ID CVE-2012-1937
Summary Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
References
Vulnerable Configurations
  • Mozilla Firefox 4.0
    cpe:2.3:a:mozilla:firefox:4.0
  • Mozilla Firefox 4.0 beta1
    cpe:2.3:a:mozilla:firefox:4.0:beta1
  • Mozilla Firefox 4.0 beta10
    cpe:2.3:a:mozilla:firefox:4.0:beta10
  • Mozilla Firefox 4.0 beta11
    cpe:2.3:a:mozilla:firefox:4.0:beta11
  • Mozilla Firefox 4.0 beta12
    cpe:2.3:a:mozilla:firefox:4.0:beta12
  • Mozilla Firefox 4.0 beta2
    cpe:2.3:a:mozilla:firefox:4.0:beta2
  • Mozilla Firefox 4.0 beta3
    cpe:2.3:a:mozilla:firefox:4.0:beta3
  • Mozilla Firefox 4.0 beta4
    cpe:2.3:a:mozilla:firefox:4.0:beta4
  • Mozilla Firefox 4.0 beta5
    cpe:2.3:a:mozilla:firefox:4.0:beta5
  • Mozilla Firefox 4.0 beta6
    cpe:2.3:a:mozilla:firefox:4.0:beta6
  • Mozilla Firefox 4.0 beta7
    cpe:2.3:a:mozilla:firefox:4.0:beta7
  • Mozilla Firefox 4.0 beta8
    cpe:2.3:a:mozilla:firefox:4.0:beta8
  • Mozilla Firefox 4.0 beta9
    cpe:2.3:a:mozilla:firefox:4.0:beta9
  • Mozilla Firefox 4.0.1
    cpe:2.3:a:mozilla:firefox:4.0.1
  • Mozilla Firefox 5.0
    cpe:2.3:a:mozilla:firefox:5.0
  • Mozilla Firefox 5.0.1
    cpe:2.3:a:mozilla:firefox:5.0.1
  • Mozilla Firefox 6.0
    cpe:2.3:a:mozilla:firefox:6.0
  • Mozilla Firefox 6.0.1
    cpe:2.3:a:mozilla:firefox:6.0.1
  • Mozilla Firefox 6.0.2
    cpe:2.3:a:mozilla:firefox:6.0.2
  • Mozilla Firefox 7.0
    cpe:2.3:a:mozilla:firefox:7.0
  • Mozilla Firefox 7.0.1
    cpe:2.3:a:mozilla:firefox:7.0.1
  • Mozilla Firefox 8.0
    cpe:2.3:a:mozilla:firefox:8.0
  • Mozilla Firefox 8.0.1
    cpe:2.3:a:mozilla:firefox:8.0.1
  • Mozilla Firefox 9.0
    cpe:2.3:a:mozilla:firefox:9.0
  • Mozilla Firefox 9.0.1
    cpe:2.3:a:mozilla:firefox:9.0.1
  • Mozilla Firefox 10.0
    cpe:2.3:a:mozilla:firefox:10.0
  • Mozilla Firefox 10.0.1
    cpe:2.3:a:mozilla:firefox:10.0.1
  • Mozilla Firefox 10.0.2
    cpe:2.3:a:mozilla:firefox:10.0.2
  • Mozilla Firefox 11.0
    cpe:2.3:a:mozilla:firefox:11.0
  • Mozilla Firefox 12.0
    cpe:2.3:a:mozilla:firefox:12.0
  • Mozilla Firefox 12.0 beta6
    cpe:2.3:a:mozilla:firefox:12.0:beta6
  • Mozilla Firefox Extended Support Release (ESR) 10.0
    cpe:2.3:a:mozilla:firefox_esr:10.0
  • Mozilla Firefox Extended Support Release (ESR) 10.1
    cpe:2.3:a:mozilla:firefox_esr:10.0.1
  • Mozilla Firefox Extended Support Release (ESR) 10.0.2
    cpe:2.3:a:mozilla:firefox_esr:10.0.2
  • Mozilla Firefox Extended Support Release (ESR) 10.0.3
    cpe:2.3:a:mozilla:firefox_esr:10.0.3
  • Mozilla Firefox Extended Support Release (ESR) 10.0.4
    cpe:2.3:a:mozilla:firefox_esr:10.0.4
  • Mozilla SeaMonkey 1.0
    cpe:2.3:a:mozilla:seamonkey:1.0
  • Mozilla SeaMonkey 1.0 alpha
    cpe:2.3:a:mozilla:seamonkey:1.0:alpha
  • Mozilla SeaMonkey 1.0 beta
    cpe:2.3:a:mozilla:seamonkey:1.0:beta
  • Mozilla SeaMonkey 1.0.1
    cpe:2.3:a:mozilla:seamonkey:1.0.1
  • Mozilla SeaMonkey 1.0.2
    cpe:2.3:a:mozilla:seamonkey:1.0.2
  • Mozilla SeaMonkey 1.0.3
    cpe:2.3:a:mozilla:seamonkey:1.0.3
  • Mozilla SeaMonkey 1.0.4
    cpe:2.3:a:mozilla:seamonkey:1.0.4
  • Mozilla SeaMonkey 1.0.5
    cpe:2.3:a:mozilla:seamonkey:1.0.5
  • Mozilla SeaMonkey 1.0.6
    cpe:2.3:a:mozilla:seamonkey:1.0.6
  • Mozilla SeaMonkey 1.0.7
    cpe:2.3:a:mozilla:seamonkey:1.0.7
  • Mozilla SeaMonkey 1.0.8
    cpe:2.3:a:mozilla:seamonkey:1.0.8
  • Mozilla SeaMonkey 1.0.9
    cpe:2.3:a:mozilla:seamonkey:1.0.9
  • Mozilla SeaMonkey 1.1
    cpe:2.3:a:mozilla:seamonkey:1.1
  • Mozilla SeaMonkey 1.1 alpha
    cpe:2.3:a:mozilla:seamonkey:1.1:alpha
  • Mozilla SeaMonkey 1.1 beta
    cpe:2.3:a:mozilla:seamonkey:1.1:beta
  • Mozilla Seamonkey 1.1.1
    cpe:2.3:a:mozilla:seamonkey:1.1.1
  • Mozilla Seamonkey 1.1.2
    cpe:2.3:a:mozilla:seamonkey:1.1.2
  • Mozilla Seamonkey 1.1.3
    cpe:2.3:a:mozilla:seamonkey:1.1.3
  • Mozilla Seamonkey 1.1.4
    cpe:2.3:a:mozilla:seamonkey:1.1.4
  • Mozilla Seamonkey 1.1.5
    cpe:2.3:a:mozilla:seamonkey:1.1.5
  • Mozilla Seamonkey 1.1.6
    cpe:2.3:a:mozilla:seamonkey:1.1.6
  • Mozilla Seamonkey 1.1.7
    cpe:2.3:a:mozilla:seamonkey:1.1.7
  • Mozilla SeaMonkey 1.1.8
    cpe:2.3:a:mozilla:seamonkey:1.1.8
  • Mozilla SeaMonkey 1.1.9
    cpe:2.3:a:mozilla:seamonkey:1.1.9
  • Mozilla SeaMonkey 1.1.10
    cpe:2.3:a:mozilla:seamonkey:1.1.10
  • Mozilla SeaMonkey 1.1.11
    cpe:2.3:a:mozilla:seamonkey:1.1.11
  • Mozilla SeaMonkey 1.1.12
    cpe:2.3:a:mozilla:seamonkey:1.1.12
  • Mozilla SeaMonkey 1.1.13
    cpe:2.3:a:mozilla:seamonkey:1.1.13
  • Mozilla SeaMonkey 1.1.14
    cpe:2.3:a:mozilla:seamonkey:1.1.14
  • Mozilla SeaMonkey 1.1.15
    cpe:2.3:a:mozilla:seamonkey:1.1.15
  • Mozilla SeaMonkey 1.1.16
    cpe:2.3:a:mozilla:seamonkey:1.1.16
  • Mozilla SeaMonkey 1.1.17
    cpe:2.3:a:mozilla:seamonkey:1.1.17
  • Mozilla Seamonkey 1.1.18
    cpe:2.3:a:mozilla:seamonkey:1.1.18
  • Mozilla Seamonkey 1.1.19
    cpe:2.3:a:mozilla:seamonkey:1.1.19
  • Mozilla SeaMonkey 1.5.0.8
    cpe:2.3:a:mozilla:seamonkey:1.5.0.8
  • Mozilla SeaMonkey 1.5.0.9
    cpe:2.3:a:mozilla:seamonkey:1.5.0.9
  • Mozilla SeaMonkey 1.5.0.10
    cpe:2.3:a:mozilla:seamonkey:1.5.0.10
  • Mozilla SeaMonkey 2.0
    cpe:2.3:a:mozilla:seamonkey:2.0
  • Mozilla SeaMonkey 2.0 Alpha 1
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1
  • Mozilla SeaMonkey 2.0 Alpha 2
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2
  • Mozilla SeaMonkey 2.0 Alpha 3
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3
  • Mozilla SeaMonkey 2.0 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.0:beta_1
  • Mozilla SeaMonkey 2.0 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.0:beta_2
  • Mozilla SeaMonkey 2.0 RC1
    cpe:2.3:a:mozilla:seamonkey:2.0:rc1
  • Mozilla SeaMonkey 2.0 RC2
    cpe:2.3:a:mozilla:seamonkey:2.0:rc2
  • Mozilla SeaMonkey 2.0.1
    cpe:2.3:a:mozilla:seamonkey:2.0.1
  • Mozilla SeaMonkey 2.0.2
    cpe:2.3:a:mozilla:seamonkey:2.0.2
  • Mozilla SeaMonkey 2.0.3
    cpe:2.3:a:mozilla:seamonkey:2.0.3
  • Mozilla SeaMonkey 2.0.4
    cpe:2.3:a:mozilla:seamonkey:2.0.4
  • Mozilla SeaMonkey 2.0.5
    cpe:2.3:a:mozilla:seamonkey:2.0.5
  • Mozilla SeaMonkey 2.0.6
    cpe:2.3:a:mozilla:seamonkey:2.0.6
  • Mozilla SeaMonkey 2.0.7
    cpe:2.3:a:mozilla:seamonkey:2.0.7
  • Mozilla SeaMonkey 2.0.8
    cpe:2.3:a:mozilla:seamonkey:2.0.8
  • Mozilla SeaMonkey 2.0.9
    cpe:2.3:a:mozilla:seamonkey:2.0.9
  • Mozilla SeaMonkey 2.0.10
    cpe:2.3:a:mozilla:seamonkey:2.0.10
  • Mozilla SeaMonkey 2.0.11
    cpe:2.3:a:mozilla:seamonkey:2.0.11
  • Mozilla SeaMonkey 2.0.12
    cpe:2.3:a:mozilla:seamonkey:2.0.12
  • Mozilla SeaMonkey 2.0.13
    cpe:2.3:a:mozilla:seamonkey:2.0.13
  • Mozilla SeaMonkey 2.0.14
    cpe:2.3:a:mozilla:seamonkey:2.0.14
  • Mozilla SeaMonkey 2.1
    cpe:2.3:a:mozilla:seamonkey:2.1
  • Mozilla SeaMonkey 2.1 alpha1
    cpe:2.3:a:mozilla:seamonkey:2.1:alpha1
  • Mozilla SeaMonkey 2.1 alpha2
    cpe:2.3:a:mozilla:seamonkey:2.1:alpha2
  • Mozilla SeaMonkey 2.1 alpha3
    cpe:2.3:a:mozilla:seamonkey:2.1:alpha3
  • Mozilla SeaMonkey 2.1 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.1:beta1
  • Mozilla SeaMonkey 2.1 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.1:beta2
  • Mozilla SeaMonkey 2.1 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.1:beta3
  • Mozilla SeaMonkey 2.1 Release Candidate 1
    cpe:2.3:a:mozilla:seamonkey:2.1:rc1
  • Mozilla SeaMonkey 2.1 Release Candidate 2
    cpe:2.3:a:mozilla:seamonkey:2.1:rc2
  • Mozilla SeaMonkey 2.2
    cpe:2.3:a:mozilla:seamonkey:2.2
  • Mozilla SeaMonkey 2.2 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.2:beta1
  • Mozilla SeaMonkey 2.2 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.2:beta2
  • Mozilla SeaMonkey 2.2 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.2:beta3
  • Mozilla SeaMonkey 2.3
    cpe:2.3:a:mozilla:seamonkey:2.3
  • Mozilla SeaMonkey 2.3 Beta1
    cpe:2.3:a:mozilla:seamonkey:2.3:beta1
  • Mozilla SeaMonkey 2.3 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.3:beta2
  • Mozilla SeaMonkey 2.3 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.3:beta3
  • Mozilla SeaMonkey 2.3.1
    cpe:2.3:a:mozilla:seamonkey:2.3.1
  • Mozilla SeaMonkey 2.3.2
    cpe:2.3:a:mozilla:seamonkey:2.3.2
  • Mozilla SeaMonkey 2.3.3
    cpe:2.3:a:mozilla:seamonkey:2.3.3
  • Mozilla SeaMonkey 2.4
    cpe:2.3:a:mozilla:seamonkey:2.4
  • Mozilla SeaMonkey 2.4 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.4:beta1
  • Mozilla SeaMonkey 2.4 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.4:beta2
  • Mozilla SeaMonkey 2.4 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.4:beta3
  • Mozilla SeaMonkey 2.4.1
    cpe:2.3:a:mozilla:seamonkey:2.4.1
  • Mozilla SeaMonkey 2.5
    cpe:2.3:a:mozilla:seamonkey:2.5
  • Mozilla SeaMonkey 2.5 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.5:beta1
  • Mozilla SeaMonkey 2.5 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.5:beta2
  • Mozilla SeaMonkey 2.5 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.5:beta3
  • Mozilla SeaMonkey 2.5 Beta 4
    cpe:2.3:a:mozilla:seamonkey:2.5:beta4
  • Mozilla SeaMonkey 2.6
    cpe:2.3:a:mozilla:seamonkey:2.6
  • Mozilla SeaMonkey 2.6 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.6:beta1
  • Mozilla SeaMonkey 2.6 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.6:beta2
  • Mozilla SeaMonkey 2.6 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.6:beta3
  • Mozilla SeaMonkey 2.6 Beta 4
    cpe:2.3:a:mozilla:seamonkey:2.6:beta4
  • Mozilla SeaMonkey 2.6.1
    cpe:2.3:a:mozilla:seamonkey:2.6.1
  • Mozilla SeaMonkey 2.7
    cpe:2.3:a:mozilla:seamonkey:2.7
  • Mozilla SeaMonkey 2.7 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.7:beta1
  • Mozilla SeaMonkey 2.7 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.7:beta2
  • Mozilla SeaMonkey 2.7 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.7:beta3
  • Mozilla SeaMonkey 2.7 Beta 4
    cpe:2.3:a:mozilla:seamonkey:2.7:beta4
  • Mozilla SeaMonkey 2.7 Beta 5
    cpe:2.3:a:mozilla:seamonkey:2.7:beta5
  • Mozilla SeaMonkey 2.7.1
    cpe:2.3:a:mozilla:seamonkey:2.7.1
  • Mozilla SeaMonkey 2.7.2
    cpe:2.3:a:mozilla:seamonkey:2.7.2
  • Mozilla SeaMonkey 2.8
    cpe:2.3:a:mozilla:seamonkey:2.8
  • Mozilla SeaMonkey 2.8 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.8:beta1
  • Mozilla SeaMonkey 2.8 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.8:beta2
  • Mozilla SeaMonkey 2.8 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.8:beta3
  • Mozilla SeaMonkey 2.8 Beta 4
    cpe:2.3:a:mozilla:seamonkey:2.8:beta4
  • Mozilla SeaMonkey 2.8 Beta 5
    cpe:2.3:a:mozilla:seamonkey:2.8:beta5
  • Mozilla SeaMonkey 2.8 Beta 6
    cpe:2.3:a:mozilla:seamonkey:2.8:beta6
  • Mozilla SeaMonkey 2.9
    cpe:2.3:a:mozilla:seamonkey:2.9
  • Mozilla SeaMonkey 2.9 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.9:beta1
  • Mozilla SeaMonkey 2.9 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.9:beta2
  • Mozilla SeaMonkey 2.9 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.9:beta3
  • Mozilla Thunderbird 5.0
    cpe:2.3:a:mozilla:thunderbird:5.0
  • Mozilla Thunderbird 6.0
    cpe:2.3:a:mozilla:thunderbird:6.0
  • Mozilla Thunderbird 6.0.1
    cpe:2.3:a:mozilla:thunderbird:6.0.1
  • Mozilla Thunderbird 6.0.2
    cpe:2.3:a:mozilla:thunderbird:6.0.2
  • Mozilla Thunderbird 7.0
    cpe:2.3:a:mozilla:thunderbird:7.0
  • Mozilla Thunderbird 7.0.1
    cpe:2.3:a:mozilla:thunderbird:7.0.1
  • Mozilla Thunderbird 8.0
    cpe:2.3:a:mozilla:thunderbird:8.0
  • Mozilla Thunderbird 9.0
    cpe:2.3:a:mozilla:thunderbird:9.0
  • Mozilla Thunderbird 9.0.1
    cpe:2.3:a:mozilla:thunderbird:9.0.1
  • Mozilla Thunderbird 10.0
    cpe:2.3:a:mozilla:thunderbird:10.0
  • Mozilla Thunderbird 10.0.1
    cpe:2.3:a:mozilla:thunderbird:10.0.1
  • Mozilla Thunderbird 10.0.2
    cpe:2.3:a:mozilla:thunderbird:10.0.2
  • Mozilla Thunderbird 10.0.3
    cpe:2.3:a:mozilla:thunderbird:10.0.3
  • Mozilla Thunderbird 10.0.4
    cpe:2.3:a:mozilla:thunderbird:10.0.4
  • Mozilla Thunderbird 11.0
    cpe:2.3:a:mozilla:thunderbird:11.0
  • Mozilla Thunderbird 12.0
    cpe:2.3:a:mozilla:thunderbird:12.0
  • Mozilla Thunderbird Extended Support Release (ESR) 10.0
    cpe:2.3:a:mozilla:thunderbird_esr:10.0
  • Mozilla Thunderbird Extended Support Release (ESR) 10.0.1
    cpe:2.3:a:mozilla:thunderbird_esr:10.0.1
  • Mozilla Thunderbird Extended Support Release (ESR) 10.0.2
    cpe:2.3:a:mozilla:thunderbird_esr:10.0.2
  • Mozilla Thunderbird Extended Support Release (ESR) 10.0.3
    cpe:2.3:a:mozilla:thunderbird_esr:10.0.3
  • Mozilla Thunderbird Extended Support Release (ESR) 10.0.4
    cpe:2.3:a:mozilla:thunderbird_esr:10.0.4
CVSS
Base: 9.3 (as of 06-06-2012 - 10:47)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2489.NASL
    description Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of SeaMonkey. - CVE-2012-1937 Mozilla developers discovered several memory corruption bugs, which may lead to the execution of arbitrary code. - CVE-2012-1940 Abhishek Arya discovered a use-after-free problem when working with column layout with absolute positioning in a container that changes size, which may lead to the execution of arbitrary code. - CVE-2012-1947 Abhishek Arya discovered a heap buffer overflow in utf16 to latin1 character set conversion, allowing to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 59767
    published 2012-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59767
    title Debian DSA-2489-1 : iceape - several vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2488.NASL
    description Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. - CVE-2012-1937 Mozilla developers discovered several memory corruption bugs, which may lead to the execution of arbitrary code. - CVE-2012-1940 Abhishek Arya discovered a use-after-free problem when working with column layout with absolute positioning in a container that changes size, which may lead to the execution of arbitrary code. - CVE-2012-1947 Abhishek Arya discovered a heap buffer overflow in utf16 to latin1 character set conversion, allowing to execute arbitrary code. Note: We'd like to advise users of Iceweasel's 3.5 branch in Debian stable to consider to upgrade to the Iceweasel 10.0 ESR (Extended Support Release) which is now available in Debian Backports. Although Debian will continue to support Iceweasel 3.5 in stable with security updates, this can only be done on a best effort base as upstream provides no such support anymore. On top of that, the 10.0 branch adds proactive security features to the browser.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 59766
    published 2012-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59766
    title Debian DSA-2488-1 : iceweasel - several vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2499.NASL
    description Several vulnerabilities have been discovered in Icedove, the Debian version of the Mozilla Thunderbird mail/news client. There were miscellaneous memory safety hazards (CVE-2012-1937, CVE-2012-1939 ) and a use-after-free issue (CVE-2012-1940 ).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 59777
    published 2012-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59777
    title Debian DSA-2499-1 : icedove - several vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201301-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 63402
    published 2013-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63402
    title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL family Windows
    NASL id SEAMONKEY_210.NASL
    description The installed version of SeaMonkey is earlier than 2.10.0. Such versions are potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. (CVE-2012-0441) - Multiple memory corruption errors exist. (CVE-2012-1937, CVE-2012-1938) - Two heap-based buffer overflows and one heap-based use- after-free error exist and are potentially exploitable. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947) - Two arbitrary DLL load issues exist related to the application update and update service functionality. (CVE-2012-1942, CVE-2012-1943) - The inline-script blocking feature of the 'Content Security Policy' (CSP) does not properly block inline event handlers. This error allows remote attackers to more easily carry out cross-site scripting attacks. (CVE-2012-1944) - A use-after-free error exists related to replacing or inserting a node into a web document. (CVE-2012-1946) - An error exists related to the certificate warning page that can allow 'clickjacking' thereby tricking a user into accepting unintended certificates. (CVE-2012-1964)
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 59411
    published 2012-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59411
    title SeaMonkey < 2.10.0 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0715.NASL
    description An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1947) Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers with graphics cards that have hardware acceleration enabled. It was found that the Content Security Policy (CSP) implementation in Thunderbird no longer blocked Thunderbird inline event handlers. Malicious content could possibly bypass intended restrictions if that content relied on CSP to protect against flaws such as cross-site scripting (XSS). (CVE-2012-1944) If a web server hosted content that is stored on a Microsoft Windows share, or a Samba share, loading such content with Thunderbird could result in Windows shortcut files (.lnk) in the same share also being loaded. An attacker could use this flaw to view the contents of local files and directories on the victim's system. This issue also affected users opening content from Microsoft Windows shares, or Samba shares, that are mounted on their systems. (CVE-2012-1945) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Ken Russell of Google as the original reporter of CVE-2011-3101; Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman as the original reporters of CVE-2012-1937; Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy as the original reporters of CVE-2012-1938; Christian Holler as the original reporter of CVE-2012-1939; security researcher Abhishek Arya of Google as the original reporter of CVE-2012-1940, CVE-2012-1941, and CVE-2012-1947; security researcher Arthur Gerkis as the original reporter of CVE-2012-1946; security researcher Adam Barth as the original reporter of CVE-2012-1944; and security researcher Paul Stone as the original reporter of CVE-2012-1945. Note: None of the issues in this advisory can be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.5 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 59392
    published 2012-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59392
    title RHEL 5 / 6 : thunderbird (RHSA-2012:0715)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1463-4.NASL
    description USN-1463-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1937, CVE-2012-1938) It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. The impact of this issue has not been disclosed at this time. (CVE-2011-3101) Adam Barth discovered that certain inline event handlers were not being blocked properly by the Content Security Policy's (CSP) inline-script blocking feature. Web applications relying on this feature of CSP to protect against cross-site scripting (XSS) were not fully protected. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. (CVE-2012-1944) Paul Stone discovered that a viewed HTML page hosted on a Windows or Samba share could load Windows shortcut files (.lnk) in the same share. These shortcut files could then link to arbitrary locations on the local file system of the individual loading the HTML page. An attacker could potentially use this vulnerability to show the contents of these linked files or directories in an iframe, resulting in information disclosure. (CVE-2012-1945) Arthur Gerkis discovered a use-after-free vulnerability while replacing/inserting a node in a document. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1946) Kaspar Brand discovered a vulnerability in how the Network Security Services (NSS) ASN.1 decoder handles zero length items. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash. (CVE-2012-0441) Abhishek Arya discovered two buffer overflow and one use-after-free vulnerabilities. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 59654
    published 2012-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59654
    title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS : thunderbird vulnerabilities (USN-1463-4)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0710.NASL
    description From Red Hat Security Advisory 2012:0710 : Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1947) Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers with graphics cards that have hardware acceleration enabled. It was found that the Content Security Policy (CSP) implementation in Firefox no longer blocked Firefox inline event handlers. A remote attacker could use this flaw to possibly bypass a web application's intended restrictions, if that application relied on CSP to protect against flaws such as cross-site scripting (XSS). (CVE-2012-1944) If a web server hosted HTML files that are stored on a Microsoft Windows share, or a Samba share, loading such files with Firefox could result in Windows shortcut files (.lnk) in the same share also being loaded. An attacker could use this flaw to view the contents of local files and directories on the victim's system. This issue also affected users opening HTML files from Microsoft Windows shares, or Samba shares, that are mounted on their systems. (CVE-2012-1945) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.5 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Ken Russell of Google as the original reporter of CVE-2011-3101; Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman as the original reporters of CVE-2012-1937; Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy as the original reporters of CVE-2012-1938; Christian Holler as the original reporter of CVE-2012-1939; security researcher Abhishek Arya of Google as the original reporter of CVE-2012-1940, CVE-2012-1941, and CVE-2012-1947; security researcher Arthur Gerkis as the original reporter of CVE-2012-1946; security researcher Adam Barth as the original reporter of CVE-2012-1944; and security researcher Paul Stone as the original reporter of CVE-2012-1945. All Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.5 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 68535
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68535
    title Oracle Linux 5 / 6 : firefox (ELSA-2012-0710)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_THUNDERBIRD_13_0.NASL
    description The installed version of Thunderbird is earlier than 13.0 and thus, is potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. (CVE-2012-0441) - Multiple memory corruption errors exist. (CVE-2012-1937, CVE-2012-1938) - Two heap-based buffer overflows and one heap-based use- after-free error exist and are potentially exploitable. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947) - The inline-script blocking feature of the 'Content Security Policy' (CSP) does not properly block inline event handlers. This error allows remote attackers to more easily carry out cross-site scripting attacks. (CVE-2012-1944) - A use-after-free error exists related to replacing or inserting a node into a web document. (CVE-2012-1946) - An error exists related to the certificate warning page that can allow 'clickjacking' thereby tricking a user into accepting unintended certificates. (CVE-2012-1964)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 59405
    published 2012-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59405
    title Thunderbird < 13.0 Multiple Vulnerabilities (Mac OS X)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_10_0_5.NASL
    description The installed version of Firefox is earlier than 10.0.5 and thus, is potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. (CVE-2012-0441) - Multiple memory corruption errors exist. (CVE-2012-1937, CVE-2012-1939) - Two heap-based buffer overflows and one heap-based use- after-free error exist and are potentially exploitable. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947) - The inline-script blocking feature of the 'Content Security Policy' (CSP) does not properly block inline event handlers. This error allows remote attackers to more easily carry out cross-site scripting attacks. (CVE-2012-1944) - A use-after-free error exists related to replacing or inserting a node into a web document. (CVE-2012-1946)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 59404
    published 2012-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59404
    title Firefox < 10.0.5 Multiple Vulnerabilities (Mac OS X)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0715.NASL
    description From Red Hat Security Advisory 2012:0715 : An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1947) Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers with graphics cards that have hardware acceleration enabled. It was found that the Content Security Policy (CSP) implementation in Thunderbird no longer blocked Thunderbird inline event handlers. Malicious content could possibly bypass intended restrictions if that content relied on CSP to protect against flaws such as cross-site scripting (XSS). (CVE-2012-1944) If a web server hosted content that is stored on a Microsoft Windows share, or a Samba share, loading such content with Thunderbird could result in Windows shortcut files (.lnk) in the same share also being loaded. An attacker could use this flaw to view the contents of local files and directories on the victim's system. This issue also affected users opening content from Microsoft Windows shares, or Samba shares, that are mounted on their systems. (CVE-2012-1945) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Ken Russell of Google as the original reporter of CVE-2011-3101; Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman as the original reporters of CVE-2012-1937; Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy as the original reporters of CVE-2012-1938; Christian Holler as the original reporter of CVE-2012-1939; security researcher Abhishek Arya of Google as the original reporter of CVE-2012-1940, CVE-2012-1941, and CVE-2012-1947; security researcher Arthur Gerkis as the original reporter of CVE-2012-1946; security researcher Adam Barth as the original reporter of CVE-2012-1944; and security researcher Paul Stone as the original reporter of CVE-2012-1945. Note: None of the issues in this advisory can be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.5 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68536
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68536
    title Oracle Linux 6 : thunderbird (ELSA-2012-0715)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1463-6.NASL
    description USN-1463-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1937, CVE-2012-1938) It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. The impact of this issue has not been disclosed at this time. (CVE-2011-3101) Adam Barth discovered that certain inline event handlers were not being blocked properly by the Content Security Policy's (CSP) inline-script blocking feature. Web applications relying on this feature of CSP to protect against cross-site scripting (XSS) were not fully protected. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. (CVE-2012-1944) Paul Stone discovered that a viewed HTML page hosted on a Windows or Samba share could load Windows shortcut files (.lnk) in the same share. These shortcut files could then link to arbitrary locations on the local file system of the individual loading the HTML page. An attacker could potentially use this vulnerability to show the contents of these linked files or directories in an iframe, resulting in information disclosure. (CVE-2012-1945) Arthur Gerkis discovered a use-after-free vulnerability while replacing/inserting a node in a document. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1946) Kaspar Brand discovered a vulnerability in how the Network Security Services (NSS) ASN.1 decoder handles zero length items. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash. (CVE-2012-0441) Abhishek Arya discovered two buffer overflow and one use-after-free vulnerabilities. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 59725
    published 2012-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59725
    title Ubuntu 11.04 : thunderbird vulnerabilities (USN-1463-6)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_THUNDERBIRD_10_0_5.NASL
    description The installed version of Thunderbird 10.0.x is potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. (CVE-2012-0441) - Multiple memory corruption errors exist. (CVE-2012-1937, CVE-2012-1939) - Two heap-based buffer overflows and one heap-based use- after-free error exist and are potentially exploitable. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947) - The inline-script blocking feature of the 'Content Security Policy' (CSP) does not properly block inline event handlers. This error allows remote attackers to more easily carry out cross-site scripting attacks. (CVE-2012-1944) - A use-after-free error exists related to replacing or inserting a node into a web document. (CVE-2012-1946)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 59406
    published 2012-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59406
    title Thunderbird 10.0.x < 10.0.5 Multiple Vulnerabilities (Mac OS X)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_13_0.NASL
    description The installed version of Firefox is earlier than 13.0 and thus, is potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. (CVE-2012-0441) - Two heap-based buffer overflows and one heap-based use- after-free error exist and are potentially exploitable. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947) - Multiple memory corruption errors exist. (CVE-2012-1937, CVE-2012-1938) - The inline-script blocking feature of the 'Content Security Policy' (CSP) does not properly block inline event handlers. This error allows remote attackers to more easily carry out cross-site scripting attacks. (CVE-2012-1944) - A use-after-free error exists related to replacing or inserting a node into a web document. (CVE-2012-1946) - An error exists related to the certificate warning page that can allow 'clickjacking' thereby tricking a user into accepting unintended certificates. (CVE-2012-1964)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 59403
    published 2012-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59403
    title Firefox < 13.0 Multiple Vulnerabilities (Mac OS X)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLAFIREFOX-8189.NASL
    description MozillaFirefox has been updated to 10.0.5ESR fixing various bugs and security issues. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2012-34) In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy reported memory safety problems and crashes that affect Firefox 12. (CVE-2012-1938) Christian Holler reported a memory safety problem that affects Firefox ESR. (CVE-2012-1939) Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman reported memory safety problems and crashes that affect Firefox ESR and Firefox 13. (CVE-2012-1937) Ken Russell of Google reported a bug in NVIDIA graphics drivers that they needed to work around in the Chromium WebGL implementation. Mozilla has done the same in Firefox 13 and ESR 10.0.5. (CVE-2011-3101) - Security researcher James Forshaw of Context Information Security found two issues with the Mozilla updater and the Mozilla updater service introduced in Firefox 12 for Windows. The first issue allows Mozilla's updater to load a local DLL file in a privileged context. The updater can be called by the Updater Service or independently on systems that do not use the service. The second of these issues allows for the updater service to load an arbitrary local DLL file, which can then be run with the same system privileges used by the service. Both of these issues require local file system access to be exploitable. (MFSA 2012-35) Possible Arbitrary Code Execution by Update Service (CVE-2012-1942) Updater.exe loads wsock32.dll from application directory. (CVE-2012-1943) - Security researcher Adam Barth found that inline event handlers, such as onclick, were no longer blocked by Content Security Policy's (CSP) inline-script blocking feature. Web applications relying on this feature of CSP to protect against cross-site scripting (XSS) were not fully protected. (CVE-2012-1944). (MFSA 2012-36) - Security researcher Paul Stone reported an attack where an HTML page hosted on a Windows share and then loaded could then load Windows shortcut files (.lnk) in the same share. These shortcut files could then link to arbitrary locations on the local file system of the individual loading the HTML page. That page could show the contents of these linked files or directories from the local file system in an iframe, causing information disclosure. (MFSA 2012-37) This issue could potentially affect Linux machines with samba shares enabled. (CVE-2012-1945) - Security researcher Arthur Gerkis used the Address Sanitizer tool to find a use-after-free while replacing/inserting a node in a document. This use-after-free could possibly allow for remote code execution. (CVE-2012-1946). (MFSA 2012-38) - Security researcher Kaspar Brand found a flaw in how the Network Security Services (NSS) ASN.1 decoder handles zero length items. Effects of this issue depend on the field. One known symptom is an unexploitable crash in handling OCSP responses. NSS also mishandles zero-length basic constraints, assuming default values for some types that should be rejected as malformed. These issues have been addressed in NSS 3.13.4, which is now being used by Mozilla. (CVE-2012-0441). (MFSA 2012-39) - Security researcher Abhishek Arya of Google used the Address Sanitizer tool to uncover several issues: two heap buffer overflow bugs and a use-after-free problem. The first heap buffer overflow was found in conversion from unicode to native character sets when the function fails. The use-after-free occurs in nsFrameList when working with column layout with absolute positioning in a container that changes size. The second buffer overflow occurs in nsHTMLReflowState when a window is resized on a page with nested columns and a combination of absolute and relative positioning. All three of these issues are potentially exploitable. (MFSA 2012-40) Heap-buffer-overflow in utf16_to_isolatin1 (CVE-2012-1947) Heap-use-after-free in nsFrameList::FirstChild. (CVE-2012-1940) Heap-buffer-overflow in nsHTMLReflowState::CalculateHypotheticalBox, with nested multi-column, relative position, and absolute position. (CVE-2012-1941) More information on security issues can be found on: http://www.mozilla.org/security/announce/
    last seen 2019-02-21
    modified 2013-06-29
    plugin id 59520
    published 2012-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59520
    title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8189)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_BFECF7C1AF4711E195804061862B8C22.NASL
    description The Mozilla Project reports : MFSA 2012-34 Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) MFSA 2012-36 Content Security Policy inline-script bypass MFSA 2012-37 Information disclosure though Windows file shares and shortcut files MFSA 2012-38 Use-after-free while replacing/inserting a node in a document MFSA 2012-39 NSS parsing errors with zero length items MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 59381
    published 2012-06-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59381
    title FreeBSD : mozilla -- multiple vulnerabilities (bfecf7c1-af47-11e1-9580-4061862b8c22)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0710.NASL
    description Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1947) Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers with graphics cards that have hardware acceleration enabled. It was found that the Content Security Policy (CSP) implementation in Firefox no longer blocked Firefox inline event handlers. A remote attacker could use this flaw to possibly bypass a web application's intended restrictions, if that application relied on CSP to protect against flaws such as cross-site scripting (XSS). (CVE-2012-1944) If a web server hosted HTML files that are stored on a Microsoft Windows share, or a Samba share, loading such files with Firefox could result in Windows shortcut files (.lnk) in the same share also being loaded. An attacker could use this flaw to view the contents of local files and directories on the victim's system. This issue also affected users opening HTML files from Microsoft Windows shares, or Samba shares, that are mounted on their systems. (CVE-2012-1945) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.5 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Ken Russell of Google as the original reporter of CVE-2011-3101; Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman as the original reporters of CVE-2012-1937; Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy as the original reporters of CVE-2012-1938; Christian Holler as the original reporter of CVE-2012-1939; security researcher Abhishek Arya of Google as the original reporter of CVE-2012-1940, CVE-2012-1941, and CVE-2012-1947; security researcher Arthur Gerkis as the original reporter of CVE-2012-1946; security researcher Adam Barth as the original reporter of CVE-2012-1944; and security researcher Paul Stone as the original reporter of CVE-2012-1945. All Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.5 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 59383
    published 2012-06-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59383
    title RHEL 5 / 6 : firefox (RHSA-2012:0710)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_1005.NASL
    description The installed version of Firefox 10.0.x is potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. (CVE-2012-0441) - Multiple memory corruption errors exist. (CVE-2012-1937, CVE-2012-1939) - Two heap-based buffer overflows and one heap-based use- after-free error exist and are potentially exploitable. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947) - The inline-script blocking feature of the 'Content Security Policy' (CSP) does not properly block inline event handlers. This error allows remote attackers to more easily carry out cross-site scripting attacks. (CVE-2012-1944) - A use-after-free error exists related to replacing or inserting a node into a web document. (CVE-2012-1946)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 59408
    published 2012-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59408
    title Firefox 10.0.x < 10.0.5 Multiple Vulnerabilities
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_130.NASL
    description The installed version of Firefox is earlier than 13.0 and thus, is potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. (CVE-2012-0441) - Multiple memory corruption errors exist. (CVE-2012-1937, CVE-2012-1938) - Two heap-based buffer overflows and one heap-based use- after-free error exist and are potentially exploitable. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947) - Two arbitrary DLL load issues exist related to the application update and update service functionality. (CVE-2012-1942, CVE-2012-1943) - The inline-script blocking feature of the 'Content Security Policy' (CSP) does not properly block inline event handlers. This error allows remote attackers to more easily carry out cross-site scripting attacks. (CVE-2012-1944) - A use-after-free error exists related to replacing or inserting a node into a web document. (CVE-2012-1946) - An error exists related to the certificate warning page that can allow 'clickjacking' thereby tricking a user into accepting unintended certificates. (CVE-2012-1964)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 59407
    published 2012-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59407
    title Firefox < 13.0 Multiple Vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1463-3.NASL
    description USN-1463-1 fixed vulnerabilities in Firefox. The new package caused a regression in the rendering of Hebrew text and the ability of the Hotmail inbox to auto-update. This update fixes the problem. Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1937, CVE-2012-1938) It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. The impact of this issue has not been disclosed at this time. (CVE-2011-3101) Adam Barth discovered that certain inline event handlers were not being blocked properly by the Content Security Policy's (CSP) inline-script blocking feature. Web applications relying on this feature of CSP to protect against cross-site scripting (XSS) were not fully protected. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. (CVE-2012-1944) Paul Stone discovered that a viewed HTML page hosted on a Windows or Samba share could load Windows shortcut files (.lnk) in the same share. These shortcut files could then link to arbitrary locations on the local file system of the individual loading the HTML page. An attacker could potentially use this vulnerability to show the contents of these linked files or directories in an iframe, resulting in information disclosure. (CVE-2012-1945) Arthur Gerkis discovered a use-after-free vulnerability while replacing/inserting a node in a document. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1946) Kaspar Brand discovered a vulnerability in how the Network Security Services (NSS) ASN.1 decoder handles zero length items. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash. (CVE-2012-0441) Abhishek Arya discovered two buffer overflow and one use-after-free vulnerabilities. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 59640
    published 2012-06-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59640
    title Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : firefox regressions (USN-1463-3)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_MOZILLAFIREFOX-120611.NASL
    description Mozilla Firefox has been updated to 10.0.5ESR fixing various bugs and security issues. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2012-34) In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy reported memory safety problems and crashes that affect Firefox 12. (CVE-2012-1938) Christian Holler reported a memory safety problem that affects Firefox ESR. (CVE-2012-1939) Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman reported memory safety problems and crashes that affect Firefox ESR and Firefox 13. (CVE-2012-1937) Ken Russell of Google reported a bug in NVIDIA graphics drivers that they needed to work around in the Chromium WebGL implementation. Mozilla has done the same in Firefox 13 and ESR 10.0.5. (CVE-2011-3101) - Security researcher James Forshaw of Context Information Security found two issues with the Mozilla updater and the Mozilla updater service introduced in Firefox 12 for Windows. The first issue allows Mozilla's updater to load a local DLL file in a privileged context. The updater can be called by the Updater Service or independently on systems that do not use the service. The second of these issues allows for the updater service to load an arbitrary local DLL file, which can then be run with the same system privileges used by the service. Both of these issues require local file system access to be exploitable. (MFSA 2012-35) Possible Arbitrary Code Execution by Update Service (CVE-2012-1942) Updater.exe loads wsock32.dll from application directory. (CVE-2012-1943) - Security researcher Adam Barth found that inline event handlers, such as onclick, were no longer blocked by Content Security Policy's (CSP) inline-script blocking feature. Web applications relying on this feature of CSP to protect against cross-site scripting (XSS) were not fully protected. (CVE-2012-1944). (MFSA 2012-36) - Security researcher Paul Stone reported an attack where an HTML page hosted on a Windows share and then loaded could then load Windows shortcut files (.lnk) in the same share. These shortcut files could then link to arbitrary locations on the local file system of the individual loading the HTML page. That page could show the contents of these linked files or directories from the local file system in an iframe, causing information disclosure. (MFSA 2012-37) This issue could potentially affect Linux machines with samba shares enabled. (CVE-2012-1945) - Security researcher Arthur Gerkis used the Address Sanitizer tool to find a use-after-free while replacing/inserting a node in a document. This use-after-free could possibly allow for remote code execution. (CVE-2012-1946). (MFSA 2012-38) - Security researcher Kaspar Brand found a flaw in how the Network Security Services (NSS) ASN.1 decoder handles zero length items. Effects of this issue depend on the field. One known symptom is an unexploitable crash in handling OCSP responses. NSS also mishandles zero-length basic constraints, assuming default values for some types that should be rejected as malformed. These issues have been addressed in NSS 3.13.4, which is now being used by Mozilla. (CVE-2012-0441). (MFSA 2012-39) - Security researcher Abhishek Arya of Google used the Address Sanitizer tool to uncover several issues: two heap buffer overflow bugs and a use-after-free problem. The first heap buffer overflow was found in conversion from unicode to native character sets when the function fails. The use-after-free occurs in nsFrameList when working with column layout with absolute positioning in a container that changes size. The second buffer overflow occurs in nsHTMLReflowState when a window is resized on a page with nested columns and a combination of absolute and relative positioning. All three of these issues are potentially exploitable. (MFSA 2012-40) Heap-buffer-overflow in utf16_to_isolatin1 (CVE-2012-1947) Heap-use-after-free in nsFrameList::FirstChild. (CVE-2012-1940) Heap-buffer-overflow in nsHTMLReflowState::CalculateHypotheticalBox, with nested multi-column, relative position, and absolute position. (CVE-2012-1941) More information on security issues can be found on: http://www.mozilla.org/security/announce/
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 64208
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64208
    title SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 6425)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1463-1.NASL
    description Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1937, CVE-2012-1938) It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. The impact of this issue has not been disclosed at this time. (CVE-2011-3101) Adam Barth discovered that certain inline event handlers were not being blocked properly by the Content Security Policy's (CSP) inline-script blocking feature. Web applications relying on this feature of CSP to protect against cross-site scripting (XSS) were not fully protected. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. (CVE-2012-1944) Paul Stone discovered that a viewed HTML page hosted on a Windows or Samba share could load Windows shortcut files (.lnk) in the same share. These shortcut files could then link to arbitrary locations on the local file system of the individual loading the HTML page. An attacker could potentially use this vulnerability to show the contents of these linked files or directories in an iframe, resulting in information disclosure. (CVE-2012-1945) Arthur Gerkis discovered a use-after-free vulnerability while replacing/inserting a node in a document. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1946) Kaspar Brand discovered a vulnerability in how the Network Security Services (NSS) ASN.1 decoder handles zero length items. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash. (CVE-2012-0441) Abhishek Arya discovered two buffer overflow and one use-after-free vulnerabilities. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 59394
    published 2012-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59394
    title Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : firefox vulnerabilities (USN-1463-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0715.NASL
    description An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1947) Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers with graphics cards that have hardware acceleration enabled. It was found that the Content Security Policy (CSP) implementation in Thunderbird no longer blocked Thunderbird inline event handlers. Malicious content could possibly bypass intended restrictions if that content relied on CSP to protect against flaws such as cross-site scripting (XSS). (CVE-2012-1944) If a web server hosted content that is stored on a Microsoft Windows share, or a Samba share, loading such content with Thunderbird could result in Windows shortcut files (.lnk) in the same share also being loaded. An attacker could use this flaw to view the contents of local files and directories on the victim's system. This issue also affected users opening content from Microsoft Windows shares, or Samba shares, that are mounted on their systems. (CVE-2012-1945) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Ken Russell of Google as the original reporter of CVE-2011-3101; Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman as the original reporters of CVE-2012-1937; Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy as the original reporters of CVE-2012-1938; Christian Holler as the original reporter of CVE-2012-1939; security researcher Abhishek Arya of Google as the original reporter of CVE-2012-1940, CVE-2012-1941, and CVE-2012-1947; security researcher Arthur Gerkis as the original reporter of CVE-2012-1946; security researcher Adam Barth as the original reporter of CVE-2012-1944; and security researcher Paul Stone as the original reporter of CVE-2012-1945. Note: None of the issues in this advisory can be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.5 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 59412
    published 2012-06-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59412
    title CentOS 5 / 6 : thunderbird (CESA-2012:0715)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-333.NASL
    description Changes in MozillaFirefox : - update to Firefox 13.0 (bnc#765204) - MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards - MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass - MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files - MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document - MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer - require NSS 3.13.4 - MFSA 2012-39/CVE-2012-0441 (bmo#715073) - fix sound notifications when filename/path contains a whitespace (bmo#749739) - fix build on arm - reenabled crashreporter for Factory/12.2 (fix in mozilla-gcc47.patch) Changes in MozillaThunderbird : - update to Thunderbird 13.0 (bnc#765204) - MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards - MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass - MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files - MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document - MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer - require NSS 3.13.4 - MFSA 2012-39/CVE-2012-0441 (bmo#715073) - fix build with system NSPR (mozilla-system-nspr.patch) - add dependentlibs.list for improved XRE startup - update enigmail to 1.4.2 - reenabled crashreporter for Factory/12.2 (fix in mozilla-gcc47.patch) - update to Thunderbird 12.0.1 - fix regressions - POP3 filters (bmo#748090) - Message Body not loaded when using 'Fetch Headers Only' (bmo#748865) - Received messages contain parts of other messages with movemail account (bmo#748726) - New mail notification issue (bmo#748997) - crash in nsMsgDatabase::MatchDbName (bmo#748432) - fixed build with gcc 4.7 Changes in seamonkey : - update to SeaMonkey 2.10 (bnc#765204) - MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards - MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass - MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files - MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document - MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer - requires NSS 3.13.4 - MFSA 2012-39/CVE-2012-0441 (bmo#715073) - update to SeaMonkey 2.9.1 - fix regressions - POP3 filters (bmo#748090) - Message Body not loaded when using 'Fetch Headers Only' (bmo#748865) - Received messages contain parts of other messages with movemail account (bmo#748726) - New mail notification issue (bmo#748997) - crash in nsMsgDatabase::MatchDbName (bmo#748432) - fixed build with gcc 4.7 Changes in mozilla-nss : - update to 3.13.5 RTM - update to 3.13.4 RTM - fixed some bugs - fixed cert verification regression in PKIX mode (bmo#737802) introduced in 3.13.2 Changes in xulrunner : - update to 13.0 (bnc#765204) - MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards - MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass - MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files - MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document - MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer - require NSS 3.13.4 - MFSA 2012-39/CVE-2012-0441 (bmo#715073) - reenabled crashreporter for Factory/12.2 (fixed in mozilla-gcc47.patch)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74655
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74655
    title openSUSE Security Update : MozillaFirefox / MozillaThunderbird / mozilla-nss / etc (openSUSE-SU-2012:0760-1)
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_130.NASL
    description The installed version of Thunderbird is earlier than 13.0 and thus, is potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. (CVE-2012-0441) - Multiple memory corruption errors exist. (CVE-2012-1937, CVE-2012-1938) - Two heap-based buffer overflows and one heap-based use- after-free error exist and are potentially exploitable. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947) - Two arbitrary DLL load issues exist related to the application update and update service functionality. (CVE-2012-1942, CVE-2012-1943) - The inline-script blocking feature of the 'Content Security Policy' (CSP) does not properly block inline event handlers. This error allows remote attackers to more easily carry out cross-site scripting attacks. (CVE-2012-1944) - A use-after-free error exists related to replacing or inserting a node into a web document. (CVE-2012-1946) - An error exists related to the certificate warning page that can allow 'clickjacking' thereby tricking a user into accepting unintended certificates. (CVE-2012-1964)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 59409
    published 2012-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59409
    title Mozilla Thunderbird < 13.0 Multiple Vulnerabilities
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_1005.NASL
    description The installed version of Thunderbird 10.0.x is potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. (CVE-2012-0441) - Multiple memory corruption errors exist. (CVE-2012-1937, CVE-2012-1939) - Two heap-based buffer overflows and one heap-based use- after-free error exist and are potentially exploitable. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947) - The inline-script blocking feature of the 'Content Security Policy' (CSP) does not properly block inline event handlers. This error allows remote attackers to more easily carry out cross-site scripting attacks. (CVE-2012-1944) - A use-after-free error exists related to replacing or inserting a node into a web document. (CVE-2012-1946)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 59410
    published 2012-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59410
    title Mozilla Thunderbird 10.0.x < 10.0.5 Multiple Vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0710.NASL
    description Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1947) Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers with graphics cards that have hardware acceleration enabled. It was found that the Content Security Policy (CSP) implementation in Firefox no longer blocked Firefox inline event handlers. A remote attacker could use this flaw to possibly bypass a web application's intended restrictions, if that application relied on CSP to protect against flaws such as cross-site scripting (XSS). (CVE-2012-1944) If a web server hosted HTML files that are stored on a Microsoft Windows share, or a Samba share, loading such files with Firefox could result in Windows shortcut files (.lnk) in the same share also being loaded. An attacker could use this flaw to view the contents of local files and directories on the victim's system. This issue also affected users opening HTML files from Microsoft Windows shares, or Samba shares, that are mounted on their systems. (CVE-2012-1945) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.5 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Ken Russell of Google as the original reporter of CVE-2011-3101; Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman as the original reporters of CVE-2012-1937; Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy as the original reporters of CVE-2012-1938; Christian Holler as the original reporter of CVE-2012-1939; security researcher Abhishek Arya of Google as the original reporter of CVE-2012-1940, CVE-2012-1941, and CVE-2012-1947; security researcher Arthur Gerkis as the original reporter of CVE-2012-1946; security researcher Adam Barth as the original reporter of CVE-2012-1944; and security researcher Paul Stone as the original reporter of CVE-2012-1945. All Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.5 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 59388
    published 2012-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59388
    title CentOS 5 / 6 : firefox (CESA-2012:0710)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-088.NASL
    description Security issues were identified and fixed in mozilla firefox and thunderbird : Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure (CVE-2012-1947) Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column (CVE-2012-1940). Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns (CVE-2012-1941). Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via document changes involving replacement or insertion of a node (CVE-2012-1946). Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba (CVE-2012-1945). The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document (CVE-2012-1944). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components (CVE-2012-1938). jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted JavaScript code (CVE-2012-1939). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2012-1937). Ken Russell of Google reported a bug in NVIDIA graphics drivers that they needed to work around in the Chromium WebGL implementation. Mozilla has done the same in Firefox 13 and ESR 10.0.5 (CVE-2011-3101). The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response (CVE-2012-0441). NOTE: This flaw was addressed earlier with the MDVA-2012:036 advisory. The mozilla firefox and thunderbird packages has been upgraded to the latest respective versions which is unaffected by these security flaws. Additionally the NSPR and the NSS packages has been upgraded to the latest versions which resolves various upstream bugs.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 59681
    published 2012-06-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59681
    title Mandriva Linux Security Advisory : mozilla (MDVSA-2012:088-1)
oval via4
accepted 2014-10-06T04:02:31.624-04:00
class vulnerability
contributors
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Richard Helbing
    organization baramundi software
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
definition_extensions
  • comment Mozilla Thunderbird Mainline release is installed
    oval oval:org.mitre.oval:def:22093
  • comment Mozilla Seamonkey is installed
    oval oval:org.mitre.oval:def:6372
  • comment Mozilla Firefox Mainline release is installed
    oval oval:org.mitre.oval:def:22259
  • comment Mozilla Firefox ESR is installed
    oval oval:org.mitre.oval:def:22414
  • comment Mozilla Thunderbird ESR is installed
    oval oval:org.mitre.oval:def:22216
description Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
family windows
id oval:org.mitre.oval:def:17055
status accepted
submitted 2013-05-13T10:26:26.748+04:00
title Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
version 35
redhat via4
advisories
  • rhsa
    id RHSA-2012:0710
  • rhsa
    id RHSA-2012:0715
rpms
  • xulrunner-0:10.0.5-1.el6_2
  • xulrunner-devel-0:10.0.5-1.el6_2
  • firefox-0:10.0.5-1.el6_2
  • xulrunner-0:10.0.5-1.el5_8
  • xulrunner-devel-0:10.0.5-1.el5_8
  • firefox-0:10.0.5-1.el5_8
  • thunderbird-0:10.0.5-2.el6_2
  • thunderbird-0:10.0.5-2.el5_8
refmap via4
confirm
debian
  • DSA-2488
  • DSA-2489
  • DSA-2499
mandriva MDVSA-2012:088
suse
  • SUSE-SU-2012:0746
  • openSUSE-SU-2012:0760
Last major update 02-11-2013 - 23:23
Published 05-06-2012 - 19:55
Last modified 04-01-2018 - 21:29
Back to Top