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-11375.NASL
    description Update to new upstream Firefox version 3.5.11, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox35.html#firefox3.5.11 Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. CVE-2010-1211 CVE-2010-1208 CVE-2010-1209 CVE-2010-1214 CVE-2010-2752 CVE-2010-2753 CVE-2010-1205 CVE-2010-1213 CVE-2010-1206 CVE-2010-2751 CVE-2010-0654 CVE-2010-2754 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 47812
    published 2010-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47812
    title Fedora 12 : firefox-3.5.11-1.fc12 / galeon-2.0.7-24.fc12 / gnome-python2-extras-2.25.3-19.fc12 / etc (2010-11375)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_MOZILLAFIREFOX-100722.NASL
    description This update brings Mozilla Firefox to the 3.5.11 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. MFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the DOM attribute cloning routine where under certain circumstances an event attribute node can be deleted while another object still contains a reference to it. This reference could subsequently be accessed, potentially causing the execution of attacker controlled memory. MFSA 2010-36 / CVE-2010-1209: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in Mozilla's implementation of NodeIterator in which a malicious NodeFilter could be created which would detach nodes from the DOM tree while it was being traversed. The use of a detached and subsequently deleted node could result in the execution of attacker-controlled memory. MFSA 2010-37 / CVE-2010-1214: Security researcher J23 reported via TippingPoint's Zero Day Initiative an error in the code used to store the names and values of plugin parameter elements. A malicious page could embed plugin content containing a very large number of parameter elements which would cause an overflow in the integer value counting them. This integer is later used in allocating a memory buffer used to store the plugin parameters. Under such conditions, too small a buffer would be created and attacker-controlled data could be written past the end of the buffer, potentially resulting in code execution. MFSA 2010-39 / CVE-2010-2752: Security researcher J23 reported via TippingPoint's Zero Day Initiative that an array class used to store CSS values contained an integer overflow vulnerability. The 16 bit integer value used in allocating the size of the array could overflow, resulting in too small a memory buffer being created. When the array was later populated with CSS values data would be written past the end of the buffer potentially resulting in the execution of attacker-controlled memory. MFSA 2010-40 / CVE-2010-2753: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an integer overflow vulnerability in the implementation of the XUL element's selection attribute. When the size of a new selection is sufficiently large the integer used in calculating the length of the selection can overflow, resulting in a bogus range being marked selected. When adjustSelection is then called on the bogus range the range is deleted leaving dangling references to the ranges which could be used by an attacker to call into deleted memory and run arbitrary code on a victim's computer. MFSA 2010-41 / CVE-2010-1205: OUSPG researcher Aki Helin reported a buffer overflow in Mozilla graphics code which consumes image data processed by libpng. A malformed PNG file could be created which would cause libpng to incorrectly report the size of the image to downstream consumers. When the dimensions of such images are underreported, the Mozilla code responsible for displaying the graphic will allocate too small a memory buffer to contain the image data and will wind up writing data past the end of the buffer. This could result in the execution of attacker-controlled memory. MFSA 2010-42 / CVE-2010-1213: Security researcher Yosuke Hasegawa reported that the Web Worker method importScripts can read and parse resources from other domains even when the content is not valid JavaScript. This is a violation of the same-origin policy and could be used by an attacker to steal information from other sites. MFSA 2010-45 / CVE-2010-1206: Google security researcher Michal Zalewski reported two methods for spoofing the contents of the location bar. The first method works by opening a new window containing a resource that responds with an HTTP 204 (no content) and then using the reference to the new window to insert HTML content into the blank document. The second location bar spoofing method does not require that the resource opened in a new window respond with 204, as long as the opener calls window.stop() before the document is loaded. In either case a user could be mislead as to the correct location of the document they are currently viewing. MFSA 2010-45 / CVE-2010-2751: Security researcher Jordi Chancel reported that the location bar could be spoofed to look like a secure page when the current document was served via plaintext. The vulnerability is triggered by a server by first redirecting a request for a plaintext resource to another resource behind a valid SSL/TLS certificate. A second request made to the original plaintext resource which is responded to not with a redirect but with JavaScript containing history.back() and history.forward() will result in the plaintext resource being displayed with valid SSL/TLS badging in the location bar. References MFSA 2010-46 / CVE-2010-0654: Google security researcher Chris Evans reported that data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target page, then the region between the two injection points becomes readable to JavaScript through, for example, the getComputedStyle() API. MFSA 2010-47 / CVE-2010-2754: Security researcher Soroush Dalili reported that potentially sensitive URL parameters could be leaked across domains upon script errors when the script filename and line number is included in the error message.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 47906
    published 2010-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47906
    title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0430-3)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_SEAMONKEY-100721.NASL
    description This update brings Mozilla SeaMonkey to the 2.0.6 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. MFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the DOM attribute cloning routine where under certain circumstances an event attribute node can be deleted while another object still contains a reference to it. This reference could subsequently be accessed, potentially causing the execution of attacker controlled memory. MFSA 2010-36 / CVE-2010-1209: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in Mozilla's implementation of NodeIterator in which a malicious NodeFilter could be created which would detach nodes from the DOM tree while it was being traversed. The use of a detached and subsequently deleted node could result in the execution of attacker-controlled memory. MFSA 2010-37 / CVE-2010-1214: Security researcher J23 reported via TippingPoint's Zero Day Initiative an error in the code used to store the names and values of plugin parameter elements. A malicious page could embed plugin content containing a very large number of parameter elements which would cause an overflow in the integer value counting them. This integer is later used in allocating a memory buffer used to store the plugin parameters. Under such conditions, too small a buffer would be created and attacker-controlled data could be written past the end of the buffer, potentially resulting in code execution. MFSA 2010-39 / CVE-2010-2752: Security researcher J23 reported via TippingPoint's Zero Day Initiative that an array class used to store CSS values contained an integer overflow vulnerability. The 16 bit integer value used in allocating the size of the array could overflow, resulting in too small a memory buffer being created. When the array was later populated with CSS values data would be written past the end of the buffer potentially resulting in the execution of attacker-controlled memory. MFSA 2010-40 / CVE-2010-2753: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an integer overflow vulnerability in the implementation of the XUL element's selection attribute. When the size of a new selection is sufficiently large the integer used in calculating the length of the selection can overflow, resulting in a bogus range being marked selected. When adjustSelection is then called on the bogus range the range is deleted leaving dangling references to the ranges which could be used by an attacker to call into deleted memory and run arbitrary code on a victim's computer. MFSA 2010-41 / CVE-2010-1205: OUSPG researcher Aki Helin reported a buffer overflow in Mozilla graphics code which consumes image data processed by libpng. A malformed PNG file could be created which would cause libpng to incorrectly report the size of the image to downstream consumers. When the dimensions of such images are underreported, the Mozilla code responsible for displaying the graphic will allocate too small a memory buffer to contain the image data and will wind up writing data past the end of the buffer. This could result in the execution of attacker-controlled memory. MFSA 2011-42 / CVE-2010-1213: Security researcher Yosuke Hasegawa reported that the Web Worker method importScripts can read and parse resources from other domains even when the content is not valid JavaScript. This is a violation of the same-origin policy and could be used by an attacker to steal information from other sites. MFSA 2010-45 / CVE-2010-1206: Google security researcher Michal Zalewski reported two methods for spoofing the contents of the location bar. The first method works by opening a new window containing a resource that responds with an HTTP 204 (no content) and then using the reference to the new window to insert HTML content into the blank document. The second location bar spoofing method does not require that the resource opened in a new window respond with 204, as long as the opener calls window.stop() before the document is loaded. In either case a user could be mislead as to the correct location of the document they are currently viewing. MFSA 2010-45 / CVE-2010-2751: Security researcher Jordi Chancel reported that the location bar could be spoofed to look like a secure page when the current document was served via plaintext. The vulnerability is triggered by a server by first redirecting a request for a plaintext resource to another resource behind a valid SSL/TLS certificate. A second request made to the original plaintext resource which is responded to not with a redirect but with JavaScript containing history.back() and history.forward() will result in the plaintext resource being displayed with valid SSL/TLS badging in the location bar. References MFSA 2010-46 / CVE-2010-0654: Google security researcher Chris Evans reported that data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target page, then the region between the two injection points becomes readable to JavaScript through, for example, the getComputedStyle() API. MFSA 2010-47 / CVE-2010-2754: Security researcher Soroush Dalili reported that potentially sensitive URL parameters could be leaked across domains upon script errors when the script filename and line number is included in the error message.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75731
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75731
    title openSUSE Security Update : seamonkey (openSUSE-SU-2010:0430-1)
oval via4
accepted 2014-10-06T04:00:24.959-04:00
class vulnerability
contributors
  • name J. Daniel Brown
    organization DTCC
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
  • name Richard Helbing
    organization baramundi software
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
definition_extensions
  • comment Mozilla Firefox Mainline release is installed
    oval oval:org.mitre.oval:def:22259
  • comment Mozilla Seamonkey is installed
    oval oval:org.mitre.oval:def:6372
  • comment Mozilla Thunderbird Mainline release is installed
    oval oval:org.mitre.oval:def:22093
description Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
family windows
id oval:org.mitre.oval:def:11851
status accepted
submitted 2010-07-21T17:30:00.000-05:00
title Mozilla Firefox/Thunderbird/SeaMonkey 'libpng' Buffer Overflow Vulnerability
version 39
packetstorm via4
data source https://packetstormsecurity.com/files/download/92011/libpng-dos.txt
id PACKETSTORM:92011
last seen 2016-12-05
published 2010-07-21
reporter kripthor
source https://packetstormsecurity.com/files/92011/libpng-1.4.2-Denial-Of-Service.html
title libpng 1.4.2 Denial Of Service
redhat via4
rpms
  • libpng-2:1.2.2-30
  • libpng-devel-2:1.2.2-30
  • libpng10-0:1.0.13-21
  • libpng10-devel-0:1.0.13-21
  • libpng-2:1.2.7-3.el4_8.3
  • libpng-devel-2:1.2.7-3.el4_8.3
  • libpng10-0:1.0.16-3.el4_8.4
  • libpng10-devel-0:1.0.16-3.el4_8.4
  • libpng-2:1.2.10-7.1.el5_5.3
  • libpng-devel-2:1.2.10-7.1.el5_5.3
  • thunderbird-0:2.0.0.24-6.el5
  • seamonkey-0:1.0.9-0.57.el3
  • seamonkey-chat-0:1.0.9-0.57.el3
  • seamonkey-devel-0:1.0.9-0.57.el3
  • seamonkey-dom-inspector-0:1.0.9-0.57.el3
  • seamonkey-js-debugger-0:1.0.9-0.57.el3
  • seamonkey-mail-0:1.0.9-0.57.el3
  • seamonkey-nspr-0:1.0.9-0.57.el3
  • seamonkey-nspr-devel-0:1.0.9-0.57.el3
  • seamonkey-nss-0:1.0.9-0.57.el3
  • seamonkey-nss-devel-0:1.0.9-0.57.el3
  • seamonkey-0:1.0.9-60.el4
  • seamonkey-chat-0:1.0.9-60.el4
  • seamonkey-devel-0:1.0.9-60.el4
  • seamonkey-dom-inspector-0:1.0.9-60.el4
  • seamonkey-js-debugger-0:1.0.9-60.el4
  • seamonkey-mail-0:1.0.9-60.el4
  • firefox-0:3.6.7-2.el4
  • xulrunner-0:1.9.2.7-2.el5
  • xulrunner-devel-0:1.9.2.7-2.el5
  • firefox-0:3.6.7-2.el5
refmap via4
apple
  • APPLE-SA-2010-08-24-1
  • APPLE-SA-2010-11-10-1
  • APPLE-SA-2010-11-22-1
  • APPLE-SA-2011-03-02-1
  • APPLE-SA-2011-03-09-2
bid 41174
confirm
debian DSA-2072
fedora
  • FEDORA-2010-10823
  • FEDORA-2010-10833
mandriva MDVSA-2010:133
mlist [security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues
secunia
  • 40302
  • 40336
  • 40472
  • 40547
  • 41574
  • 42314
  • 42317
slackware SSA:2010-180-01
suse SUSE-SR:2010:017
ubuntu USN-960-1
vupen
  • ADV-2010-1612
  • ADV-2010-1637
  • ADV-2010-1755
  • ADV-2010-1837
  • ADV-2010-1846
  • ADV-2010-1877
  • ADV-2010-2491
  • ADV-2010-3045
  • ADV-2010-3046
xf libpng-rowdata-bo(59815)
Last major update 21-07-2013 - 02:57
Published 30-06-2010 - 14:30
Last modified 18-09-2017 - 21:30
Back to Top