ID CVE-2011-1202
Summary The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
References
Vulnerable Configurations
  • cpe:2.3:a:google:chrome:6.0.472.50
  • Google Chrome 6.0.472.51
    cpe:2.3:a:google:chrome:6.0.472.51
  • cpe:2.3:a:google:chrome:6.0.472.48
  • Google Chrome 6.0.472.49
    cpe:2.3:a:google:chrome:6.0.472.49
  • Google Chrome 6.0.472.56
    cpe:2.3:a:google:chrome:6.0.472.56
  • cpe:2.3:a:google:chrome:6.0.472.57
  • cpe:2.3:a:google:chrome:6.0.472.52
  • Google Chrome 6.0.472.54
    cpe:2.3:a:google:chrome:6.0.472.54
  • cpe:2.3:a:google:chrome:6.0.472.62
  • cpe:2.3:a:google:chrome:6.0.472.55
  • cpe:2.3:a:google:chrome:6.0.472.58
  • Google Chrome 6.0.472.53
    cpe:2.3:a:google:chrome:6.0.472.53
  • cpe:2.3:a:google:chrome:6.0.459.0
  • Google Chrome 6.0.460.0
    cpe:2.3:a:google:chrome:6.0.460.0
  • cpe:2.3:a:google:chrome:6.0.458.2
  • cpe:2.3:a:google:chrome:6.0.455.0
  • Google Chrome 6.0.472.59
    cpe:2.3:a:google:chrome:6.0.472.59
  • Google Chrome 6.0.454.0
    cpe:2.3:a:google:chrome:6.0.454.0
  • Google Chrome 6.0.472.60
    cpe:2.3:a:google:chrome:6.0.472.60
  • Google Chrome 6.0.457.0
    cpe:2.3:a:google:chrome:6.0.457.0
  • cpe:2.3:a:google:chrome:6.0.472.61
  • Google Chrome 6.0.456.0
    cpe:2.3:a:google:chrome:6.0.456.0
  • Google Chrome 6.0.458.1
    cpe:2.3:a:google:chrome:6.0.458.1
  • cpe:2.3:a:google:chrome:6.0.458.0
  • cpe:2.3:a:google:chrome:6.0.472.14
  • cpe:2.3:a:google:chrome:6.0.472.15
  • Google Chrome 6.0.472.12
    cpe:2.3:a:google:chrome:6.0.472.12
  • cpe:2.3:a:google:chrome:6.0.472.13
  • Google Chrome 6.0.472.10
    cpe:2.3:a:google:chrome:6.0.472.10
  • cpe:2.3:a:google:chrome:6.0.472.11
  • Google Chrome 6.0.472.8
    cpe:2.3:a:google:chrome:6.0.472.8
  • Google Chrome 6.0.472.9
    cpe:2.3:a:google:chrome:6.0.472.9
  • Google Chrome 6.0.472.6
    cpe:2.3:a:google:chrome:6.0.472.6
  • cpe:2.3:a:google:chrome:6.0.472.7
  • cpe:2.3:a:google:chrome:6.0.472.4
  • cpe:2.3:a:google:chrome:6.0.472.5
  • Google Chrome 6.0.472.2
    cpe:2.3:a:google:chrome:6.0.472.2
  • cpe:2.3:a:google:chrome:6.0.472.3
  • Google Chrome 6.0.472.0
    cpe:2.3:a:google:chrome:6.0.472.0
  • Google Chrome 6.0.472.1
    cpe:2.3:a:google:chrome:6.0.472.1
  • cpe:2.3:a:google:chrome:6.0.471.0
  • cpe:2.3:a:google:chrome:6.0.470.0
  • Google Chrome 6.0.469.0
    cpe:2.3:a:google:chrome:6.0.469.0
  • Google Chrome 6.0.467.0
    cpe:2.3:a:google:chrome:6.0.467.0
  • Google Chrome 6.0.466.6
    cpe:2.3:a:google:chrome:6.0.466.6
  • Google Chrome 6.0.466.5
    cpe:2.3:a:google:chrome:6.0.466.5
  • cpe:2.3:a:google:chrome:6.0.466.4
  • Google Chrome 6.0.466.3
    cpe:2.3:a:google:chrome:6.0.466.3
  • cpe:2.3:a:google:chrome:6.0.466.2
  • Google Chrome 6.0.466.1
    cpe:2.3:a:google:chrome:6.0.466.1
  • Google Chrome 6.0.466.0
    cpe:2.3:a:google:chrome:6.0.466.0
  • cpe:2.3:a:google:chrome:6.0.465.2
  • Google Chrome 6.0.465.1
    cpe:2.3:a:google:chrome:6.0.465.1
  • Google Chrome 6.0.464.1
    cpe:2.3:a:google:chrome:6.0.464.1
  • cpe:2.3:a:google:chrome:6.0.462.0
  • Google Chrome 6.0.461.0
    cpe:2.3:a:google:chrome:6.0.461.0
  • cpe:2.3:a:google:chrome:6.0.472.44
  • cpe:2.3:a:google:chrome:6.0.472.45
  • Google Chrome 6.0.472.46
    cpe:2.3:a:google:chrome:6.0.472.46
  • Google Chrome 6.0.472.47
    cpe:2.3:a:google:chrome:6.0.472.47
  • Google Chrome 6.0.472.40
    cpe:2.3:a:google:chrome:6.0.472.40
  • cpe:2.3:a:google:chrome:6.0.472.41
  • cpe:2.3:a:google:chrome:6.0.472.42
  • Google Chrome 6.0.472.43
    cpe:2.3:a:google:chrome:6.0.472.43
  • cpe:2.3:a:google:chrome:6.0.472.36
  • Google Chrome 6.0.472.37
    cpe:2.3:a:google:chrome:6.0.472.37
  • cpe:2.3:a:google:chrome:6.0.472.38
  • cpe:2.3:a:google:chrome:6.0.472.39
  • cpe:2.3:a:google:chrome:6.0.472.32
  • cpe:2.3:a:google:chrome:6.0.472.33
  • cpe:2.3:a:google:chrome:6.0.472.34
  • cpe:2.3:a:google:chrome:6.0.472.35
  • Google Chrome 6.0.472.29
    cpe:2.3:a:google:chrome:6.0.472.29
  • cpe:2.3:a:google:chrome:6.0.472.28
  • cpe:2.3:a:google:chrome:6.0.472.31
  • Google Chrome 6.0.472.30
    cpe:2.3:a:google:chrome:6.0.472.30
  • Google Chrome 6.0.472.25
    cpe:2.3:a:google:chrome:6.0.472.25
  • cpe:2.3:a:google:chrome:6.0.472.24
  • Google Chrome 6.0.472.27
    cpe:2.3:a:google:chrome:6.0.472.27
  • Google Chrome 6.0.472.26
    cpe:2.3:a:google:chrome:6.0.472.26
  • Google Chrome 6.0.472.21
    cpe:2.3:a:google:chrome:6.0.472.21
  • cpe:2.3:a:google:chrome:6.0.472.20
  • cpe:2.3:a:google:chrome:6.0.472.23
  • Google Chrome 6.0.472.22
    cpe:2.3:a:google:chrome:6.0.472.22
  • cpe:2.3:a:google:chrome:6.0.472.17
  • Google Chrome 6.0.472.16
    cpe:2.3:a:google:chrome:6.0.472.16
  • cpe:2.3:a:google:chrome:6.0.472.19
  • cpe:2.3:a:google:chrome:6.0.472.18
  • cpe:2.3:a:google:chrome:6.0.472.63
  • Google Chrome 6.0.473.0
    cpe:2.3:a:google:chrome:6.0.473.0
  • Google Chrome 6.0.474.0
    cpe:2.3:a:google:chrome:6.0.474.0
  • cpe:2.3:a:google:chrome:6.0.475.0
  • Google Chrome 6.0.476.0
    cpe:2.3:a:google:chrome:6.0.476.0
  • cpe:2.3:a:google:chrome:6.0.477.0
  • Google Chrome 6.0.478.0
    cpe:2.3:a:google:chrome:6.0.478.0
  • cpe:2.3:a:google:chrome:6.0.479.0
  • cpe:2.3:a:google:chrome:6.0.480.0
  • Google Chrome 6.0.481.0
    cpe:2.3:a:google:chrome:6.0.481.0
  • cpe:2.3:a:google:chrome:6.0.482.0
  • cpe:2.3:a:google:chrome:6.0.483.0
  • cpe:2.3:a:google:chrome:6.0.484.0
  • Google Chrome 6.0.485.0
    cpe:2.3:a:google:chrome:6.0.485.0
  • cpe:2.3:a:google:chrome:6.0.486.0
  • Google Chrome 6.0.487.0
    cpe:2.3:a:google:chrome:6.0.487.0
  • Google Chrome 6.0.488.0
    cpe:2.3:a:google:chrome:6.0.488.0
  • cpe:2.3:a:google:chrome:6.0.489.0
  • cpe:2.3:a:google:chrome:6.0.490.0
  • Google Chrome 6.0.490.1
    cpe:2.3:a:google:chrome:6.0.490.1
  • cpe:2.3:a:google:chrome:6.0.491.0
  • cpe:2.3:a:google:chrome:6.0.492.0
  • Google Chrome 6.0.493.0
    cpe:2.3:a:google:chrome:6.0.493.0
  • Google Chrome 6.0.494.0
    cpe:2.3:a:google:chrome:6.0.494.0
  • cpe:2.3:a:google:chrome:6.0.495.0
  • Google Chrome 6.0.495.1
    cpe:2.3:a:google:chrome:6.0.495.1
  • Google Chrome 6.0.496.0
    cpe:2.3:a:google:chrome:6.0.496.0
  • cpe:2.3:a:google:chrome:7.0.497.0
  • Google Chrome 7.0.498.0
    cpe:2.3:a:google:chrome:7.0.498.0
  • Google Chrome 7.0.499.0
    cpe:2.3:a:google:chrome:7.0.499.0
  • cpe:2.3:a:google:chrome:7.0.499.1
  • cpe:2.3:a:google:chrome:7.0.500.0
  • Google Chrome 7.0.500.1
    cpe:2.3:a:google:chrome:7.0.500.1
  • Google Chrome 7.0.503.0
    cpe:2.3:a:google:chrome:7.0.503.0
  • Google Chrome 7.0.503.1
    cpe:2.3:a:google:chrome:7.0.503.1
  • Google Chrome 7.0.504.0
    cpe:2.3:a:google:chrome:7.0.504.0
  • Google Chrome 7.0.505.0
    cpe:2.3:a:google:chrome:7.0.505.0
  • Google Chrome 7.0.506.0
    cpe:2.3:a:google:chrome:7.0.506.0
  • Google Chrome 7.0.507.0
    cpe:2.3:a:google:chrome:7.0.507.0
  • cpe:2.3:a:google:chrome:7.0.507.1
  • cpe:2.3:a:google:chrome:7.0.507.2
  • Google Chrome 7.0.507.3
    cpe:2.3:a:google:chrome:7.0.507.3
  • Google Chrome 7.0.509.0
    cpe:2.3:a:google:chrome:7.0.509.0
  • Google Chrome 7.0.510.0
    cpe:2.3:a:google:chrome:7.0.510.0
  • Google Chrome 7.0.511.1
    cpe:2.3:a:google:chrome:7.0.511.1
  • cpe:2.3:a:google:chrome:7.0.511.2
  • cpe:2.3:a:google:chrome:7.0.511.4
  • Google Chrome 7.0.512.0
    cpe:2.3:a:google:chrome:7.0.512.0
  • Google Chrome 7.0.513.0
    cpe:2.3:a:google:chrome:7.0.513.0
  • cpe:2.3:a:google:chrome:7.0.514.0
  • Google Chrome 7.0.514.1
    cpe:2.3:a:google:chrome:7.0.514.1
  • Google Chrome 7.0.515.0
    cpe:2.3:a:google:chrome:7.0.515.0
  • cpe:2.3:a:google:chrome:7.0.516.0
  • cpe:2.3:a:google:chrome:7.0.517.0
  • cpe:2.3:a:google:chrome:7.0.517.10
  • cpe:2.3:a:google:chrome:7.0.517.11
  • Google Chrome 7.0.517.12
    cpe:2.3:a:google:chrome:7.0.517.12
  • Google Chrome 7.0.517.13
    cpe:2.3:a:google:chrome:7.0.517.13
  • cpe:2.3:a:google:chrome:7.0.517.14
  • Google Chrome 7.0.517.16
    cpe:2.3:a:google:chrome:7.0.517.16
  • Google Chrome 7.0.517.17
    cpe:2.3:a:google:chrome:7.0.517.17
  • Google Chrome 7.0.517.18
    cpe:2.3:a:google:chrome:7.0.517.18
  • Google Chrome 7.0.517.19
    cpe:2.3:a:google:chrome:7.0.517.19
  • Google Chrome 7.0.517.2
    cpe:2.3:a:google:chrome:7.0.517.2
  • Google Chrome 7.0.517.20
    cpe:2.3:a:google:chrome:7.0.517.20
  • cpe:2.3:a:google:chrome:7.0.517.21
  • cpe:2.3:a:google:chrome:7.0.517.22
  • cpe:2.3:a:google:chrome:7.0.517.23
  • Google Chrome 7.0.517.24
    cpe:2.3:a:google:chrome:7.0.517.24
  • cpe:2.3:a:google:chrome:7.0.517.25
  • cpe:2.3:a:google:chrome:7.0.517.26
  • cpe:2.3:a:google:chrome:7.0.517.27
  • Google Chrome 7.0.517.28
    cpe:2.3:a:google:chrome:7.0.517.28
  • Google Chrome 7.0.517.29
    cpe:2.3:a:google:chrome:7.0.517.29
  • Google Chrome 7.0.517.30
    cpe:2.3:a:google:chrome:7.0.517.30
  • Google Chrome 7.0.517.31
    cpe:2.3:a:google:chrome:7.0.517.31
  • Google Chrome 7.0.517.32
    cpe:2.3:a:google:chrome:7.0.517.32
  • cpe:2.3:a:google:chrome:7.0.517.33
  • Google Chrome 7.0.517.34
    cpe:2.3:a:google:chrome:7.0.517.34
  • cpe:2.3:a:google:chrome:7.0.517.35
  • Google Chrome 7.0.517.36
    cpe:2.3:a:google:chrome:7.0.517.36
  • Google Chrome 7.0.517.37
    cpe:2.3:a:google:chrome:7.0.517.37
  • cpe:2.3:a:google:chrome:7.0.517.38
  • cpe:2.3:a:google:chrome:7.0.517.39
  • cpe:2.3:a:google:chrome:7.0.517.4
  • Google Chrome 7.0.517.5
    cpe:2.3:a:google:chrome:7.0.517.5
  • cpe:2.3:a:google:chrome:7.0.517.6
  • Google Chrome 7.0.517.7
    cpe:2.3:a:google:chrome:7.0.517.7
  • cpe:2.3:a:google:chrome:7.0.517.8
  • Google Chrome 7.0.517.9
    cpe:2.3:a:google:chrome:7.0.517.9
  • cpe:2.3:a:google:chrome:0.1.42.2
  • Google Chrome 0.1.42.3
    cpe:2.3:a:google:chrome:0.1.42.3
  • Google Chrome 3.0.195.24
    cpe:2.3:a:google:chrome:3.0.195.24
  • Google Chrome 2.0.172.28
    cpe:2.3:a:google:chrome:2.0.172.28
  • cpe:2.3:a:google:chrome:3.0.193.2:beta
  • cpe:2.3:a:google:chrome:1.0.154.36
  • Google Chrome 4.0.244.0
    cpe:2.3:a:google:chrome:4.0.244.0
  • Google Chrome 3.0.195.33
    cpe:2.3:a:google:chrome:3.0.195.33
  • cpe:2.3:a:google:chrome:3.0.195.32
  • cpe:2.3:a:google:chrome:0.1.38.1
  • Google Chrome 0.1.38.2
    cpe:2.3:a:google:chrome:0.1.38.2
  • Google Chrome 0.1.38.4
    cpe:2.3:a:google:chrome:0.1.38.4
  • Google Chrome 0.1.40.1
    cpe:2.3:a:google:chrome:0.1.40.1
  • cpe:2.3:a:google:chrome:4.0.249.0
  • Google Chrome 1.0.154.48
    cpe:2.3:a:google:chrome:1.0.154.48
  • cpe:2.3:a:google:chrome:2.0.172.38
  • Google Chrome 2.0.172.8
    cpe:2.3:a:google:chrome:2.0.172.8
  • Google Chrome 2.0.172.2
    cpe:2.3:a:google:chrome:2.0.172.2
  • Google Chrome 2.0.172.27
    cpe:2.3:a:google:chrome:2.0.172.27
  • Google Chrome 3.0.195.21
    cpe:2.3:a:google:chrome:3.0.195.21
  • Google Chrome 3.0.182.2
    cpe:2.3:a:google:chrome:3.0.182.2
  • Google Chrome 3.0.190.2
    cpe:2.3:a:google:chrome:3.0.190.2
  • Google Chrome 2.0.172
    cpe:2.3:a:google:chrome:2.0.172
  • cpe:2.3:a:google:chrome:1.0.154.64
  • Google Chrome 1.0.154.43
    cpe:2.3:a:google:chrome:1.0.154.43
  • Google Chrome 4.0.243.0
    cpe:2.3:a:google:chrome:4.0.243.0
  • Google Chrome 4.0.242.0
    cpe:2.3:a:google:chrome:4.0.242.0
  • cpe:2.3:a:google:chrome:4.0.241.0
  • Google Chrome 4.0.240.0
    cpe:2.3:a:google:chrome:4.0.240.0
  • Google Chrome 4.0.239.0
    cpe:2.3:a:google:chrome:4.0.239.0
  • Google Chrome 4.0.237.0
    cpe:2.3:a:google:chrome:4.0.237.0
  • Google Chrome 4.0.237.1
    cpe:2.3:a:google:chrome:4.0.237.1
  • Google Chrome 4.0.236.0
    cpe:2.3:a:google:chrome:4.0.236.0
  • Google Chrome 4.0.235.0
    cpe:2.3:a:google:chrome:4.0.235.0
  • Google Chrome 4.0.229.1
    cpe:2.3:a:google:chrome:4.0.229.1
  • cpe:2.3:a:google:chrome:4.0.224.0
  • Google Chrome 4.0.223.9
    cpe:2.3:a:google:chrome:4.0.223.9
  • Google Chrome 4.0.223.8
    cpe:2.3:a:google:chrome:4.0.223.8
  • cpe:2.3:a:google:chrome:4.0.223.7
  • Google Chrome 4.0.223.5
    cpe:2.3:a:google:chrome:4.0.223.5
  • Google Chrome 4.0.223.4
    cpe:2.3:a:google:chrome:4.0.223.4
  • Google Chrome 4.0.223.1
    cpe:2.3:a:google:chrome:4.0.223.1
  • Google Chrome 4.0.223.2
    cpe:2.3:a:google:chrome:4.0.223.2
  • cpe:2.3:a:google:chrome:4.0.222.0
  • Google Chrome 4.0.223.0
    cpe:2.3:a:google:chrome:4.0.223.0
  • cpe:2.3:a:google:chrome:4.0.222.12
  • Google Chrome 4.0.222.5
    cpe:2.3:a:google:chrome:4.0.222.5
  • cpe:2.3:a:google:chrome:4.0.221.8
  • Google Chrome 4.0.222.1
    cpe:2.3:a:google:chrome:4.0.222.1
  • cpe:2.3:a:google:chrome:4.0.212.0
  • Google Chrome 4.0.212.1
    cpe:2.3:a:google:chrome:4.0.212.1
  • Google Chrome 3.0.195.37
    cpe:2.3:a:google:chrome:3.0.195.37
  • cpe:2.3:a:google:chrome:3.0.195.38
  • cpe:2.3:a:google:chrome:3.0.195.27
  • cpe:2.3:a:google:chrome:3.0.195.36
  • Google Chrome 3.0.195.2
    cpe:2.3:a:google:chrome:3.0.195.2
  • cpe:2.3:a:google:chrome:3.0.195.25
  • Google Chrome 1.0.154.59
    cpe:2.3:a:google:chrome:1.0.154.59
  • cpe:2.3:a:google:chrome:4.0.245.1
  • Google Chrome 4.0.245.0
    cpe:2.3:a:google:chrome:4.0.245.0
  • Google Chrome 4.0.247.0
    cpe:2.3:a:google:chrome:4.0.247.0
  • Google Chrome 4.0.246.0
    cpe:2.3:a:google:chrome:4.0.246.0
  • Google Chrome 4.0.249.1
    cpe:2.3:a:google:chrome:4.0.249.1
  • Google Chrome 4.0.248.0
    cpe:2.3:a:google:chrome:4.0.248.0
  • cpe:2.3:a:google:chrome:4.0.249.11
  • cpe:2.3:a:google:chrome:1.0.154.53
  • cpe:2.3:a:google:chrome:4.0.249.10
  • Google Chrome 4.0.249.14
    cpe:2.3:a:google:chrome:4.0.249.14
  • cpe:2.3:a:google:chrome:4.0.249.12
  • cpe:2.3:a:google:chrome:4.0.249.17
  • cpe:2.3:a:google:chrome:4.0.249.16
  • cpe:2.3:a:google:chrome:4.0.249.18
  • cpe:2.3:a:google:chrome:2.0.157.0
  • Google Chrome 2.0.157.2
    cpe:2.3:a:google:chrome:2.0.157.2
  • Google Chrome 2.0.156.1
    cpe:2.3:a:google:chrome:2.0.156.1
  • Google Chrome 2.0.172.31
    cpe:2.3:a:google:chrome:2.0.172.31
  • Google Chrome 0.3.154.3
    cpe:2.3:a:google:chrome:0.3.154.3
  • cpe:2.3:a:google:chrome:2.0.172.30
  • Google Chrome 0.4.154.18
    cpe:2.3:a:google:chrome:0.4.154.18
  • Google Chrome 0.2.153.1
    cpe:2.3:a:google:chrome:0.2.153.1
  • Google Chrome 2.0.172.33
    cpe:2.3:a:google:chrome:2.0.172.33
  • Google Chrome 0.3.154.0
    cpe:2.3:a:google:chrome:0.3.154.0
  • cpe:2.3:a:google:chrome:2.0.169.1
  • Google Chrome 1.0.154.46
    cpe:2.3:a:google:chrome:1.0.154.46
  • Google Chrome 2.0.170.0
    cpe:2.3:a:google:chrome:2.0.170.0
  • Google Chrome 0.2.152.1
    cpe:2.3:a:google:chrome:0.2.152.1
  • cpe:2.3:a:google:chrome:2.0.158.0
  • cpe:2.3:a:google:chrome:2.0.169.0
  • Google Chrome 2.0.159.0
    cpe:2.3:a:google:chrome:2.0.159.0
  • Google Chrome 0.4.154.31
    cpe:2.3:a:google:chrome:0.4.154.31
  • Google Chrome 0.4.154.22
    cpe:2.3:a:google:chrome:0.4.154.22
  • Google Chrome 1.0.154.39
    cpe:2.3:a:google:chrome:1.0.154.39
  • Google Chrome 0.4.154.33
    cpe:2.3:a:google:chrome:0.4.154.33
  • Google Chrome 0.2.149.27
    cpe:2.3:a:google:chrome:0.2.149.27
  • Google Chrome 1.0.154.42
    cpe:2.3:a:google:chrome:1.0.154.42
  • Google Chrome 1.0.154.65
    cpe:2.3:a:google:chrome:1.0.154.65
  • cpe:2.3:a:google:chrome:2.0.172.37
  • cpe:2.3:a:google:chrome:0.2.149.29
  • cpe:2.3:a:google:chrome:0.2.149.30
  • cpe:2.3:a:google:chrome:1.0.154.52
  • cpe:2.3:a:google:chrome:4.0.249.60
  • Google Chrome 4.0.249.78
    cpe:2.3:a:google:chrome:4.0.249.78
  • Google Chrome 4.0.249.78:beta
    cpe:2.3:a:google:chrome:4.0.249.78:beta
  • cpe:2.3:a:google:chrome:4.0.249.89
  • Google Chrome 4.0.249.21
    cpe:2.3:a:google:chrome:4.0.249.21
  • Google Chrome 4.0.249.22
    cpe:2.3:a:google:chrome:4.0.249.22
  • Google Chrome 4.0.249.23
    cpe:2.3:a:google:chrome:4.0.249.23
  • Google Chrome 4.0.249.24
    cpe:2.3:a:google:chrome:4.0.249.24
  • Google Chrome 4.0.249.25
    cpe:2.3:a:google:chrome:4.0.249.25
  • Google Chrome 4.0.249.26
    cpe:2.3:a:google:chrome:4.0.249.26
  • Google Chrome 4.0.249.27
    cpe:2.3:a:google:chrome:4.0.249.27
  • Google Chrome 4.0.249.28
    cpe:2.3:a:google:chrome:4.0.249.28
  • cpe:2.3:a:google:chrome:4.0.249.29
  • cpe:2.3:a:google:chrome:4.0.249.30
  • Google Chrome 4.0.249.31
    cpe:2.3:a:google:chrome:4.0.249.31
  • Google Chrome 4.0.249.32
    cpe:2.3:a:google:chrome:4.0.249.32
  • Google Chrome 4.0.249.33
    cpe:2.3:a:google:chrome:4.0.249.33
  • Google Chrome 4.0.249.34
    cpe:2.3:a:google:chrome:4.0.249.34
  • Google Chrome 4.0.249.35
    cpe:2.3:a:google:chrome:4.0.249.35
  • Google Chrome 4.0.249.36
    cpe:2.3:a:google:chrome:4.0.249.36
  • Google Chrome 4.0.249.19
    cpe:2.3:a:google:chrome:4.0.249.19
  • Google Chrome 4.0.249.20
    cpe:2.3:a:google:chrome:4.0.249.20
  • Google Chrome 4.0.249.2
    cpe:2.3:a:google:chrome:4.0.249.2
  • cpe:2.3:a:google:chrome:4.0.249.52
  • Google Chrome 4.0.249.53
    cpe:2.3:a:google:chrome:4.0.249.53
  • cpe:2.3:a:google:chrome:4.0.249.50
  • Google Chrome 4.0.249.51
    cpe:2.3:a:google:chrome:4.0.249.51
  • Google Chrome 4.0.249.56
    cpe:2.3:a:google:chrome:4.0.249.56
  • cpe:2.3:a:google:chrome:4.0.249.57
  • Google Chrome 4.0.249.54
    cpe:2.3:a:google:chrome:4.0.249.54
  • cpe:2.3:a:google:chrome:4.0.249.55
  • cpe:2.3:a:google:chrome:4.0.249.6
  • Google Chrome 4.0.249.61
    cpe:2.3:a:google:chrome:4.0.249.61
  • cpe:2.3:a:google:chrome:4.0.249.58
  • Google Chrome 4.0.249.59
    cpe:2.3:a:google:chrome:4.0.249.59
  • Google Chrome 4.0.249.64
    cpe:2.3:a:google:chrome:4.0.249.64
  • cpe:2.3:a:google:chrome:4.0.249.65
  • Google Chrome 4.0.249.62
    cpe:2.3:a:google:chrome:4.0.249.62
  • Google Chrome 4.0.249.63
    cpe:2.3:a:google:chrome:4.0.249.63
  • Google Chrome 4.0.249.3
    cpe:2.3:a:google:chrome:4.0.249.3
  • cpe:2.3:a:google:chrome:4.0.249.39
  • Google Chrome 4.0.249.38
    cpe:2.3:a:google:chrome:4.0.249.38
  • cpe:2.3:a:google:chrome:4.0.249.37
  • Google Chrome 4.0.249.42
    cpe:2.3:a:google:chrome:4.0.249.42
  • Google Chrome 4.0.249.41
    cpe:2.3:a:google:chrome:4.0.249.41
  • cpe:2.3:a:google:chrome:4.0.249.40
  • Google Chrome 4.0.249.4
    cpe:2.3:a:google:chrome:4.0.249.4
  • Google Chrome 4.0.249.46
    cpe:2.3:a:google:chrome:4.0.249.46
  • Google Chrome 4.0.249.45
    cpe:2.3:a:google:chrome:4.0.249.45
  • cpe:2.3:a:google:chrome:4.0.249.44
  • Google Chrome 4.0.249.43
    cpe:2.3:a:google:chrome:4.0.249.43
  • Google Chrome 4.0.249.5
    cpe:2.3:a:google:chrome:4.0.249.5
  • Google Chrome 4.0.249.49
    cpe:2.3:a:google:chrome:4.0.249.49
  • cpe:2.3:a:google:chrome:4.0.249.48
  • cpe:2.3:a:google:chrome:4.0.249.47
  • Google Chrome 4.0.250.2
    cpe:2.3:a:google:chrome:4.0.250.2
  • cpe:2.3:a:google:chrome:4.0.251.0
  • Google Chrome 4.0.252.0
    cpe:2.3:a:google:chrome:4.0.252.0
  • Google Chrome 4.0.254.0
    cpe:2.3:a:google:chrome:4.0.254.0
  • Google Chrome 4.0.249.80
    cpe:2.3:a:google:chrome:4.0.249.80
  • cpe:2.3:a:google:chrome:4.0.249.81
  • Google Chrome 4.0.249.82
    cpe:2.3:a:google:chrome:4.0.249.82
  • cpe:2.3:a:google:chrome:4.0.250.0
  • Google Chrome 4.0.259.0
    cpe:2.3:a:google:chrome:4.0.259.0
  • Google Chrome 4.0.260.0
    cpe:2.3:a:google:chrome:4.0.260.0
  • cpe:2.3:a:google:chrome:4.0.261.0
  • cpe:2.3:a:google:chrome:4.0.262.0
  • cpe:2.3:a:google:chrome:4.0.255.0
  • cpe:2.3:a:google:chrome:4.0.256.0
  • cpe:2.3:a:google:chrome:4.0.257.0
  • Google Chrome 4.0.258.0
    cpe:2.3:a:google:chrome:4.0.258.0
  • cpe:2.3:a:google:chrome:4.0.249.70
  • Google Chrome 4.0.249.7
    cpe:2.3:a:google:chrome:4.0.249.7
  • cpe:2.3:a:google:chrome:4.0.249.72
  • Google Chrome 4.0.249.71
    cpe:2.3:a:google:chrome:4.0.249.71
  • Google Chrome 4.0.249.67
    cpe:2.3:a:google:chrome:4.0.249.67
  • cpe:2.3:a:google:chrome:4.0.249.66
  • cpe:2.3:a:google:chrome:4.0.249.69
  • cpe:2.3:a:google:chrome:4.0.249.68
  • Google Chrome 4.0.249.79
    cpe:2.3:a:google:chrome:4.0.249.79
  • cpe:2.3:a:google:chrome:4.0.249.77
  • Google Chrome 4.0.249.8
    cpe:2.3:a:google:chrome:4.0.249.8
  • Google Chrome 4.0.249.9
    cpe:2.3:a:google:chrome:4.0.249.9
  • Google Chrome 4.0.249.74
    cpe:2.3:a:google:chrome:4.0.249.74
  • Google Chrome 4.0.249.73
    cpe:2.3:a:google:chrome:4.0.249.73
  • Google Chrome 4.0.249.76
    cpe:2.3:a:google:chrome:4.0.249.76
  • cpe:2.3:a:google:chrome:4.0.249.75
  • cpe:2.3:a:google:chrome:4.0.271.0
  • Google Chrome 4.0.269.0
    cpe:2.3:a:google:chrome:4.0.269.0
  • cpe:2.3:a:google:chrome:4.0.268.0
  • Google Chrome 4.0.267.0
    cpe:2.3:a:google:chrome:4.0.267.0
  • Google Chrome 4.0.266.0
    cpe:2.3:a:google:chrome:4.0.266.0
  • Google Chrome 4.0.265.0
    cpe:2.3:a:google:chrome:4.0.265.0
  • cpe:2.3:a:google:chrome:4.0.264.0
  • cpe:2.3:a:google:chrome:4.0.263.0
  • cpe:2.3:a:google:chrome:4.0.277.0
  • Google Chrome 4.0.276.0
    cpe:2.3:a:google:chrome:4.0.276.0
  • cpe:2.3:a:google:chrome:4.0.275.1
  • Google Chrome 4.0.275.0
    cpe:2.3:a:google:chrome:4.0.275.0
  • Google Chrome 4.0.272.0
    cpe:2.3:a:google:chrome:4.0.272.0
  • cpe:2.3:a:google:chrome:5.0.307.5
  • Google Chrome 4.1.249.1056
    cpe:2.3:a:google:chrome:4.1.249.1056
  • Google Chrome 5.0.307.4
    cpe:2.3:a:google:chrome:5.0.307.4
  • cpe:2.3:a:google:chrome:4.1.249.1055
  • Google Chrome 5.0.307.7
    cpe:2.3:a:google:chrome:5.0.307.7
  • Google Chrome 4.1.249.1058
    cpe:2.3:a:google:chrome:4.1.249.1058
  • Google Chrome 5.0.307.6
    cpe:2.3:a:google:chrome:5.0.307.6
  • cpe:2.3:a:google:chrome:4.1.249.1057
  • cpe:2.3:a:google:chrome:5.0.307.9
  • cpe:2.3:a:google:chrome:4.1.249.1052
  • cpe:2.3:a:google:chrome:5.0.307.8
  • cpe:2.3:a:google:chrome:4.1.249.1051
  • Google Chrome 5.0.309.0
    cpe:2.3:a:google:chrome:5.0.309.0
  • cpe:2.3:a:google:chrome:4.1.249.1054
  • Google Chrome 5.0.308.0
    cpe:2.3:a:google:chrome:5.0.308.0
  • cpe:2.3:a:google:chrome:4.1.249.1053
  • cpe:2.3:a:google:chrome:4.1.249.1064
  • Google Chrome 4.1.249.1044
    cpe:2.3:a:google:chrome:4.1.249.1044
  • cpe:2.3:a:google:chrome:4.1.249.1063
  • cpe:2.3:a:google:chrome:4.1.249.1043
  • Google Chrome 5.0.306.1
    cpe:2.3:a:google:chrome:5.0.306.1
  • Google Chrome 4.0.304.0
    cpe:2.3:a:google:chrome:4.0.304.0
  • Google Chrome 5.0.306.0
    cpe:2.3:a:google:chrome:5.0.306.0
  • cpe:2.3:a:google:chrome:4.0.305.0
  • cpe:2.3:a:google:chrome:5.0.307.10
  • cpe:2.3:a:google:chrome:4.1.249.1060
  • cpe:2.3:a:google:chrome:5.0.307.1
  • cpe:2.3:a:google:chrome:4.1.249.1059
  • Google Chrome 5.0.307.3
    cpe:2.3:a:google:chrome:5.0.307.3
  • cpe:2.3:a:google:chrome:4.1.249.1062
  • Google Chrome 5.0.307.11
    cpe:2.3:a:google:chrome:5.0.307.11
  • cpe:2.3:a:google:chrome:4.1.249.1061
  • cpe:2.3:a:google:chrome:4.1.249.1037
  • cpe:2.3:a:google:chrome:4.1.249.1038
  • cpe:2.3:a:google:chrome:4.1.249.1039
  • cpe:2.3:a:google:chrome:4.1.249.1040
  • Google Chrome 4.1.249.1041
    cpe:2.3:a:google:chrome:4.1.249.1041
  • cpe:2.3:a:google:chrome:4.1.249.1047
  • cpe:2.3:a:google:chrome:4.1.249.1048
  • Google Chrome 4.1.249.1049
    cpe:2.3:a:google:chrome:4.1.249.1049
  • cpe:2.3:a:google:chrome:4.1.249.1050
  • Google Chrome 4.1.249.1046
    cpe:2.3:a:google:chrome:4.1.249.1046
  • Google Chrome 4.1.249.1033
    cpe:2.3:a:google:chrome:4.1.249.1033
  • cpe:2.3:a:google:chrome:4.1.249.1034
  • cpe:2.3:a:google:chrome:4.1.249.1031
  • cpe:2.3:a:google:chrome:4.1.249.1032
  • Google Chrome 4.1.249.1042
    cpe:2.3:a:google:chrome:4.1.249.1042
  • cpe:2.3:a:google:chrome:4.1.249.1035
  • Google Chrome 4.1:beta
    cpe:2.3:a:google:chrome:4.1:beta
  • Google Chrome 4.1.249.1045
    cpe:2.3:a:google:chrome:4.1.249.1045
  • cpe:2.3:a:google:chrome:4.1.249.1036
  • cpe:2.3:a:google:chrome:5.0.313.0
  • cpe:2.3:a:google:chrome:5.0.314.0
  • Google Chrome 4.1.249.1012
    cpe:2.3:a:google:chrome:4.1.249.1012
  • cpe:2.3:a:google:chrome:4.1.249.1011
  • cpe:2.3:a:google:chrome:4.1.249.1014
  • Google Chrome 4.1.249.1013
    cpe:2.3:a:google:chrome:4.1.249.1013
  • Google Chrome 4.1.249.1008
    cpe:2.3:a:google:chrome:4.1.249.1008
  • Google Chrome 4.1.249.1007
    cpe:2.3:a:google:chrome:4.1.249.1007
  • cpe:2.3:a:google:chrome:4.1.249.1010
  • cpe:2.3:a:google:chrome:4.1.249.1009
  • cpe:2.3:a:google:chrome:4.1.249.1001
  • Google Chrome 4.1.249.0
    cpe:2.3:a:google:chrome:4.1.249.0
  • Google Chrome 4.1.249.1006
    cpe:2.3:a:google:chrome:4.1.249.1006
  • cpe:2.3:a:google:chrome:4.1.249.1004
  • cpe:2.3:a:google:chrome:4.1.249.1027
  • Google Chrome 4.1.249.1028
    cpe:2.3:a:google:chrome:4.1.249.1028
  • Google Chrome 4.1.249.1029
    cpe:2.3:a:google:chrome:4.1.249.1029
  • Google Chrome 4.1.249.1030
    cpe:2.3:a:google:chrome:4.1.249.1030
  • cpe:2.3:a:google:chrome:4.1.249.1023
  • Google Chrome 4.1.249.1024
    cpe:2.3:a:google:chrome:4.1.249.1024
  • cpe:2.3:a:google:chrome:4.1.249.1025
  • cpe:2.3:a:google:chrome:4.1.249.1026
  • cpe:2.3:a:google:chrome:4.1.249.1019
  • Google Chrome 4.1.249.1020
    cpe:2.3:a:google:chrome:4.1.249.1020
  • cpe:2.3:a:google:chrome:4.1.249.1021
  • cpe:2.3:a:google:chrome:4.1.249.1022
  • cpe:2.3:a:google:chrome:4.1.249.1015
  • Google Chrome 4.1.249.1016
    cpe:2.3:a:google:chrome:4.1.249.1016
  • Google Chrome 4.1.249.1017
    cpe:2.3:a:google:chrome:4.1.249.1017
  • cpe:2.3:a:google:chrome:4.1.249.1018
  • cpe:2.3:a:google:chrome:4.0.295.0
  • Google Chrome 4.0.296.0
    cpe:2.3:a:google:chrome:4.0.296.0
  • cpe:2.3:a:google:chrome:4.0.292.0
  • cpe:2.3:a:google:chrome:4.0.294.0
  • cpe:2.3:a:google:chrome:4.0.289.0
  • Google Chrome 4.0.290.0
    cpe:2.3:a:google:chrome:4.0.290.0
  • cpe:2.3:a:google:chrome:4.0.288.0
  • Google Chrome 4.0.288.1
    cpe:2.3:a:google:chrome:4.0.288.1
  • Google Chrome 4.0.302.3
    cpe:2.3:a:google:chrome:4.0.302.3
  • cpe:2.3:a:google:chrome:4.0.303.0
  • cpe:2.3:a:google:chrome:4.0.302.1
  • Google Chrome 4.0.302.2
    cpe:2.3:a:google:chrome:4.0.302.2
  • Google Chrome 4.0.301.0
    cpe:2.3:a:google:chrome:4.0.301.0
  • cpe:2.3:a:google:chrome:4.0.302.0
  • cpe:2.3:a:google:chrome:4.0.299.0
  • Google Chrome 4.0.300.0
    cpe:2.3:a:google:chrome:4.0.300.0
  • Google Chrome 4.0.287.0
    cpe:2.3:a:google:chrome:4.0.287.0
  • Google Chrome 4.0.286.0
    cpe:2.3:a:google:chrome:4.0.286.0
  • cpe:2.3:a:google:chrome:4.0.278.0
  • Google Chrome 5.0.356.0
    cpe:2.3:a:google:chrome:5.0.356.0
  • Google Chrome 5.0.355.0
    cpe:2.3:a:google:chrome:5.0.355.0
  • cpe:2.3:a:google:chrome:5.0.356.2
  • cpe:2.3:a:google:chrome:5.0.356.1
  • Google Chrome 5.0.353.0
    cpe:2.3:a:google:chrome:5.0.353.0
  • Google Chrome 5.0.351.0
    cpe:2.3:a:google:chrome:5.0.351.0
  • Google Chrome 5.0.354.1
    cpe:2.3:a:google:chrome:5.0.354.1
  • cpe:2.3:a:google:chrome:5.0.354.0
  • Google Chrome 5.0.349.0
    cpe:2.3:a:google:chrome:5.0.349.0
  • cpe:2.3:a:google:chrome:5.0.348.0
  • cpe:2.3:a:google:chrome:5.0.350.1
  • cpe:2.3:a:google:chrome:5.0.350.0
  • Google Chrome 5.0.345.0
    cpe:2.3:a:google:chrome:5.0.345.0
  • cpe:2.3:a:google:chrome:5.0.344.0
  • Google Chrome 5.0.347.0
    cpe:2.3:a:google:chrome:5.0.347.0
  • Google Chrome 5.0.346.0
    cpe:2.3:a:google:chrome:5.0.346.0
  • Google Chrome 5.0.342.7
    cpe:2.3:a:google:chrome:5.0.342.7
  • cpe:2.3:a:google:chrome:5.0.342.8
  • cpe:2.3:a:google:chrome:5.0.342.9
  • Google Chrome 5.0.343.0
    cpe:2.3:a:google:chrome:5.0.343.0
  • Google Chrome 5.0.342.3
    cpe:2.3:a:google:chrome:5.0.342.3
  • Google Chrome 5.0.342.4
    cpe:2.3:a:google:chrome:5.0.342.4
  • Google Chrome 5.0.342.5
    cpe:2.3:a:google:chrome:5.0.342.5
  • cpe:2.3:a:google:chrome:5.0.342.6
  • Google Chrome 5.0.341.0
    cpe:2.3:a:google:chrome:5.0.341.0
  • cpe:2.3:a:google:chrome:5.0.342.0
  • cpe:2.3:a:google:chrome:5.0.342.1
  • cpe:2.3:a:google:chrome:5.0.342.2
  • Google Chrome 5.0.337.0
    cpe:2.3:a:google:chrome:5.0.337.0
  • Google Chrome 5.0.338.0
    cpe:2.3:a:google:chrome:5.0.338.0
  • Google Chrome 5.0.339.0
    cpe:2.3:a:google:chrome:5.0.339.0
  • Google Chrome 5.0.340.0
    cpe:2.3:a:google:chrome:5.0.340.0
  • Google Chrome 5.0.336.0
    cpe:2.3:a:google:chrome:5.0.336.0
  • cpe:2.3:a:google:chrome:5.0.375.125
  • cpe:2.3:a:google:chrome:5.0.335.4
  • cpe:2.3:a:google:chrome:5.0.335.3
  • cpe:2.3:a:google:chrome:5.0.335.2
  • cpe:2.3:a:google:chrome:5.0.335.1
  • cpe:2.3:a:google:chrome:5.0.335.0
  • cpe:2.3:a:google:chrome:5.0.334.0
  • cpe:2.3:a:google:chrome:5.0.333.0
  • Google Chrome 5.0.332.0
    cpe:2.3:a:google:chrome:5.0.332.0
  • Google Chrome 5.0.330.0
    cpe:2.3:a:google:chrome:5.0.330.0
  • cpe:2.3:a:google:chrome:5.0.329.0
  • cpe:2.3:a:google:chrome:5.0.328.0
  • Google Chrome 5.0.327.0
    cpe:2.3:a:google:chrome:5.0.327.0
  • cpe:2.3:a:google:chrome:5.0.326.0
  • Google Chrome 5.0.325.0
    cpe:2.3:a:google:chrome:5.0.325.0
  • cpe:2.3:a:google:chrome:5.0.324.0
  • Google Chrome 5.0.322.2
    cpe:2.3:a:google:chrome:5.0.322.2
  • Google Chrome 5.0.323.0
    cpe:2.3:a:google:chrome:5.0.323.0
  • cpe:2.3:a:google:chrome:5.0.322.0
  • cpe:2.3:a:google:chrome:5.0.322.1
  • Google Chrome 5.0.320.0
    cpe:2.3:a:google:chrome:5.0.320.0
  • cpe:2.3:a:google:chrome:5.0.321.0
  • cpe:2.3:a:google:chrome:5.0.318.0
  • cpe:2.3:a:google:chrome:5.0.319.0
  • Google Chrome 5.0.317.1
    cpe:2.3:a:google:chrome:5.0.317.1
  • Google Chrome 5.0.317.2
    cpe:2.3:a:google:chrome:5.0.317.2
  • Google Chrome 5.0.316.0
    cpe:2.3:a:google:chrome:5.0.316.0
  • Google Chrome 5.0.317.0
    cpe:2.3:a:google:chrome:5.0.317.0
  • Google Chrome 5.0.314.1
    cpe:2.3:a:google:chrome:5.0.314.1
  • cpe:2.3:a:google:chrome:5.0.315.0
  • cpe:2.3:a:google:chrome:5.0.375.12
  • cpe:2.3:a:google:chrome:5.0.375.11
  • Google Chrome 5.0.375.10
    cpe:2.3:a:google:chrome:5.0.375.10
  • Google Chrome 5.0.375.15
    cpe:2.3:a:google:chrome:5.0.375.15
  • Google Chrome 5.0.375.14
    cpe:2.3:a:google:chrome:5.0.375.14
  • Google Chrome 5.0.375.13
    cpe:2.3:a:google:chrome:5.0.375.13
  • cpe:2.3:a:google:chrome:5.0.375.127
  • cpe:2.3:a:google:chrome:5.0.375.126
  • Google Chrome 5.0.358.0
    cpe:2.3:a:google:chrome:5.0.358.0
  • cpe:2.3:a:google:chrome:5.0.357.0
  • cpe:2.3:a:google:chrome:5.0.360.0
  • Google Chrome 5.0.359.0
    cpe:2.3:a:google:chrome:5.0.359.0
  • cpe:2.3:a:google:chrome:5.0.360.4
  • cpe:2.3:a:google:chrome:5.0.360.3
  • Google Chrome 5.0.361.0
    cpe:2.3:a:google:chrome:5.0.361.0
  • cpe:2.3:a:google:chrome:5.0.360.5
  • cpe:2.3:a:google:chrome:5.0.363.0
  • Google Chrome 5.0.362.0
    cpe:2.3:a:google:chrome:5.0.362.0
  • Google Chrome 5.0.365.0
    cpe:2.3:a:google:chrome:5.0.365.0
  • cpe:2.3:a:google:chrome:5.0.364.0
  • cpe:2.3:a:google:chrome:5.0.366.1
  • Google Chrome 5.0.366.0
    cpe:2.3:a:google:chrome:5.0.366.0
  • Google Chrome 5.0.366.3
    cpe:2.3:a:google:chrome:5.0.366.3
  • Google Chrome 5.0.366.2
    cpe:2.3:a:google:chrome:5.0.366.2
  • cpe:2.3:a:google:chrome:5.0.366.4
  • Google Chrome 5.0.367.0
    cpe:2.3:a:google:chrome:5.0.367.0
  • Google Chrome 5.0.368.0
    cpe:2.3:a:google:chrome:5.0.368.0
  • Google Chrome 5.0.369.0
    cpe:2.3:a:google:chrome:5.0.369.0
  • Google Chrome 5.0.369.1
    cpe:2.3:a:google:chrome:5.0.369.1
  • Google Chrome 5.0.369.2
    cpe:2.3:a:google:chrome:5.0.369.2
  • cpe:2.3:a:google:chrome:5.0.370.0
  • Google Chrome 5.0.371.0
    cpe:2.3:a:google:chrome:5.0.371.0
  • Google Chrome 5.0.372.0
    cpe:2.3:a:google:chrome:5.0.372.0
  • Google Chrome 5.0.373.0
    cpe:2.3:a:google:chrome:5.0.373.0
  • cpe:2.3:a:google:chrome:5.0.374.0
  • Google Chrome 5.0.375.0
    cpe:2.3:a:google:chrome:5.0.375.0
  • cpe:2.3:a:google:chrome:5.0.375.1
  • cpe:2.3:a:google:chrome:5.0.375.84
  • cpe:2.3:a:google:chrome:5.0.375.85
  • Google Chrome 5.0.375.86
    cpe:2.3:a:google:chrome:5.0.375.86
  • Google Chrome 5.0.375.87
    cpe:2.3:a:google:chrome:5.0.375.87
  • Google Chrome 5.0.375.80
    cpe:2.3:a:google:chrome:5.0.375.80
  • Google Chrome 5.0.375.81
    cpe:2.3:a:google:chrome:5.0.375.81
  • cpe:2.3:a:google:chrome:5.0.375.82
  • cpe:2.3:a:google:chrome:5.0.375.83
  • Google Chrome 5.0.375.76
    cpe:2.3:a:google:chrome:5.0.375.76
  • Google Chrome 5.0.375.77
    cpe:2.3:a:google:chrome:5.0.375.77
  • Google Chrome 5.0.375.78
    cpe:2.3:a:google:chrome:5.0.375.78
  • cpe:2.3:a:google:chrome:5.0.375.79
  • cpe:2.3:a:google:chrome:5.0.375.72
  • cpe:2.3:a:google:chrome:5.0.375.73
  • cpe:2.3:a:google:chrome:5.0.375.74
  • cpe:2.3:a:google:chrome:5.0.375.75
  • Google Chrome 5.0.375.54
    cpe:2.3:a:google:chrome:5.0.375.54
  • cpe:2.3:a:google:chrome:5.0.375.97
  • cpe:2.3:a:google:chrome:5.0.375.96
  • Google Chrome 5.0.375.99
    cpe:2.3:a:google:chrome:5.0.375.99
  • Google Chrome 5.0.375.98
    cpe:2.3:a:google:chrome:5.0.375.98
  • Google Chrome 5.0.375.93
    cpe:2.3:a:google:chrome:5.0.375.93
  • cpe:2.3:a:google:chrome:5.0.375.92
  • cpe:2.3:a:google:chrome:5.0.375.95
  • cpe:2.3:a:google:chrome:5.0.375.94
  • cpe:2.3:a:google:chrome:5.0.375.89
  • Google Chrome 5.0.375.88
    cpe:2.3:a:google:chrome:5.0.375.88
  • Google Chrome 5.0.375.91
    cpe:2.3:a:google:chrome:5.0.375.91
  • Google Chrome 5.0.375.90
    cpe:2.3:a:google:chrome:5.0.375.90
  • cpe:2.3:a:google:chrome:5.0.375.71
  • Google Chrome 5.0.375.50
    cpe:2.3:a:google:chrome:5.0.375.50
  • cpe:2.3:a:google:chrome:5.0.375.70
  • cpe:2.3:a:google:chrome:5.0.375.51
  • Google Chrome 5.0.375.52
    cpe:2.3:a:google:chrome:5.0.375.52
  • Google Chrome 5.0.375.53
    cpe:2.3:a:google:chrome:5.0.375.53
  • cpe:2.3:a:google:chrome:5.0.375.46
  • cpe:2.3:a:google:chrome:5.0.375.47
  • Google Chrome 5.0.375.48
    cpe:2.3:a:google:chrome:5.0.375.48
  • cpe:2.3:a:google:chrome:5.0.375.49
  • cpe:2.3:a:google:chrome:5.0.375.42
  • Google Chrome 5.0.375.43
    cpe:2.3:a:google:chrome:5.0.375.43
  • Google Chrome 5.0.375.44
    cpe:2.3:a:google:chrome:5.0.375.44
  • Google Chrome 5.0.375.45
    cpe:2.3:a:google:chrome:5.0.375.45
  • Google Chrome 5.0.375.39
    cpe:2.3:a:google:chrome:5.0.375.39
  • Google Chrome 5.0.375.40
    cpe:2.3:a:google:chrome:5.0.375.40
  • Google Chrome 5.0.375.41
    cpe:2.3:a:google:chrome:5.0.375.41
  • Google Chrome 5.0.375.8
    cpe:2.3:a:google:chrome:5.0.375.8
  • Google Chrome 5.0.375.7
    cpe:2.3:a:google:chrome:5.0.375.7
  • Google Chrome 5.0.375.6
    cpe:2.3:a:google:chrome:5.0.375.6
  • Google Chrome 5.0.375.5
    cpe:2.3:a:google:chrome:5.0.375.5
  • Google Chrome 5.0.375.9
    cpe:2.3:a:google:chrome:5.0.375.9
  • Google Chrome 5.0.375.16
    cpe:2.3:a:google:chrome:5.0.375.16
  • Google Chrome 5.0.375.20
    cpe:2.3:a:google:chrome:5.0.375.20
  • cpe:2.3:a:google:chrome:5.0.375.19
  • cpe:2.3:a:google:chrome:5.0.375.18
  • cpe:2.3:a:google:chrome:5.0.375.17
  • cpe:2.3:a:google:chrome:5.0.375.23
  • cpe:2.3:a:google:chrome:5.0.375.25
  • Google Chrome 5.0.375.21
    cpe:2.3:a:google:chrome:5.0.375.21
  • cpe:2.3:a:google:chrome:5.0.375.22
  • cpe:2.3:a:google:chrome:5.0.375.28
  • Google Chrome 5.0.375.29
    cpe:2.3:a:google:chrome:5.0.375.29
  • Google Chrome 5.0.375.26
    cpe:2.3:a:google:chrome:5.0.375.26
  • cpe:2.3:a:google:chrome:5.0.375.27
  • Google Chrome 5.0.375.32
    cpe:2.3:a:google:chrome:5.0.375.32
  • Google Chrome 5.0.375.33
    cpe:2.3:a:google:chrome:5.0.375.33
  • cpe:2.3:a:google:chrome:5.0.375.30
  • Google Chrome 5.0.375.31
    cpe:2.3:a:google:chrome:5.0.375.31
  • cpe:2.3:a:google:chrome:5.0.375.36
  • cpe:2.3:a:google:chrome:5.0.375.37
  • cpe:2.3:a:google:chrome:5.0.375.34
  • cpe:2.3:a:google:chrome:5.0.375.35
  • Google Chrome 5.0.375.65
    cpe:2.3:a:google:chrome:5.0.375.65
  • Google Chrome 5.0.375.66
    cpe:2.3:a:google:chrome:5.0.375.66
  • cpe:2.3:a:google:chrome:5.0.375.63
  • cpe:2.3:a:google:chrome:5.0.375.64
  • cpe:2.3:a:google:chrome:5.0.375.69
  • cpe:2.3:a:google:chrome:5.0.375.2
  • cpe:2.3:a:google:chrome:5.0.375.67
  • Google Chrome 5.0.375.3
    cpe:2.3:a:google:chrome:5.0.375.3
  • cpe:2.3:a:google:chrome:5.0.375.68
  • Google Chrome 5.0.375.4
    cpe:2.3:a:google:chrome:5.0.375.4
  • Google Chrome 5.0.375.60
    cpe:2.3:a:google:chrome:5.0.375.60
  • cpe:2.3:a:google:chrome:5.0.375.59
  • cpe:2.3:a:google:chrome:5.0.375.62
  • Google Chrome 5.0.375.61
    cpe:2.3:a:google:chrome:5.0.375.61
  • Google Chrome 5.0.375.56
    cpe:2.3:a:google:chrome:5.0.375.56
  • Google Chrome 5.0.375.55
    cpe:2.3:a:google:chrome:5.0.375.55
  • Google Chrome 5.0.375.58
    cpe:2.3:a:google:chrome:5.0.375.58
  • cpe:2.3:a:google:chrome:5.0.375.57
  • Google Chrome 5.0.381.0
    cpe:2.3:a:google:chrome:5.0.381.0
  • Google Chrome 5.0.380.0
    cpe:2.3:a:google:chrome:5.0.380.0
  • Google Chrome 5.0.382.3
    cpe:2.3:a:google:chrome:5.0.382.3
  • Google Chrome 5.0.382.0
    cpe:2.3:a:google:chrome:5.0.382.0
  • cpe:2.3:a:google:chrome:5.0.376.0
  • cpe:2.3:a:google:chrome:5.0.375.38
  • Google Chrome 5.0.379.0
    cpe:2.3:a:google:chrome:5.0.379.0
  • cpe:2.3:a:google:chrome:5.0.378.0
  • Google Chrome 5.0.384.0
    cpe:2.3:a:google:chrome:5.0.384.0
  • Google Chrome 5.0.383.0
    cpe:2.3:a:google:chrome:5.0.383.0
  • cpe:2.3:a:google:chrome:6.0.399.0
  • Google Chrome 6.0.400.0
    cpe:2.3:a:google:chrome:6.0.400.0
  • Google Chrome 6.0.401.0
    cpe:2.3:a:google:chrome:6.0.401.0
  • Google Chrome 6.0.405.0
    cpe:2.3:a:google:chrome:6.0.405.0
  • Google Chrome 6.0.404.2
    cpe:2.3:a:google:chrome:6.0.404.2
  • cpe:2.3:a:google:chrome:6.0.407.0
  • Google Chrome 6.0.406.0
    cpe:2.3:a:google:chrome:6.0.406.0
  • cpe:2.3:a:google:chrome:6.0.403.0
  • cpe:2.3:a:google:chrome:6.0.401.1
  • Google Chrome 6.0.404.1
    cpe:2.3:a:google:chrome:6.0.404.1
  • Google Chrome 6.0.404.0
    cpe:2.3:a:google:chrome:6.0.404.0
  • cpe:2.3:a:google:chrome:6.0.408.4
  • cpe:2.3:a:google:chrome:6.0.408.3
  • Google Chrome 6.0.408.6
    cpe:2.3:a:google:chrome:6.0.408.6
  • Google Chrome 6.0.408.5
    cpe:2.3:a:google:chrome:6.0.408.5
  • Google Chrome 6.0.408.10
    cpe:2.3:a:google:chrome:6.0.408.10
  • cpe:2.3:a:google:chrome:6.0.408.0
  • Google Chrome 6.0.408.2
    cpe:2.3:a:google:chrome:6.0.408.2
  • cpe:2.3:a:google:chrome:6.0.408.1
  • cpe:2.3:a:google:chrome:6.0.412.0
  • Google Chrome 6.0.413.0
    cpe:2.3:a:google:chrome:6.0.413.0
  • Google Chrome 6.0.410.0
    cpe:2.3:a:google:chrome:6.0.410.0
  • cpe:2.3:a:google:chrome:6.0.411.0
  • cpe:2.3:a:google:chrome:6.0.408.9
  • Google Chrome 6.0.409.0
    cpe:2.3:a:google:chrome:6.0.409.0
  • cpe:2.3:a:google:chrome:6.0.408.7
  • cpe:2.3:a:google:chrome:6.0.408.8
  • Google Chrome 6.0.418.0
    cpe:2.3:a:google:chrome:6.0.418.0
  • Google Chrome 6.0.418.1
    cpe:2.3:a:google:chrome:6.0.418.1
  • Google Chrome 6.0.416.1
    cpe:2.3:a:google:chrome:6.0.416.1
  • cpe:2.3:a:google:chrome:6.0.417.0
  • Google Chrome 6.0.415.1
    cpe:2.3:a:google:chrome:6.0.415.1
  • Google Chrome 6.0.416.0
    cpe:2.3:a:google:chrome:6.0.416.0
  • cpe:2.3:a:google:chrome:6.0.414.0
  • Google Chrome 6.0.415.0
    cpe:2.3:a:google:chrome:6.0.415.0
  • cpe:2.3:a:google:chrome:6.0.418.9
  • cpe:2.3:a:google:chrome:6.0.418.8
  • cpe:2.3:a:google:chrome:6.0.418.7
  • cpe:2.3:a:google:chrome:6.0.418.6
  • Google Chrome 6.0.418.5
    cpe:2.3:a:google:chrome:6.0.418.5
  • Google Chrome 6.0.418.4
    cpe:2.3:a:google:chrome:6.0.418.4
  • cpe:2.3:a:google:chrome:6.0.418.3
  • Google Chrome 6.0.418.2
    cpe:2.3:a:google:chrome:6.0.418.2
  • Google Chrome 6.0.427.0
    cpe:2.3:a:google:chrome:6.0.427.0
  • cpe:2.3:a:google:chrome:6.0.426.0
  • Google Chrome 6.0.425.0
    cpe:2.3:a:google:chrome:6.0.425.0
  • Google Chrome 6.0.424.0
    cpe:2.3:a:google:chrome:6.0.424.0
  • cpe:2.3:a:google:chrome:6.0.423.0
  • Google Chrome 6.0.422.0
    cpe:2.3:a:google:chrome:6.0.422.0
  • Google Chrome 6.0.421.0
    cpe:2.3:a:google:chrome:6.0.421.0
  • Google Chrome 6.0.419.0
    cpe:2.3:a:google:chrome:6.0.419.0
  • cpe:2.3:a:google:chrome:6.0.450.2
  • Google Chrome 6.0.450.3
    cpe:2.3:a:google:chrome:6.0.450.3
  • cpe:2.3:a:google:chrome:6.0.450.0
  • Google Chrome 6.0.450.1
    cpe:2.3:a:google:chrome:6.0.450.1
  • cpe:2.3:a:google:chrome:6.0.452.0
  • cpe:2.3:a:google:chrome:6.0.452.1
  • Google Chrome 6.0.450.4
    cpe:2.3:a:google:chrome:6.0.450.4
  • Google Chrome 6.0.451.0
    cpe:2.3:a:google:chrome:6.0.451.0
  • Google Chrome 6.0.445.1
    cpe:2.3:a:google:chrome:6.0.445.1
  • cpe:2.3:a:google:chrome:6.0.446.0
  • Google Chrome 6.0.444.0
    cpe:2.3:a:google:chrome:6.0.444.0
  • Google Chrome 6.0.445.0
    cpe:2.3:a:google:chrome:6.0.445.0
  • cpe:2.3:a:google:chrome:6.0.447.2
  • cpe:2.3:a:google:chrome:6.0.449.0
  • cpe:2.3:a:google:chrome:6.0.447.0
  • cpe:2.3:a:google:chrome:6.0.447.1
  • Google Chrome 6.0.437.3
    cpe:2.3:a:google:chrome:6.0.437.3
  • cpe:2.3:a:google:chrome:6.0.437.2
  • Google Chrome 6.0.437.1
    cpe:2.3:a:google:chrome:6.0.437.1
  • cpe:2.3:a:google:chrome:6.0.437.0
  • Google Chrome 6.0.443.0
    cpe:2.3:a:google:chrome:6.0.443.0
  • Google Chrome 6.0.441.0
    cpe:2.3:a:google:chrome:6.0.441.0
  • Google Chrome 6.0.440.0
    cpe:2.3:a:google:chrome:6.0.440.0
  • Google Chrome 6.0.438.0
    cpe:2.3:a:google:chrome:6.0.438.0
  • cpe:2.3:a:google:chrome:6.0.432.0
  • cpe:2.3:a:google:chrome:6.0.431.0
  • Google Chrome 6.0.430.0
    cpe:2.3:a:google:chrome:6.0.430.0
  • Google Chrome 6.0.428.0
    cpe:2.3:a:google:chrome:6.0.428.0
  • cpe:2.3:a:google:chrome:6.0.436.0
  • cpe:2.3:a:google:chrome:6.0.435.0
  • Google Chrome 6.0.434.0
    cpe:2.3:a:google:chrome:6.0.434.0
  • Google Chrome 6.0.433.0
    cpe:2.3:a:google:chrome:6.0.433.0
  • cpe:2.3:a:google:chrome:6.0.453.1
  • cpe:2.3:a:google:chrome:6.0.453.0
  • Google Chrome 5.0.390.0
    cpe:2.3:a:google:chrome:5.0.390.0
  • cpe:2.3:a:google:chrome:5.0.387.0
  • Google Chrome 5.0.392.0
    cpe:2.3:a:google:chrome:5.0.392.0
  • cpe:2.3:a:google:chrome:5.0.391.0
  • Google Chrome 5.0.386.0
    cpe:2.3:a:google:chrome:5.0.386.0
  • Google Chrome 5.0.385.0
    cpe:2.3:a:google:chrome:5.0.385.0
  • Google Chrome 6.0.397.0
    cpe:2.3:a:google:chrome:6.0.397.0
  • Google Chrome 6.0.398.0
    cpe:2.3:a:google:chrome:6.0.398.0
  • cpe:2.3:a:google:chrome:5.0.393.0
  • Google Chrome 5.0.394.0
    cpe:2.3:a:google:chrome:5.0.394.0
  • cpe:2.3:a:google:chrome:5.0.395.0
  • cpe:2.3:a:google:chrome:5.0.396.0
  • cpe:2.3:a:google:chrome:7.0.517.40
  • cpe:2.3:a:google:chrome:7.0.517.41
  • cpe:2.3:a:google:chrome:7.0.517.42
  • cpe:2.3:a:google:chrome:7.0.517.43
  • Google Chrome 7.0.517.44
    cpe:2.3:a:google:chrome:7.0.517.44
  • cpe:2.3:a:google:chrome:7.0.518.0
  • Google Chrome 7.0.519.0
    cpe:2.3:a:google:chrome:7.0.519.0
  • Google Chrome 7.0.520.0
    cpe:2.3:a:google:chrome:7.0.520.0
  • Google Chrome 7.0.521.0
    cpe:2.3:a:google:chrome:7.0.521.0
  • Google Chrome 7.0.522.0
    cpe:2.3:a:google:chrome:7.0.522.0
  • Google Chrome 7.0.524.0
    cpe:2.3:a:google:chrome:7.0.524.0
  • cpe:2.3:a:google:chrome:7.0.525.0
  • cpe:2.3:a:google:chrome:7.0.526.0
  • cpe:2.3:a:google:chrome:7.0.528.0
  • cpe:2.3:a:google:chrome:7.0.529.0
  • cpe:2.3:a:google:chrome:7.0.529.1
  • Google Chrome 7.0.5209.2
    cpe:2.3:a:google:chrome:7.0.529.2
  • cpe:2.3:a:google:chrome:7.0.530.0
  • cpe:2.3:a:google:chrome:7.0.531.0
  • Google Chrome 7.0.5231.1
    cpe:2.3:a:google:chrome:7.0.531.1
  • cpe:2.3:a:google:chrome:7.0.531.2
  • cpe:2.3:a:google:chrome:7.0.535.1
  • cpe:2.3:a:google:chrome:7.0.535.2
  • Google Chrome 7.0.536.0
    cpe:2.3:a:google:chrome:7.0.536.0
  • Google Chrome 7.0.536.1
    cpe:2.3:a:google:chrome:7.0.536.1
  • cpe:2.3:a:google:chrome:7.0.536.2
  • cpe:2.3:a:google:chrome:7.0.536.3
  • Google Chrome 7.0.536.4
    cpe:2.3:a:google:chrome:7.0.536.4
  • cpe:2.3:a:google:chrome:7.0.537.0
  • cpe:2.3:a:google:chrome:7.0.538.0
  • Google Chrome 7.0.539.0
    cpe:2.3:a:google:chrome:7.0.539.0
  • cpe:2.3:a:google:chrome:7.0.540.0
  • Google Chrome 7.0.541.0
    cpe:2.3:a:google:chrome:7.0.541.0
  • Google Chrome 7.0.542.0
    cpe:2.3:a:google:chrome:7.0.542.0
  • Google Chrome 7.0.544.0
    cpe:2.3:a:google:chrome:7.0.544.0
  • cpe:2.3:a:google:chrome:7.0.547.0
  • cpe:2.3:a:google:chrome:7.0.547.1
  • cpe:2.3:a:google:chrome:7.0.548.0
  • Google Chrome 8.0.549.0
    cpe:2.3:a:google:chrome:8.0.549.0
  • cpe:2.3:a:google:chrome:8.0.550.0
  • Google Chrome 8.0.551.0
    cpe:2.3:a:google:chrome:8.0.551.0
  • cpe:2.3:a:google:chrome:8.0.551.1
  • cpe:2.3:a:google:chrome:8.0.552.0
  • Google Chrome 8.0.552.1
    cpe:2.3:a:google:chrome:8.0.552.1
  • Google Chrome 8.0.552.10
    cpe:2.3:a:google:chrome:8.0.552.10
  • cpe:2.3:a:google:chrome:8.0.552.100
  • cpe:2.3:a:google:chrome:8.0.552.101
  • Google Chrome 8.0.552.102
    cpe:2.3:a:google:chrome:8.0.552.102
  • cpe:2.3:a:google:chrome:8.0.552.103
  • cpe:2.3:a:google:chrome:8.0.552.104
  • Google Chrome 8.0.552.105
    cpe:2.3:a:google:chrome:8.0.552.105
  • Google Chrome 8.0.552.11
    cpe:2.3:a:google:chrome:8.0.552.11
  • Google Chrome 8.0.552.12
    cpe:2.3:a:google:chrome:8.0.552.12
  • cpe:2.3:a:google:chrome:8.0.552.13
  • cpe:2.3:a:google:chrome:8.0.552.14
  • Google Chrome 8.0.552.15
    cpe:2.3:a:google:chrome:8.0.552.15
  • cpe:2.3:a:google:chrome:8.0.552.16
  • Google Chrome 8.0.552.17
    cpe:2.3:a:google:chrome:8.0.552.17
  • Google Chrome 8.0.552.18
    cpe:2.3:a:google:chrome:8.0.552.18
  • Google Chrome 8.0.552.19
    cpe:2.3:a:google:chrome:8.0.552.19
  • cpe:2.3:a:google:chrome:8.0.552.20
  • Google Chrome 8.0.552.2
    cpe:2.3:a:google:chrome:8.0.552.2
  • Google Chrome 8.0.552.200
    cpe:2.3:a:google:chrome:8.0.552.200
  • Google Chrome 8.0.552.201
    cpe:2.3:a:google:chrome:8.0.552.201
  • Google Chrome 8.0.552.202
    cpe:2.3:a:google:chrome:8.0.552.202
  • Google Chrome 8.0.552.203
    cpe:2.3:a:google:chrome:8.0.552.203
  • Google Chrome 8.0.552.204
    cpe:2.3:a:google:chrome:8.0.552.204
  • cpe:2.3:a:google:chrome:8.0.552.205
  • Google Chrome 8.0.552.206
    cpe:2.3:a:google:chrome:8.0.552.206
  • cpe:2.3:a:google:chrome:8.0.552.207
  • Google Chrome 8.0.552.208
    cpe:2.3:a:google:chrome:8.0.552.208
  • cpe:2.3:a:google:chrome:8.0.552.209
  • Google Chrome 8.0.552.21
    cpe:2.3:a:google:chrome:8.0.552.21
  • Google Chrome 8.0.552.210
    cpe:2.3:a:google:chrome:8.0.552.210
  • cpe:2.3:a:google:chrome:8.0.552.211
  • Google Chrome 8.0.552.212
    cpe:2.3:a:google:chrome:8.0.552.212
  • Google Chrome 8.0.552.213
    cpe:2.3:a:google:chrome:8.0.552.213
  • Google Chrome 8.0.552.214
    cpe:2.3:a:google:chrome:8.0.552.214
  • cpe:2.3:a:google:chrome:8.0.552.215
  • cpe:2.3:a:google:chrome:8.0.552.216
  • cpe:2.3:a:google:chrome:8.0.552.217
  • cpe:2.3:a:google:chrome:8.0.552.219
  • cpe:2.3:a:google:chrome:8.0.552.220
  • Google Chrome 8.0.552.221
    cpe:2.3:a:google:chrome:8.0.552.221
  • Google Chrome 8.0.552.223
    cpe:2.3:a:google:chrome:8.0.552.223
  • cpe:2.3:a:google:chrome:8.0.552.224
  • Google Chrome 8.0.552.225
    cpe:2.3:a:google:chrome:8.0.552.225
  • Google Chrome 8.0.552.226
    cpe:2.3:a:google:chrome:8.0.552.226
  • Google Chrome 8.0.552.227
    cpe:2.3:a:google:chrome:8.0.552.227
  • cpe:2.3:a:google:chrome:8.0.552.228
  • cpe:2.3:a:google:chrome:8.0.552.229
  • Google Chrome 8.0.552.23
    cpe:2.3:a:google:chrome:8.0.552.23
  • Google Chrome 8.0.552.230
    cpe:2.3:a:google:chrome:8.0.552.230
  • cpe:2.3:a:google:chrome:8.0.552.231
  • Google Chrome 8.0.552.232
    cpe:2.3:a:google:chrome:8.0.552.232
  • Google Chrome 8.0.552.233
    cpe:2.3:a:google:chrome:8.0.552.233
  • cpe:2.3:a:google:chrome:8.0.552.234
  • cpe:2.3:a:google:chrome:8.0.552.235
  • Google Chrome 8.0.552.237
    cpe:2.3:a:google:chrome:8.0.552.237
  • Google Chrome 8.0.552.24
    cpe:2.3:a:google:chrome:8.0.552.24
  • Google Chrome 8.0.552.25
    cpe:2.3:a:google:chrome:8.0.552.25
  • Google Chrome 8.0.552.26
    cpe:2.3:a:google:chrome:8.0.552.26
  • Google Chrome 8.0.552.27
    cpe:2.3:a:google:chrome:8.0.552.27
  • Google Chrome 8.0.552.28
    cpe:2.3:a:google:chrome:8.0.552.28
  • Google Chrome 8.0.552.29
    cpe:2.3:a:google:chrome:8.0.552.29
  • cpe:2.3:a:google:chrome:8.0.552.300
  • Google Chrome 8.0.552.301
    cpe:2.3:a:google:chrome:8.0.552.301
  • cpe:2.3:a:google:chrome:8.0.552.302
  • Google Chrome 8.0.552.304
    cpe:2.3:a:google:chrome:8.0.552.304
  • cpe:2.3:a:google:chrome:8.0.552.305
  • cpe:2.3:a:google:chrome:8.0.552.308
  • Google Chrome 8.0.552.309
    cpe:2.3:a:google:chrome:8.0.552.309
  • Google Chrome 8.0.552.310
    cpe:2.3:a:google:chrome:8.0.552.310
  • Google Chrome 8.0.552.311
    cpe:2.3:a:google:chrome:8.0.552.311
  • cpe:2.3:a:google:chrome:8.0.552.312
  • cpe:2.3:a:google:chrome:8.0.552.313
  • Google Chrome 8.0.552.315
    cpe:2.3:a:google:chrome:8.0.552.315
  • Google Chrome 8.0.552.316
    cpe:2.3:a:google:chrome:8.0.552.316
  • Google Chrome 8.0.552.317
    cpe:2.3:a:google:chrome:8.0.552.317
  • Google Chrome 8.0.552.318
    cpe:2.3:a:google:chrome:8.0.552.318
  • Google Chrome 8.0.552.319
    cpe:2.3:a:google:chrome:8.0.552.319
  • Google Chrome 8.0.552.320
    cpe:2.3:a:google:chrome:8.0.552.320
  • Google Chrome 8.0.552.321
    cpe:2.3:a:google:chrome:8.0.552.321
  • cpe:2.3:a:google:chrome:8.0.552.322
  • Google Chrome 8.0.552.323
    cpe:2.3:a:google:chrome:8.0.552.323
  • Google Chrome 8.0.552.324
    cpe:2.3:a:google:chrome:8.0.552.324
  • Google Chrome 8.0.552.325
    cpe:2.3:a:google:chrome:8.0.552.325
  • Google Chrome 8.0.552.326
    cpe:2.3:a:google:chrome:8.0.552.326
  • cpe:2.3:a:google:chrome:8.0.552.327
  • cpe:2.3:a:google:chrome:8.0.552.328
  • cpe:2.3:a:google:chrome:8.0.552.329
  • cpe:2.3:a:google:chrome:8.0.552.330
  • Google Chrome 8.0.552.331
    cpe:2.3:a:google:chrome:8.0.552.331
  • cpe:2.3:a:google:chrome:8.0.552.332
  • cpe:2.3:a:google:chrome:8.0.552.333
  • cpe:2.3:a:google:chrome:8.0.552.334
  • Google Chrome 8.0.552.335
    cpe:2.3:a:google:chrome:8.0.552.335
  • Google Chrome 8.0.552.336
    cpe:2.3:a:google:chrome:8.0.552.336
  • cpe:2.3:a:google:chrome:8.0.552.337
  • Google Chrome 8.0.552.338
    cpe:2.3:a:google:chrome:8.0.552.338
  • Google Chrome 8.0.552.339
    cpe:2.3:a:google:chrome:8.0.552.339
  • cpe:2.3:a:google:chrome:8.0.552.340
  • Google Chrome 8.0.552.341
    cpe:2.3:a:google:chrome:8.0.552.341
  • cpe:2.3:a:google:chrome:8.0.552.342
  • Google Chrome 8.0.552.343
    cpe:2.3:a:google:chrome:8.0.552.343
  • Google Chrome 8.0.552.344
    cpe:2.3:a:google:chrome:8.0.552.344
  • cpe:2.3:a:google:chrome:8.0.552.35
  • cpe:2.3:a:google:chrome:8.0.552.4
  • cpe:2.3:a:google:chrome:8.0.552.40
  • cpe:2.3:a:google:chrome:8.0.552.41
  • cpe:2.3:a:google:chrome:8.0.552.42
  • Google Chrome 8.0.552.43
    cpe:2.3:a:google:chrome:8.0.552.43
  • Google Chrome 8.0.552.44
    cpe:2.3:a:google:chrome:8.0.552.44
  • cpe:2.3:a:google:chrome:8.0.552.45
  • Google Chrome 8.0.552.47
    cpe:2.3:a:google:chrome:8.0.552.47
  • cpe:2.3:a:google:chrome:8.0.552.48
  • cpe:2.3:a:google:chrome:8.0.552.49
  • Google Chrome 8.0.552.5
    cpe:2.3:a:google:chrome:8.0.552.5
  • cpe:2.3:a:google:chrome:8.0.552.50
  • Google Chrome 8.0.552.51
    cpe:2.3:a:google:chrome:8.0.552.51
  • cpe:2.3:a:google:chrome:8.0.552.52
  • cpe:2.3:a:google:chrome:8.0.552.6
  • cpe:2.3:a:google:chrome:8.0.552.7
  • cpe:2.3:a:google:chrome:8.0.552.8
  • Google Chrome 8.0.552.9
    cpe:2.3:a:google:chrome:8.0.552.9
  • Google Chrome 8.0.553.0
    cpe:2.3:a:google:chrome:8.0.553.0
  • Google Chrome 8.0.554.0
    cpe:2.3:a:google:chrome:8.0.554.0
  • cpe:2.3:a:google:chrome:8.0.555.0
  • cpe:2.3:a:google:chrome:8.0.556.0
  • Google Chrome 8.0.557.0
    cpe:2.3:a:google:chrome:8.0.557.0
  • cpe:2.3:a:google:chrome:8.0.558.0
  • cpe:2.3:a:google:chrome:8.0.559.0
  • Google Chrome 8.0.560.0
    cpe:2.3:a:google:chrome:8.0.560.0
  • cpe:2.3:a:google:chrome:8.0.561.0
  • cpe:2.3:a:google:chrome:9.0.562.0
  • Google Chrome 9.0.563.0
    cpe:2.3:a:google:chrome:9.0.563.0
  • cpe:2.3:a:google:chrome:9.0.564.0
  • Google Chrome 9.0.565.0
    cpe:2.3:a:google:chrome:9.0.565.0
  • cpe:2.3:a:google:chrome:9.0.566.0
  • cpe:2.3:a:google:chrome:9.0.567.0
  • cpe:2.3:a:google:chrome:9.0.568.0
  • Google Chrome 9.0.569.0
    cpe:2.3:a:google:chrome:9.0.569.0
  • cpe:2.3:a:google:chrome:9.0.570.0
  • Google Chrome 9.0.570.1
    cpe:2.3:a:google:chrome:9.0.570.1
  • cpe:2.3:a:google:chrome:9.0.571.0
  • cpe:2.3:a:google:chrome:9.0.572.0
  • cpe:2.3:a:google:chrome:9.0.572.1
  • Google Chrome 9.0.573.0
    cpe:2.3:a:google:chrome:9.0.573.0
  • Google Chrome 9.0.574.0
    cpe:2.3:a:google:chrome:9.0.574.0
  • Google Chrome 9.0.575.0
    cpe:2.3:a:google:chrome:9.0.575.0
  • Google Chrome 9.0.576.0
    cpe:2.3:a:google:chrome:9.0.576.0
  • Google Chrome 9.0.577.0
    cpe:2.3:a:google:chrome:9.0.577.0
  • Google Chrome 9.0.578.0
    cpe:2.3:a:google:chrome:9.0.578.0
  • Google Chrome 9.0.579.0
    cpe:2.3:a:google:chrome:9.0.579.0
  • Google Chrome 9.0.580.0
    cpe:2.3:a:google:chrome:9.0.580.0
  • Google Chrome 9.0.581.0
    cpe:2.3:a:google:chrome:9.0.581.0
  • Google Chrome 9.0.582.0
    cpe:2.3:a:google:chrome:9.0.582.0
  • cpe:2.3:a:google:chrome:9.0.583.0
  • Google Chrome 9.0.584.0
    cpe:2.3:a:google:chrome:9.0.584.0
  • Google Chrome 9.0.585.0
    cpe:2.3:a:google:chrome:9.0.585.0
  • cpe:2.3:a:google:chrome:9.0.586.0
  • cpe:2.3:a:google:chrome:9.0.587.0
  • Google Chrome 9.0.587.1
    cpe:2.3:a:google:chrome:9.0.587.1
  • cpe:2.3:a:google:chrome:9.0.588.0
  • Google Chrome 9.0.589.0
    cpe:2.3:a:google:chrome:9.0.589.0
  • Google Chrome 9.0.590.0
    cpe:2.3:a:google:chrome:9.0.590.0
  • Google Chrome 9.0.591.0
    cpe:2.3:a:google:chrome:9.0.591.0
  • cpe:2.3:a:google:chrome:9.0.592.0
  • Google Chrome 9.0.593.0
    cpe:2.3:a:google:chrome:9.0.593.0
  • cpe:2.3:a:google:chrome:9.0.594.0
  • cpe:2.3:a:google:chrome:9.0.595.0
  • Google Chrome 9.0.596.0
    cpe:2.3:a:google:chrome:9.0.596.0
  • Google Chrome 9.0.597.0
    cpe:2.3:a:google:chrome:9.0.597.0
  • Google Chrome 9.0.597.1
    cpe:2.3:a:google:chrome:9.0.597.1
  • cpe:2.3:a:google:chrome:9.0.597.10
  • Google Chrome 9.0.597.11
    cpe:2.3:a:google:chrome:9.0.597.11
  • Google Chrome 9.0.597.12
    cpe:2.3:a:google:chrome:9.0.597.12
  • Google Chrome 9.0.597.14
    cpe:2.3:a:google:chrome:9.0.597.14
  • cpe:2.3:a:google:chrome:9.0.597.15
  • cpe:2.3:a:google:chrome:9.0.597.16
  • cpe:2.3:a:google:chrome:9.0.597.17
  • Google Chrome 9.0.597.18
    cpe:2.3:a:google:chrome:9.0.597.18
  • Google Chrome 9.0.597.19
    cpe:2.3:a:google:chrome:9.0.597.19
  • Google Chrome 9.0.597.2
    cpe:2.3:a:google:chrome:9.0.597.2
  • cpe:2.3:a:google:chrome:9.0.597.20
  • cpe:2.3:a:google:chrome:9.0.597.21
  • Google Chrome 9.0.597.22
    cpe:2.3:a:google:chrome:9.0.597.22
  • cpe:2.3:a:google:chrome:9.0.597.23
  • Google Chrome 9.0.597.24
    cpe:2.3:a:google:chrome:9.0.597.24
  • Google Chrome 9.0.597.25
    cpe:2.3:a:google:chrome:9.0.597.25
  • cpe:2.3:a:google:chrome:9.0.597.26
  • cpe:2.3:a:google:chrome:9.0.597.27
  • cpe:2.3:a:google:chrome:9.0.597.28
  • cpe:2.3:a:google:chrome:9.0.597.29
  • cpe:2.3:a:google:chrome:9.0.597.30
  • cpe:2.3:a:google:chrome:9.0.597.31
  • Google Chrome 9.0.597.32
    cpe:2.3:a:google:chrome:9.0.597.32
  • cpe:2.3:a:google:chrome:9.0.597.33
  • Google Chrome 9.0.597.34
    cpe:2.3:a:google:chrome:9.0.597.34
  • cpe:2.3:a:google:chrome:9.0.597.35
  • Google Chrome 9.0.597.36
    cpe:2.3:a:google:chrome:9.0.597.36
  • cpe:2.3:a:google:chrome:9.0.597.37
  • cpe:2.3:a:google:chrome:9.0.597.38
  • cpe:2.3:a:google:chrome:9.0.597.39
  • Google Chrome 9.0.597.4
    cpe:2.3:a:google:chrome:9.0.597.4
  • cpe:2.3:a:google:chrome:9.0.597.40
  • cpe:2.3:a:google:chrome:9.0.597.41
  • Google Chrome 9.0.597.42
    cpe:2.3:a:google:chrome:9.0.597.42
  • Google Chrome 9.0.597.44
    cpe:2.3:a:google:chrome:9.0.597.44
  • Google Chrome 9.0.597.45
    cpe:2.3:a:google:chrome:9.0.597.45
  • Google Chrome 9.0.597.46
    cpe:2.3:a:google:chrome:9.0.597.46
  • Google Chrome 9.0.597.47
    cpe:2.3:a:google:chrome:9.0.597.47
  • Google Chrome 9.0.597.5
    cpe:2.3:a:google:chrome:9.0.597.5
  • cpe:2.3:a:google:chrome:9.0.597.54
  • Google Chrome 9.0.597.55
    cpe:2.3:a:google:chrome:9.0.597.55
  • cpe:2.3:a:google:chrome:9.0.597.56
  • cpe:2.3:a:google:chrome:9.0.597.57
  • Google Chrome 9.0.597.58
    cpe:2.3:a:google:chrome:9.0.597.58
  • Google Chrome 9.0.597.59
    cpe:2.3:a:google:chrome:9.0.597.59
  • cpe:2.3:a:google:chrome:9.0.597.60
  • Google Chrome 9.0.597.62
    cpe:2.3:a:google:chrome:9.0.597.62
  • cpe:2.3:a:google:chrome:9.0.597.63
  • cpe:2.3:a:google:chrome:9.0.597.64
  • cpe:2.3:a:google:chrome:9.0.597.65
  • Google Chrome 9.0.597.66
    cpe:2.3:a:google:chrome:9.0.597.66
  • cpe:2.3:a:google:chrome:9.0.597.67
  • cpe:2.3:a:google:chrome:9.0.597.68
  • Google Chrome 9.0.597.69
    cpe:2.3:a:google:chrome:9.0.597.69
  • cpe:2.3:a:google:chrome:9.0.597.7
  • Google Chrome 9.0.597.70
    cpe:2.3:a:google:chrome:9.0.597.70
  • cpe:2.3:a:google:chrome:9.0.597.71
  • cpe:2.3:a:google:chrome:9.0.597.72
  • Google Chrome 9.0.597.73
    cpe:2.3:a:google:chrome:9.0.597.73
  • Google Chrome 9.0.597.74
    cpe:2.3:a:google:chrome:9.0.597.74
  • cpe:2.3:a:google:chrome:9.0.597.75
  • Google Chrome 9.0.597.76
    cpe:2.3:a:google:chrome:9.0.597.76
  • Google Chrome 9.0.597.77
    cpe:2.3:a:google:chrome:9.0.597.77
  • Google Chrome 9.0.597.78
    cpe:2.3:a:google:chrome:9.0.597.78
  • Google Chrome 9.0.597.79
    cpe:2.3:a:google:chrome:9.0.597.79
  • Google Chrome 9.0.597.8
    cpe:2.3:a:google:chrome:9.0.597.8
  • Google Chrome 9.0.597.80
    cpe:2.3:a:google:chrome:9.0.597.80
  • Google Chrome 9.0.597.81
    cpe:2.3:a:google:chrome:9.0.597.81
  • cpe:2.3:a:google:chrome:9.0.597.82
  • cpe:2.3:a:google:chrome:9.0.597.83
  • cpe:2.3:a:google:chrome:9.0.597.84
  • Google Chrome 9.0.597.85
    cpe:2.3:a:google:chrome:9.0.597.85
  • Google Chrome 9.0.597.86
    cpe:2.3:a:google:chrome:9.0.597.86
  • cpe:2.3:a:google:chrome:9.0.597.88
  • cpe:2.3:a:google:chrome:9.0.597.9
  • cpe:2.3:a:google:chrome:9.0.597.90
  • Google Chrome 9.0.597.92
    cpe:2.3:a:google:chrome:9.0.597.92
  • Google Chrome 9.0.597.94
    cpe:2.3:a:google:chrome:9.0.597.94
  • cpe:2.3:a:google:chrome:9.0.597.96
  • Google Chrome 9.0.597.97
    cpe:2.3:a:google:chrome:9.0.597.97
  • cpe:2.3:a:google:chrome:9.0.597.98
  • cpe:2.3:a:google:chrome:9.0.597.99
  • Google Chrome 9.0.597.100
    cpe:2.3:a:google:chrome:9.0.597.100
  • Google Chrome 9.0.597.101
    cpe:2.3:a:google:chrome:9.0.597.101
  • Google Chrome 9.0.597.102
    cpe:2.3:a:google:chrome:9.0.597.102
  • cpe:2.3:a:google:chrome:9.0.597.107
  • Google Chrome 9.0.597.106
    cpe:2.3:a:google:chrome:9.0.597.106
  • cpe:2.3:a:google:chrome:9.0.598.0
  • Google Chrome 9.0.599.0
    cpe:2.3:a:google:chrome:9.0.599.0
  • Google Chrome 9.0.600.0
    cpe:2.3:a:google:chrome:9.0.600.0
  • cpe:2.3:a:google:chrome:10.0.648.126
  • Google Chrome 10.0.601.0
    cpe:2.3:a:google:chrome:10.0.601.0
  • Google Chrome 10.0.602.0
    cpe:2.3:a:google:chrome:10.0.602.0
  • Google Chrome 10.0.603.0
    cpe:2.3:a:google:chrome:10.0.603.0
  • Google Chrome 10.0.603.2
    cpe:2.3:a:google:chrome:10.0.603.2
  • cpe:2.3:a:google:chrome:10.0.603.3
  • cpe:2.3:a:google:chrome:10.0.604.0
  • Google Chrome 10.0.605.0
    cpe:2.3:a:google:chrome:10.0.605.0
  • Google Chrome 10.0.606.0
    cpe:2.3:a:google:chrome:10.0.606.0
  • Google Chrome 10.0.607.0
    cpe:2.3:a:google:chrome:10.0.607.0
  • cpe:2.3:a:google:chrome:10.0.608.0
  • cpe:2.3:a:google:chrome:10.0.609.0
  • Google Chrome 10.0.610.0
    cpe:2.3:a:google:chrome:10.0.610.0
  • cpe:2.3:a:google:chrome:10.0.611.0
  • Google Chrome 10.0.611.1
    cpe:2.3:a:google:chrome:10.0.611.1
  • cpe:2.3:a:google:chrome:10.0.612.0
  • cpe:2.3:a:google:chrome:10.0.612.1
  • cpe:2.3:a:google:chrome:10.0.612.2
  • Google Chrome 10.0.612.3
    cpe:2.3:a:google:chrome:10.0.612.3
  • cpe:2.3:a:google:chrome:10.0.613.0
  • cpe:2.3:a:google:chrome:10.0.614.0
  • cpe:2.3:a:google:chrome:10.0.615.0
  • Google Chrome 10.0.616.0
    cpe:2.3:a:google:chrome:10.0.616.0
  • Google Chrome 10.0.617.0
    cpe:2.3:a:google:chrome:10.0.617.0
  • cpe:2.3:a:google:chrome:10.0.618.0
  • Google Chrome 10.0.619.0
    cpe:2.3:a:google:chrome:10.0.619.0
  • Google Chrome 10.0.620.0
    cpe:2.3:a:google:chrome:10.0.620.0
  • cpe:2.3:a:google:chrome:10.0.621.0
  • Google Chrome 10.0.622.0
    cpe:2.3:a:google:chrome:10.0.622.0
  • Google Chrome 10.0.622.1
    cpe:2.3:a:google:chrome:10.0.622.1
  • cpe:2.3:a:google:chrome:10.0.623.0
  • Google Chrome 10.0.624.0
    cpe:2.3:a:google:chrome:10.0.624.0
  • Google Chrome 10.0.625.0
    cpe:2.3:a:google:chrome:10.0.625.0
  • cpe:2.3:a:google:chrome:10.0.626.0
  • cpe:2.3:a:google:chrome:10.0.627.0
  • Google Chrome 10.0.628.0
    cpe:2.3:a:google:chrome:10.0.628.0
  • cpe:2.3:a:google:chrome:10.0.629.0
  • Google Chrome 10.0.630.0
    cpe:2.3:a:google:chrome:10.0.630.0
  • cpe:2.3:a:google:chrome:10.0.631.0
  • Google Chrome 10.0.632.0
    cpe:2.3:a:google:chrome:10.0.632.0
  • cpe:2.3:a:google:chrome:10.0.633.0
  • cpe:2.3:a:google:chrome:10.0.634.0
  • Google Chrome 10.0.634.1
    cpe:2.3:a:google:chrome:10.0.634.1
  • Google Chrome 10.0.635.0
    cpe:2.3:a:google:chrome:10.0.635.0
  • Google Chrome 10.0.636.0
    cpe:2.3:a:google:chrome:10.0.636.0
  • Google Chrome 10.0.638.0
    cpe:2.3:a:google:chrome:10.0.638.0
  • cpe:2.3:a:google:chrome:10.0.638.1
  • Google Chrome 10.0.639.0
    cpe:2.3:a:google:chrome:10.0.639.0
  • Google Chrome 10.0.640.0
    cpe:2.3:a:google:chrome:10.0.640.0
  • cpe:2.3:a:google:chrome:10.0.642.0
  • Google Chrome 10.0.642.1
    cpe:2.3:a:google:chrome:10.0.642.1
  • Google Chrome 10.0.642.2
    cpe:2.3:a:google:chrome:10.0.642.2
  • Google Chrome 10.0.643.0
    cpe:2.3:a:google:chrome:10.0.643.0
  • cpe:2.3:a:google:chrome:10.0.644.0
  • cpe:2.3:a:google:chrome:10.0.645.0
  • Google Chrome 10.0.646.0
    cpe:2.3:a:google:chrome:10.0.646.0
  • cpe:2.3:a:google:chrome:10.0.647.0
  • Google Chrome 10.0.648.0
    cpe:2.3:a:google:chrome:10.0.648.0
  • cpe:2.3:a:google:chrome:10.0.648.1
  • Google Chrome 10.0.648.10
    cpe:2.3:a:google:chrome:10.0.648.10
  • cpe:2.3:a:google:chrome:10.0.648.101
  • Google Chrome 10.0.648.103
    cpe:2.3:a:google:chrome:10.0.648.103
  • cpe:2.3:a:google:chrome:10.0.648.105
  • Google Chrome 10.0.648.107
    cpe:2.3:a:google:chrome:10.0.648.107
  • cpe:2.3:a:google:chrome:10.0.648.11
  • cpe:2.3:a:google:chrome:10.0.648.114
  • Google Chrome 10.0.648.116
    cpe:2.3:a:google:chrome:10.0.648.116
  • Google Chrome 10.0.648.118
    cpe:2.3:a:google:chrome:10.0.648.118
  • Google Chrome 10.0.648.119
    cpe:2.3:a:google:chrome:10.0.648.119
  • cpe:2.3:a:google:chrome:10.0.648.12
  • cpe:2.3:a:google:chrome:10.0.648.120
  • cpe:2.3:a:google:chrome:10.0.648.121
  • cpe:2.3:a:google:chrome:10.0.648.122
  • cpe:2.3:a:google:chrome:10.0.648.123
  • cpe:2.3:a:google:chrome:10.0.648.124
  • cpe:2.3:a:google:chrome:10.0.648.125
CVSS
Base: 5.0 (as of 11-03-2011 - 16:30)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_MOZILLAFIREFOX-110429.NASL
    description Mozilla Firefox was updated to the 4.0.1 security release. MFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits Mozilla developers Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, Nils, Scoobidiver, and Ted Mielczarek reported memory safety issues which affected Firefox 4. (CVE-2011-0079) Mozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6 (CVE-2011-0081) Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070) MFSA 2011-17 / CVE-2011-0068: Two crashes that could potentially be exploited to run malicious code were found in the WebGL feature and fixed in Firefox 4.0.1. In addition the WebGLES libraries could potentially be used to bypass a security feature of recent Windows versions. The WebGL feature was introduced in Firefox 4; older versions are not affected by these issues. Nils reported that the WebGLES libraries in the Windows version of Firefox were compiled without ASLR protection. An attacker who found an exploitable memory corruption flaw could then use these libraries to bypass ASLR on Windows Vista and Windows 7, making the flaw as exploitable on those platforms as it would be on Windows XP or other platforms. Mozilla researcher Christoph Diehl reported a potentially exploitable buffer overflow in the WebGLES library Yuri Ko reported a potentially exploitable overwrite in the WebGLES library to the Chrome Secuity Team. We thank them for coordinating with us on this fix. MFSA 2011-18 / CVE-2011-1202: Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 75944
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75944
    title openSUSE Security Update : MozillaFirefox (MozillaFirefox-4457)
  • NASL family Windows
    NASL id GOOGLE_CHROME_10_0_648_127.NASL
    description The version of Google Chrome installed on the remote host is earlier than 10.0.648.127. Such versions are reportedly affected by multiple vulnerabilities : - It may be possible to navigate or close the top location in a sandboxed frame. (Issue #42574, #42765) - A cross-origin error message leak exists. (Issue #69187) - A memory corruption issue exists with counter nodes. (Issue #69628) - An unspecified issue exists with stale nodes in box layout. (Issue #70027) - A cross-origin error message leak exists with workers. (Issue #70336) - A use-after-free error exists with DOM URL handling. (Issue #70442) - A same origin policy bypass exists in v8. (Issue #70877) - It may be possible to bypass the pop-up blocker. (Issue #70885, #71167) - A use-after-free error exists in document script lifetime handling. (Issue #71763) - An out-of-bounds write issue exists in the OGG container. (Issue #71788) - A stale pointer exists in table painting. (Issue #72028) - A corrupt out-of-bounds structure may be used in video code. (Issue #73026) - It may be possible to crash the application with the DataView object. (Issue #73066) - A bad cast exists in text rendering. (Issue #73134) - A stale pointer exists in the WebKit context code. (Issue #73196) - It may be possible for heap addresses to leak in XSLT. (Issue #73716) - A stale pointer exists with SVG cursors. (Issue #73746) - It is possible for the DOM tree to be corrupted with attribute handling. (Issue #74030) - An unspecified corruption exists via re-entrancy of RegExp code. (Issue #74662) - An invalid memory access exists in v8. (Issue #74675)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 52589
    published 2011-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52589
    title Google Chrome < 10.0.648.127 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLA-XULRUNNER191-7493.NASL
    description Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits. (MFSA 2011-12) - Mozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6. (CVE-2011-0081) The web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069) Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070) Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080) Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 / CVE-2011-0075) Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 / CVE-2011-0078) Martin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072) - Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative. (MFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073) - Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history. (MFSA 2011-14 / CVE-2011-0067) - Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system. (MFSA 2011-18 / CVE-2011-1202)
    last seen 2019-02-21
    modified 2013-11-29
    plugin id 53650
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53650
    title SuSE 10 Security Update : Mozilla XULrunner (ZYPP Patch Number 7493)
  • NASL family Misc.
    NASL id VMWARE_ESXI_5_1_BUILD_1063671_REMOTE.NASL
    description The remote VMware ESXi 5.1 host is affected by the following security vulnerabilities : - An integer overflow condition exists in the glibc library in the __tzfile_read() function that allows a denial of service or arbitrary code execution. (CVE-2009-5029) - An error exists in the glibc library related to modified loaders and 'LD_TRACE_LOADED_OBJECTS' checks that allow arbitrary code execution. This issue is disputed by the creators of glibc. (CVE-2009-5064) - An integer signedness error exists in the elf_get_dynamic_info() function in elf/dynamic-link.h that allows arbitrary code execution. (CVE-2010-0830) - An error exists in the glibc library in the addmntent() function that allows a corruption of the '/etc/mtab' file. (CVE-2011-1089) - An error exists in the libxslt library in the xsltGenerateIdFunction() function that allows the disclosure of sensitive information. (CVE-2011-1202) - An off-by-one overflow condition exists in the xmlXPtrEvalXPtrPart() function due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2011-3102) - An out-of-bounds read error exists in the libxslt library in the xsltCompilePatternInternal() function that allows a denial of service. (CVE-2011-3970) - An error exists in the glibc library in the svc_run() function that allows a denial of service. (CVE-2011-4609) - An overflow error exists in the glibc library in the printf() function related to 'nargs' parsing that allows arbitrary code execution. (CVE-2012-0864) - Multiple integer overflow conditions exist due to improper validation of user-supplied input when handling overly long strings. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-2807) - Multiple type-confusion errors exist in the 'IS_XSLT_ELEM' macro and the xsltApplyTemplates() function that allow a denial of service or the disclosure of sensitive information. (CVE-2012-2825, CVE-2012-2871) - A use-after-free error exists in the libxslt library in the xsltGenerateIdFunction() function that allows a denial of service or arbitrary code execution. (CVE-2012-2870) - Multiple format string error exist in glibc that allow arbitrary code execution. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406) - Multiple overflow errors exist in the glibc functions strtod(), strtof(), strtold(), and strtod_l() that allow arbitrary code execution. (CVE-2012-3480) - A heap-based underflow condition exists in the bundled libxml2 library due to incorrect parsing of strings not containing an expected space. A remote attacker can exploit this, via a specially crafted XML document, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-5134) - An arbitrary file modification vulnerability due to improper handling of certain Virtual Machine file descriptors. A local attacker can exploit this to read or modify arbitrary files. (CVE-2013-5973)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 70886
    published 2013-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70886
    title ESXi 5.1 < Build 1063671 Multiple Vulnerabilities (remote check)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2011-0471.NASL
    description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0080, CVE-2011-0081) An arbitrary memory write flaw was found in the way Firefox handled out-of-memory conditions. If all memory was consumed when a user visited a malicious web page, it could possibly lead to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0078) An integer overflow flaw was found in the way Firefox handled the HTML frameset tag. A web page with a frameset tag containing large values for the 'rows' and 'cols' attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0077) A flaw was found in the way Firefox handled the HTML iframe tag. A web page with an iframe tag containing a specially crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0075) A flaw was found in the way Firefox displayed multiple marquee elements. A malformed HTML document could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0074) A flaw was found in the way Firefox handled the nsTreeSelection element. Malformed content could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0073) A use-after-free flaw was found in the way Firefox appended frame and iframe elements to a DOM tree when the NoScript add-on was enabled. Malicious HTML content could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0072) A directory traversal flaw was found in the Firefox resource:// protocol handler. Malicious content could cause Firefox to access arbitrary files accessible to the user running Firefox. (CVE-2011-0071) A double free flaw was found in the way Firefox handled 'application/http-index-format' documents. A malformed HTTP response could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0070) A flaw was found in the way Firefox handled certain JavaScript cross-domain requests. If malicious content generated a large number of cross-domain JavaScript requests, it could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0069) A flaw was found in the way Firefox displayed the autocomplete pop-up. Malicious content could use this flaw to steal form history information. (CVE-2011-0067) Two use-after-free flaws were found in the Firefox mObserverList and mChannel objects. Malicious content could use these flaws to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0066, CVE-2011-0065) A flaw was found in the Firefox XSLT generate-id() function. This function returned the memory address of an object in memory, which could possibly be used by attackers to bypass address randomization protections. (CVE-2011-1202) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.17. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.17, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53598
    published 2011-05-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53598
    title CentOS 4 / 5 : firefox (CESA-2011:0471)
  • NASL family Windows
    NASL id SEAMONKEY_2014.NASL
    description The installed version of SeaMonkey is earlier than 2.0.14. Such versions are potentially affected by the following security issues : - Multiple use-after-free errors exist in the handling of the object attributes 'mChannel', 'mObserverList' and 'nsTreeRange'. (CVE-2011-0065, CVE-2011-0066, CVE-2011-0073) - An error exists in the handling of Java applets that could allow sensitive form history data to be accessed. (CVE-2011-0067) - An error in the resource protocol could allow directory traversal. (CVE-2011-0071) - Multiple memory safety issues could lead to application crashes and possibly remote code execution. (CVE-2011-0069, CVE-2011-0070, CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0080) - An information disclosure vulnerability exists in the 'xsltGenerateIdFunction' function in the included libxslt library. (CVE-2011-1202)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 53597
    published 2011-04-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53597
    title SeaMonkey < 2.0.14 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLAFIREFOX-7490.NASL
    description Mozilla Firefox was updated to the 3.6.17 security release. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits. (MFSA 2011-12) Mozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6. (CVE-2011-0081) The web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069) Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070) Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080) Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 / CVE-2011-0075) Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 / CVE-2011-0078) Martin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072) - Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative. (MFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073) - Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history. (MFSA 2011-14 / CVE-2011-0067) - David Remahl of Apple Product Security reported that the Java Embedding Plugin (JEP) shipped with the Mac OS X versions of Firefox could be exploited to obtain elevated access to resources on a user's system. (MFSA 2011-15 / CVE-2011-0076) - Security researcher Soroush Dalili reported that the resource: protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. The impact would depend on whether interesting files existed in predictable locations in a useful format. For example, the existence or non-existence of particular images might indicate whether certain software was installed. (MFSA 2011-16 / CVE-2011-0071) - Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system. (MFSA 2011-18 / CVE-2011-1202)
    last seen 2019-02-21
    modified 2013-11-29
    plugin id 57148
    published 2011-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57148
    title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7490)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_MOZILLA-XULRUNNER191-110429.NASL
    description Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release. MFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits Mozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6 (CVE-2011-0081) The web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069) Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070) Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080) Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 , CVE-2011-0075) Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 , CVE-2011-0078) Martin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072) MFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative. MFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history. MFSA 2011-18 / CVE-2011-1202: Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 53779
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53779
    title openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-4456)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLA-XULRUNNER191-7492.NASL
    description Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits. (MFSA 2011-12) Mozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6. (CVE-2011-0081) The web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069) Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070) Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080) Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 / CVE-2011-0075) Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 / CVE-2011-0078) Martin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072) - Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative. (MFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073) - Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history. (MFSA 2011-14 / CVE-2011-0067) - Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system. (MFSA 2011-18 / CVE-2011-1202)
    last seen 2019-02-21
    modified 2013-11-29
    plugin id 57228
    published 2011-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57228
    title SuSE 10 Security Update : Mozilla XULrunner (ZYPP Patch Number 7492)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0471.NASL
    description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0080, CVE-2011-0081) An arbitrary memory write flaw was found in the way Firefox handled out-of-memory conditions. If all memory was consumed when a user visited a malicious web page, it could possibly lead to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0078) An integer overflow flaw was found in the way Firefox handled the HTML frameset tag. A web page with a frameset tag containing large values for the 'rows' and 'cols' attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0077) A flaw was found in the way Firefox handled the HTML iframe tag. A web page with an iframe tag containing a specially crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0075) A flaw was found in the way Firefox displayed multiple marquee elements. A malformed HTML document could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0074) A flaw was found in the way Firefox handled the nsTreeSelection element. Malformed content could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0073) A use-after-free flaw was found in the way Firefox appended frame and iframe elements to a DOM tree when the NoScript add-on was enabled. Malicious HTML content could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0072) A directory traversal flaw was found in the Firefox resource:// protocol handler. Malicious content could cause Firefox to access arbitrary files accessible to the user running Firefox. (CVE-2011-0071) A double free flaw was found in the way Firefox handled 'application/http-index-format' documents. A malformed HTTP response could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0070) A flaw was found in the way Firefox handled certain JavaScript cross-domain requests. If malicious content generated a large number of cross-domain JavaScript requests, it could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0069) A flaw was found in the way Firefox displayed the autocomplete pop-up. Malicious content could use this flaw to steal form history information. (CVE-2011-0067) Two use-after-free flaws were found in the Firefox mObserverList and mChannel objects. Malicious content could use these flaws to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0066, CVE-2011-0065) A flaw was found in the Firefox XSLT generate-id() function. This function returned the memory address of an object in memory, which could possibly be used by attackers to bypass address randomization protections. (CVE-2011-1202) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.17. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.17, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 53580
    published 2011-04-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53580
    title RHEL 4 / 5 / 6 : firefox (RHSA-2011:0471)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_MOZILLA-XULRUNNER191-110429.NASL
    description Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits. (MFSA 2011-12) - Mozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6 (CVE-2011-0081) The web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069) Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070) Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080) Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 / CVE-2011-0075) Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 / CVE-2011-0078) Martin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072) - Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative. (MFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073) - Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history. (MFSA 2011-14 / CVE-2011-0067) - Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system. (MFSA 2011-18 / CVE-2011-1202)
    last seen 2019-02-21
    modified 2013-11-29
    plugin id 53648
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53648
    title SuSE 11.1 Security Update : Mozilla-XULrunner (SAT Patch Number 4461)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_401.NASL
    description The installed version of Firefox 4.0 is earlier than 4.0.1. As such, it is potentially affected by the following security issues : - A buffer overflow exists in the WebGLES library. Additionally, the Windows version was not compiled with ASLR enabled. (CVE-2011-0068) - Multiple memory safety issues can lead to application crashes and possibly remote code execution. (CVE-2011-0069, CVE-2011-0070, CVE-2011-0079, CVE-2011-0081) - An information disclosure vulnerability exists in the 'xsltGenerateIdFunction' function in the included libxslt library. (CVE-2011-1202)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 53595
    published 2011-04-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53595
    title Firefox 4.0 < 4.0.1 Multiple Vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1122-2.NASL
    description USN-1122-1 fixed vulnerabilities in Thunderbird for Lucid and Maverick. This update provides the corresponding fixes for Natty. It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0081) It was discovered that Thunderbird incorrectly handled certain JavaScript requests. If JavaScript were enabled, an attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0069) Ian Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0070) Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman discovered several memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0080) Aki Helin discovered multiple vulnerabilities in the HTML rendering code. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0074, CVE-2011-0075) Ian Beer discovered multiple overflow vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0077, CVE-2011-0078) Martin Barbella discovered a memory vulnerability in the handling of certain DOM elements. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0072) It was discovered that there were use-after-free vulnerabilities in Thunderbird's mChannel and mObserverList objects. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0065, CVE-2011-0066) It was discovered that there was a vulnerability in the handling of the nsTreeSelection element. An attacker sending a specially crafted E-Mail could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0073) Paul Stone discovered a vulnerability in the handling of Java applets. If plugins were enabled, an attacker could use this to mimic interaction with form autocomplete controls and steal entries from the form history. (CVE-2011-0067) Soroush Dalili discovered a vulnerability in the resource: protocol. This could potentially allow an attacker to load arbitrary files that were accessible to the user running Thunderbird. (CVE-2011-0071) Chris Evans discovered a vulnerability in Thunderbird's XSLT generate-id() function. An attacker could possibly use this vulnerability to make other attacks more reliable. (CVE-2011-1202). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 55081
    published 2011-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55081
    title Ubuntu 11.04 : thunderbird vulnerabilities (USN-1122-2)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_3617.NASL
    description The installed version of Firefox 3.6 is earlier than 3.6.17. Such versions are potentially affected by the following security issues : - Multiple use-after-free errors exist in the handling of the object attributes 'mChannel', 'mObserverList' and 'nsTreeRange'. (CVE-2011-0065, CVE-2011-0066, CVE-2011-0073) - An error exists in the handling of Java applets that can allow sensitive form history data to be accessed. (CVE-2011-0067) - An error in the resource protocol can allow directory traversal. (CVE-2011-0071) - Multiple memory safety issues can lead to application crashes and possibly remote code execution. (CVE-2011-0069, CVE-2011-0070, CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0080, CVE-2011-0081) - An information disclosure vulnerability exists in the 'xsltGenerateIdFunction' function in the included libxslt library. (CVE-2011-1202)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 53594
    published 2011-04-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53594
    title Firefox 3.6 < 3.6.17 Multiple Vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1123-1.NASL
    description A large number of security issues were discovered in the Gecko rendering engine. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 55083
    published 2011-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55083
    title Ubuntu 9.10 : Multiple Xulrunner 1.9.1 vulnerabilities (USN-1123-1)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2013-0001.NASL
    description a. VMware vSphere client-side authentication memory corruption vulnerability VMware vCenter Server, vSphere Client, and ESX contain a vulnerability in the handling of the management authentication protocol. To exploit this vulnerability, an attacker must convince either vCenter Server, vSphere Client or ESX to interact with a malicious server as a client. Exploitation of the issue may lead to code execution on the client system. To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2013-1405 to this issue. b. Update to ESX/ESXi libxml2 userworld and service console The ESX/ESXi userworld libxml2 library has been updated to resolve multiple security issues. Also, the ESX service console libxml2 packages are updated to the following versions : libxml2-2.6.26-2.1.15.el5_8.5 libxml2-python-2.6.26-2.1.15.el5_8.5 These updates fix multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-3102 and CVE-2012-2807 to these issues. c. Update to ESX service console bind packages The ESX service console bind packages are updated to the following versions : bind-libs-9.3.6-20.P1.el5_8.2 bind-utils-9.3.6-20.P1.el5_8.2 These updates fix a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-4244 to this issue. d. Update to ESX service console libxslt package The ESX service console libxslt package is updated to version libxslt-1.1.17-4.el5_8.3 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1202, CVE-2011-3970, CVE-2012-2825, CVE-2012-2870, and CVE-2012-2871 to these issues.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 64642
    published 2013-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64642
    title VMSA-2013-0001 : VMware vSphere security updates for the authentication service and third-party libraries
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-1265.NASL
    description Updated libxslt packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2871) Several denial of service flaws were found in libxslt. An attacker could use these flaws to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash. (CVE-2012-2825, CVE-2012-2870, CVE-2011-3970) An information leak could occur if an application using libxslt processed an untrusted XPath expression, or used a malicious XSL file to perform an XSL transformation. If combined with other flaws, this leak could possibly help an attacker bypass intended memory corruption protections. (CVE-2011-1202) All libxslt users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libxslt must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 62090
    published 2012-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62090
    title RHEL 5 / 6 : libxslt (RHSA-2012:1265)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1122-1.NASL
    description It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0081) It was discovered that Thunderbird incorrectly handled certain JavaScript requests. If JavaScript were enabled, an attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0069) Ian Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0070) Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman discovered several memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0080) Aki Helin discovered multiple vulnerabilities in the HTML rendering code. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0074, CVE-2011-0075) Ian Beer discovered multiple overflow vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0077, CVE-2011-0078) Martin Barbella discovered a memory vulnerability in the handling of certain DOM elements. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0072) It was discovered that there were use-after-free vulnerabilities in Thunderbird's mChannel and mObserverList objects. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0065, CVE-2011-0066) It was discovered that there was a vulnerability in the handling of the nsTreeSelection element. An attacker sending a specially crafted E-Mail could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0073) Paul Stone discovered a vulnerability in the handling of Java applets. If plugins were enabled, an attacker could use this to mimic interaction with form autocomplete controls and steal entries from the form history. (CVE-2011-0067) Soroush Dalili discovered a vulnerability in the resource: protocol. This could potentially allow an attacker to load arbitrary files that were accessible to the user running Thunderbird. (CVE-2011-0071) Chris Evans discovered a vulnerability in Thunderbird's XSLT generate-id() function. An attacker could possibly use this vulnerability to make other attacks more reliable. (CVE-2011-1202). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 55080
    published 2011-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55080
    title Ubuntu 10.04 LTS / 10.10 : thunderbird vulnerabilities (USN-1122-1)
  • NASL family Misc.
    NASL id VMWARE_ESX_VMSA-2013-0001_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - Authentication Service - bind - libxml2 - libxslt
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 89661
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89661
    title VMware ESX / ESXi Authentication Service and Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0001) (remote check)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-14048.NASL
    description Lot of security fixes and a few other bugs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 62326
    published 2012-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62326
    title Fedora 16 : libxslt-1.1.26-9.fc16 (2012-14048)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-14083.NASL
    description Lot of security fixes and a few other bugs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 62328
    published 2012-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62328
    title Fedora 17 : libxslt-1.1.26-10.fc17 (2012-14083)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1595-1.NASL
    description Chris Evans discovered that libxslt incorrectly handled generate-id XPath functions. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could obtain potentially sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 11.04. (CVE-2011-1202) It was discovered that libxslt incorrectly parsed certain patterns. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service. (CVE-2011-3970) Nicholas Gregoire discovered that libxslt incorrectly handled unexpected DTD nodes. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service. (CVE-2012-2825) Nicholas Gregoire discovered that libxslt incorrectly managed memory. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service. (CVE-2012-2870) Nicholas Gregoire discovered that libxslt incorrectly handled certain transforms. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service, or possibly execute arbitrary code. (CVE-2012-2871) Cris Neckar discovered that libxslt incorrectly managed memory. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service, or possibly execute arbitrary code. (CVE-2012-2893). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 62435
    published 2012-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62435
    title Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : libxslt vulnerabilities (USN-1595-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-15716.NASL
    description Fix a default namespace regression in 1.1.27 Upstream new release also including a number of security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 63195
    published 2012-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63195
    title Fedora 18 : libxslt-1.1.27-2.fc18 (2012-15716)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2012-123.NASL
    description A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2871) Several denial of service flaws were found in libxslt. An attacker could use these flaws to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash. (CVE-2012-2825 , CVE-2012-2870 , CVE-2011-3970) An information leak could occur if an application using libxslt processed an untrusted XPath expression, or used a malicious XSL file to perform an XSL transformation. If combined with other flaws, this leak could possibly help an attacker bypass intended memory corruption protections. (CVE-2011-1202)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69613
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69613
    title Amazon Linux AMI : libxslt (ALAS-2012-123)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_LIBXSLT_20140114_2.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. (CVE-2011-1202) - The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. (CVE-2012-2825) - libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c. (CVE-2012-2870) - libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. (CVE-2012-2871) - Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms. (CVE-2012-2893)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80695
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80695
    title Oracle Solaris Third-Party Patch Update : libxslt (multiple_vulnerabilities_in_libxslt)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201301-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 63402
    published 2013-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63402
    title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-164.NASL
    description Multiple vulnerabilities has been discovered and corrected in libxslt : Unspecified vulnerability in XSLT allows remote attackers to obtain potentially sensitive information about heap memory addresses via unknown vectors (CVE-2011-1202). libxslt 1.1.26 and earlier does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c (CVE-2012-2870). libxml2 2.9.0-rc1 and earlier does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h (CVE-2012-2871). Double free vulnerability in libxslt allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms (CVE-2012-2893). The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 62504
    published 2012-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62504
    title Mandriva Linux Security Advisory : libxslt (MDVSA-2012:164)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-1265.NASL
    description From Red Hat Security Advisory 2012:1265 : Updated libxslt packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2871) Several denial of service flaws were found in libxslt. An attacker could use these flaws to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash. (CVE-2012-2825, CVE-2012-2870, CVE-2011-3970) An information leak could occur if an application using libxslt processed an untrusted XPath expression, or used a malicious XSL file to perform an XSL transformation. If combined with other flaws, this leak could possibly help an attacker bypass intended memory corruption protections. (CVE-2011-1202) All libxslt users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libxslt must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68622
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68622
    title Oracle Linux 5 / 6 : libxslt (ELSA-2012-1265)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_MOZILLA-XULRUNNER191-110429.NASL
    description Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release. MFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits Mozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6 (CVE-2011-0081) The web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069) Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070) Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080) Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 , CVE-2011-0075) Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 , CVE-2011-0078) Martin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072) MFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative. MFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history. MFSA 2011-18 / CVE-2011-1202: Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 75675
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75675
    title openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-4456)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1122-3.NASL
    description USN-1122-2 fixed vulnerabilities in Thunderbird on Ubuntu 11.04. A regression was introduced which caused Thunderbird to display an empty menu bar. This update fixes the problem. We apologize for the inconvenience. It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0081) It was discovered that Thunderbird incorrectly handled certain JavaScript requests. If JavaScript were enabled, an attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0069) Ian Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0070) Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman discovered several memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0080) Aki Helin discovered multiple vulnerabilities in the HTML rendering code. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0074, CVE-2011-0075) Ian Beer discovered multiple overflow vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0077, CVE-2011-0078) Martin Barbella discovered a memory vulnerability in the handling of certain DOM elements. An attacker could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0072) It was discovered that there were use-after-free vulnerabilities in Thunderbird's mChannel and mObserverList objects. An attacker could exploit these to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0065, CVE-2011-0066) It was discovered that there was a vulnerability in the handling of the nsTreeSelection element. An attacker sending a specially crafted E-Mail could exploit this to possibly run arbitrary code as the user running Thunderbird. (CVE-2011-0073) Paul Stone discovered a vulnerability in the handling of Java applets. If plugins were enabled, an attacker could use this to mimic interaction with form autocomplete controls and steal entries from the form history. (CVE-2011-0067) Soroush Dalili discovered a vulnerability in the resource: protocol. This could potentially allow an attacker to load arbitrary files that were accessible to the user running Thunderbird. (CVE-2011-0071) Chris Evans discovered a vulnerability in Thunderbird's XSLT generate-id() function. An attacker could possibly use this vulnerability to make other attacks more reliable. (CVE-2011-1202). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 55082
    published 2011-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55082
    title Ubuntu 11.04 : thunderbird regression (USN-1122-3)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20110428_FIREFOX_ON_SL4_X.NASL
    description Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0080, CVE-2011-0081) An arbitrary memory write flaw was found in the way Firefox handled out-of-memory conditions. If all memory was consumed when a user visited a malicious web page, it could possibly lead to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0078) An integer overflow flaw was found in the way Firefox handled the HTML frameset tag. A web page with a frameset tag containing large values for the 'rows' and 'cols' attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0077) A flaw was found in the way Firefox handled the HTML iframe tag. A web page with an iframe tag containing a specially crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0075) A flaw was found in the way Firefox displayed multiple marquee elements. A malformed HTML document could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0074) A flaw was found in the way Firefox handled the nsTreeSelection element. Malformed content could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0073) A use-after-free flaw was found in the way Firefox appended frame and iframe elements to a DOM tree when the NoScript add-on was enabled. Malicious HTML content could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0072) A directory traversal flaw was found in the Firefox resource:// protocol handler. Malicious content could cause Firefox to access arbitrary files accessible to the user running Firefox. (CVE-2011-0071) A double free flaw was found in the way Firefox handled 'application/http-index-format' documents. A malformed HTTP response could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0070) A flaw was found in the way Firefox handled certain JavaScript cross-domain requests. If malicious content generated a large number of cross-domain JavaScript requests, it could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0069) A flaw was found in the way Firefox displayed the autocomplete pop-up. Malicious content could use this flaw to steal form history information. (CVE-2011-0067) Two use-after-free flaws were found in the Firefox mObserverList and mChannel objects. Malicious content could use these flaws to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0066, CVE-2011-0065) A flaw was found in the Firefox XSLT generate-id() function. This function returned the memory address of an object in memory, which could possibly be used by attackers to bypass address randomization protections. (CVE-2011-1202) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.17. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.17, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61025
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61025
    title Scientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_3519.NASL
    description The installed version of Firefox is earlier than 3.5.19. Such versions are potentially affected by the following security issues : - Multiple use-after-free errors exist in the handling of the object attributes 'mChannel', 'mObserverList' and 'nsTreeRange'. (CVE-2011-0065, CVE-2011-0066, CVE-2011-0073) - An error exists in the handling of Java applets that can allow sensitive form history data to be accessed. (CVE-2011-0067) - An error in the resource protocol can allow a directory traversal attack. (CVE-2011-0071) - Multiple memory safety issues can lead to application crashes and possibly remote code execution. (CVE-2011-0069, CVE-2011-0070, CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0080) - An information disclosure vulnerability exists in the 'xsltGenerateIdFunction' function in the included libxslt library. (CVE-2011-1202)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 53593
    published 2011-04-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53593
    title Firefox < 3.5.19 Multiple Vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-0471.NASL
    description From Red Hat Security Advisory 2011:0471 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0080, CVE-2011-0081) An arbitrary memory write flaw was found in the way Firefox handled out-of-memory conditions. If all memory was consumed when a user visited a malicious web page, it could possibly lead to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0078) An integer overflow flaw was found in the way Firefox handled the HTML frameset tag. A web page with a frameset tag containing large values for the 'rows' and 'cols' attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0077) A flaw was found in the way Firefox handled the HTML iframe tag. A web page with an iframe tag containing a specially crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0075) A flaw was found in the way Firefox displayed multiple marquee elements. A malformed HTML document could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0074) A flaw was found in the way Firefox handled the nsTreeSelection element. Malformed content could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0073) A use-after-free flaw was found in the way Firefox appended frame and iframe elements to a DOM tree when the NoScript add-on was enabled. Malicious HTML content could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0072) A directory traversal flaw was found in the Firefox resource:// protocol handler. Malicious content could cause Firefox to access arbitrary files accessible to the user running Firefox. (CVE-2011-0071) A double free flaw was found in the way Firefox handled 'application/http-index-format' documents. A malformed HTTP response could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0070) A flaw was found in the way Firefox handled certain JavaScript cross-domain requests. If malicious content generated a large number of cross-domain JavaScript requests, it could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0069) A flaw was found in the way Firefox displayed the autocomplete pop-up. Malicious content could use this flaw to steal form history information. (CVE-2011-0067) Two use-after-free flaws were found in the Firefox mObserverList and mChannel objects. Malicious content could use these flaws to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0066, CVE-2011-0065) A flaw was found in the Firefox XSLT generate-id() function. This function returned the memory address of an object in memory, which could possibly be used by attackers to bypass address randomization protections. (CVE-2011-1202) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.17. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.17, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 68261
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68261
    title Oracle Linux 4 / 5 / 6 : firefox (ELSA-2011-0471)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_MOZILLAFIREFOX-110429.NASL
    description Mozilla Firefox was updated to the 3.6.17 security release. MFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits Mozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6 (CVE-2011-0081) The web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069) Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070) Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080) Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 , CVE-2011-0075) Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 , CVE-2011-0078) Martin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072) MFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative. MFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history. MFSA 2011-15 / CVE-2011-0076: David Remahl of Apple Product Security reported that the Java Embedding Plugin (JEP) shipped with the Mac OS X versions of Firefox could be exploited to obtain elevated access to resources on a user's system. MFSA 2011-16 / CVE-2011-0071: Security researcher Soroush Dalili reported that the resource: protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. The impact would depend on whether interesting files existed in predictable locations in a useful format. For example, the existence or non-existence of particular images might indicate whether certain software was installed. MFSA 2011-18 / CVE-2011-1202: Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 53772
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53772
    title openSUSE Security Update : MozillaFirefox (MozillaFirefox-4459)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_MOZILLAFIREFOX-110429.NASL
    description Mozilla Firefox was updated to the 3.6.17 security release. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits. (MFSA 2011-12) Mozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6. (CVE-2011-0081) - The web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069) Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070) Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080) Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 / CVE-2011-0075) Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 / CVE-2011-0078) Martin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072) - Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative. (MFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073) - Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history. (MFSA 2011-14 / CVE-2011-0067) - David Remahl of Apple Product Security reported that the Java Embedding Plugin (JEP) shipped with the Mac OS X versions of Firefox could be exploited to obtain elevated access to resources on a user's system. (MFSA 2011-15 / CVE-2011-0076) - Security researcher Soroush Dalili reported that the resource: protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. The impact would depend on whether interesting files existed in predictable locations in a useful format. For example, the existence or non-existence of particular images might indicate whether certain software was installed. (MFSA 2011-16 / CVE-2011-0071) - Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system. (MFSA 2011-18 / CVE-2011-1202)
    last seen 2019-02-21
    modified 2013-11-29
    plugin id 53647
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53647
    title SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 4463)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLAFIREFOX-7491.NASL
    description Mozilla Firefox was updated to the 3.6.17 security release. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits. (MFSA 2011-12) Mozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6. (CVE-2011-0081) The web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069) Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070) Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080) Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 / CVE-2011-0075) Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 / CVE-2011-0078) Martin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072) - Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative. (MFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073) - Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history. (MFSA 2011-14 / CVE-2011-0067) - David Remahl of Apple Product Security reported that the Java Embedding Plugin (JEP) shipped with the Mac OS X versions of Firefox could be exploited to obtain elevated access to resources on a user's system. (MFSA 2011-15 / CVE-2011-0076) - Security researcher Soroush Dalili reported that the resource: protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. The impact would depend on whether interesting files existed in predictable locations in a useful format. For example, the existence or non-existence of particular images might indicate whether certain software was installed. (MFSA 2011-16 / CVE-2011-0071) - Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system. (MFSA 2011-18 / CVE-2011-1202)
    last seen 2019-02-21
    modified 2013-11-29
    plugin id 53649
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53649
    title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7491)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_MOZILLA-JS192-110429.NASL
    description Mozilla XULRunner 1.9.2 was updated to the 1.9.2.17 security release. MFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits Mozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6 (CVE-2011-0081) The web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069) Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070) Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080) Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 , CVE-2011-0075) Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 , CVE-2011-0078) Martin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072) MFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative. MFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history. MFSA 2011-15 / CVE-2011-0076: David Remahl of Apple Product Security reported that the Java Embedding Plugin (JEP) shipped with the Mac OS X versions of Firefox could be exploited to obtain elevated access to resources on a user's system. MFSA 2011-16 / CVE-2011-0071: Security researcher Soroush Dalili reported that the resource: protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. The impact would depend on whether interesting files existed in predictable locations in a useful format. For example, the existence or non-existence of particular images might indicate whether certain software was installed. MFSA 2011-18 / CVE-2011-1202: Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 75956
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75956
    title openSUSE Security Update : mozilla-js192 (mozilla-js192-4460)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1121-1.NASL
    description Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, and Ted Mielczarek discovered multiple memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. (CVE-2011-0079) It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0081) It was discovered that Firefox incorrectly handled certain JavaScript requests. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0069) Ian Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0070) Chris Evans discovered a vulnerability in Firefox's XSLT generate-id() function. An attacker could possibly use this vulnerability to make other attacks more reliable. (CVE-2011-1202). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 55079
    published 2011-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55079
    title Ubuntu 11.04 : Firefox vulnerabilities (USN-1121-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1112-1.NASL
    description It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0081) It was discovered that Firefox incorrectly handled certain JavaScript requests. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0069) Ian Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0070) Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman discovered several memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. (CVE-2011-0080) Aki Helin discovered multiple vulnerabilities in the HTML rendering code. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. (CVE-2011-0074, CVE-2011-0075) Ian Beer discovered multiple overflow vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. (CVE-2011-0077, CVE-2011-0078) Martin Barbella discovered a memory vulnerability in the handling of certain DOM elements. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0072) It was discovered that there were use-after-free vulnerabilities in Firefox's mChannel and mObserverList objects. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. (CVE-2011-0065, CVE-2011-0066) It was discovered that there was a vulnerability in the handling of the nsTreeSelection element. An attacker serving malicious content could exploit this to possibly run arbitrary code as the user running Firefox. (CVE-2011-0073) Paul Stone discovered a vulnerability in the handling of Java applets. An attacker could use this to mimic interaction with form autocomplete controls and steal entries from the form history. (CVE-2011-0067) Soroush Dalili discovered a vulnerability in the resource: protocol. This could potentially allow an attacker to load arbitrary files that were accessible to the user running Firefox. (CVE-2011-0071) Chris Evans discovered a vulnerability in Firefox's XSLT generate-id() function. An attacker could possibly use this vulnerability to make other attacks more reliable. (CVE-2011-1202). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 55070
    published 2011-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55070
    title Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.2 vulnerabilities (USN-1112-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-1265.NASL
    description Updated libxslt packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2871) Several denial of service flaws were found in libxslt. An attacker could use these flaws to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash. (CVE-2012-2825, CVE-2012-2870, CVE-2011-3970) An information leak could occur if an application using libxslt processed an untrusted XPath expression, or used a malicious XSL file to perform an XSL transformation. If combined with other flaws, this leak could possibly help an attacker bypass intended memory corruption protections. (CVE-2011-1202) All libxslt users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libxslt must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 62085
    published 2012-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62085
    title CentOS 5 / 6 : libxslt (CESA-2012:1265)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120913_LIBXSLT_ON_SL5_X.NASL
    description A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2871) Several denial of service flaws were found in libxslt. An attacker could use these flaws to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash. (CVE-2012-2825, CVE-2012-2870, CVE-2011-3970) An information leak could occur if an application using libxslt processed an untrusted XPath expression, or used a malicious XSL file to perform an XSL transformation. If combined with other flaws, this leak could possibly help an attacker bypass intended memory corruption protections. (CVE-2011-1202) All running applications linked against libxslt must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 62107
    published 2012-09-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62107
    title Scientific Linux Security Update : libxslt on SL5.x, SL6.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_MOZILLAFIREFOX-110429.NASL
    description Mozilla Firefox was updated to the 3.6.17 security release. MFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Credits Mozilla developer Scoobidiver reported a memory safety issue which affected Firefox 4 and Firefox 3.6 (CVE-2011-0081) The web development team of Alcidion reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0069) Ian Beer reported a crash that affected Firefox 4, Firefox 3.6 and Firefox 3.5. (CVE-2011-0070) Mozilla developers Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0080) Aki Helin reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0074 , CVE-2011-0075) Ian Beer reported memory safety issues which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0077 , CVE-2011-0078) Martin Barbella reported a memory safety issue which affected Firefox 3.6 and Firefox 3.5. (CVE-2011-0072) MFSA 2011-13 / CVE-2011-0065 / CVE-2011-0066 / CVE-2011-0073: Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative. MFSA 2011-14 / CVE-2011-0067: Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history. MFSA 2011-15 / CVE-2011-0076: David Remahl of Apple Product Security reported that the Java Embedding Plugin (JEP) shipped with the Mac OS X versions of Firefox could be exploited to obtain elevated access to resources on a user's system. MFSA 2011-16 / CVE-2011-0071: Security researcher Soroush Dalili reported that the resource: protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. The impact would depend on whether interesting files existed in predictable locations in a useful format. For example, the existence or non-existence of particular images might indicate whether certain software was installed. MFSA 2011-18 / CVE-2011-1202: Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 75652
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75652
    title openSUSE Security Update : MozillaFirefox (MozillaFirefox-4459)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2011-079.NASL
    description Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system (CVE-2011-1202). Security researcher Soroush Dalili reported that the resource: protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. The impact would depend on whether interesting files existed in predictable locations in a useful format. For example, the existence or non-existence of particular images might indicate whether certain software was installed (CVE-2011-0071). David Remahl of Apple Product Security reported that the Java Embedding Plugin (JEP) shipped with the Mac OS X versions of Firefox could be exploited to obtain elevated access to resources on a user's system (CVE-2011-0076). Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history (CVE-2011-0067). Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative (CVE-2011-0065, CVE-2011-0066, CVE-2011-0073). Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code (CVE-2011-0081, CVE-2011-0069, CVE-2011-0070, CVE-2011-0080, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0072). Additionally the sqlite3 packages were upgraded to the 3.7.6.2 version. A new package that provides /usr/bin/lemon was added. The lemon software was previousely provided with sqlite3 and is used in some cases when building php. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 Additionally, some packages which require so, have been rebuilt and are being provided as updates.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 53616
    published 2011-05-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53616
    title Mandriva Linux Security Advisory : firefox (MDVSA-2011:079)
oval via4
accepted 2014-04-07T04:00:59.552-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization DTCC
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Google Chrome is installed
    oval oval:org.mitre.oval:def:11914
  • comment Google Chrome is installed
    oval oval:org.mitre.oval:def:11914
  • comment Google Chrome is installed
    oval oval:org.mitre.oval:def:11914
  • comment Google Chrome is installed
    oval oval:org.mitre.oval:def:11914
  • comment Google Chrome is installed
    oval oval:org.mitre.oval:def:11914
  • comment Google Chrome is installed
    oval oval:org.mitre.oval:def:11914
  • comment Google Chrome is installed
    oval oval:org.mitre.oval:def:11914
  • comment Google Chrome is installed
    oval oval:org.mitre.oval:def:11914
  • comment Google Chrome is installed
    oval oval:org.mitre.oval:def:11914
  • comment Google Chrome is installed
    oval oval:org.mitre.oval:def:11914
  • comment Google Chrome is installed
    oval oval:org.mitre.oval:def:11914
description The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
family windows
id oval:org.mitre.oval:def:14244
status accepted
submitted 2011-11-25T18:12:22.000-05:00
title The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
version 52
redhat via4
advisories
bugzilla
id 700677
title CVE-2011-0080 Mozilla memory safety issue (MFSA 2011-12)
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • comment firefox is earlier than 0:3.6.17-2.el4
      oval oval:com.redhat.rhsa:tst:20110471002
    • comment firefox is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20060733003
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment firefox is earlier than 0:3.6.17-1.el6_0
          oval oval:com.redhat.rhsa:tst:20110471008
        • comment firefox is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100861010
      • AND
        • comment xulrunner is earlier than 0:1.9.2.17-4.el6_0
          oval oval:com.redhat.rhsa:tst:20110471010
        • comment xulrunner is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100861006
      • AND
        • comment xulrunner-devel is earlier than 0:1.9.2.17-4.el6_0
          oval oval:com.redhat.rhsa:tst:20110471012
        • comment xulrunner-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100861008
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment firefox is earlier than 0:3.6.17-1.el5_6
          oval oval:com.redhat.rhsa:tst:20110471015
        • comment firefox is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070097009
      • AND
        • comment xulrunner is earlier than 0:1.9.2.17-3.el5_6
          oval oval:com.redhat.rhsa:tst:20110471017
        • comment xulrunner is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080569003
      • AND
        • comment xulrunner-devel is earlier than 0:1.9.2.17-3.el5_6
          oval oval:com.redhat.rhsa:tst:20110471019
        • comment xulrunner-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080569005
rhsa
id RHSA-2011:0471
released 2011-04-28
severity Critical
title RHSA-2011:0471: firefox security update (Critical)
rpms
  • firefox-0:3.6.17-2.el4
  • firefox-0:3.6.17-1.el6_0
  • xulrunner-0:1.9.2.17-4.el6_0
  • xulrunner-devel-0:1.9.2.17-4.el6_0
  • firefox-0:3.6.17-1.el5_6
  • xulrunner-0:1.9.2.17-3.el5_6
  • xulrunner-devel-0:1.9.2.17-3.el5_6
  • libxslt-0:1.1.17-4.el5_8.3
  • libxslt-devel-0:1.1.17-4.el5_8.3
  • libxslt-python-0:1.1.17-4.el5_8.3
  • libxslt-0:1.1.26-2.el6_3.1
  • libxslt-devel-0:1.1.26-2.el6_3.1
  • libxslt-python-0:1.1.26-2.el6_3.1
refmap via4
bid 46785
confirm
mandriva
  • MDVSA-2011:079
  • MDVSA-2012:164
misc http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html
vupen ADV-2011-0628
xf google-xslt-info-disclosure(65966)
vmware via4
description The ESX service console libxslt package is updated to version libxslt-1.1.17-4.el5_8.3 to resolve multiple security issues.
id VMSA-2013-0001
last_updated 2013-05-30T00:00:00
published 2013-01-31T00:00:00
title Update to ESX service console libxslt package
Last major update 06-01-2017 - 21:59
Published 10-03-2011 - 21:01
Last modified 18-09-2017 - 21:32
Back to Top