ID CVE-2013-0746
Summary Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the jsval data type for their return values, which allows remote attackers to execute arbitrary code or cause a denial of service (compartment mismatch and application crash) via crafted JavaScript code that is not properly handled during garbage collection.
References
Vulnerable Configurations
  • Mozilla Firefox 16.0.2
    cpe:2.3:a:mozilla:firefox:16.0.2
  • Mozilla Firefox 16.0.1
    cpe:2.3:a:mozilla:firefox:16.0.1
  • Mozilla Firefox 16.0
    cpe:2.3:a:mozilla:firefox:16.0
  • Mozilla Firefox 15.0.1
    cpe:2.3:a:mozilla:firefox:15.0.1
  • Mozilla Firefox 15.0
    cpe:2.3:a:mozilla:firefox:15.0
  • Mozilla Firefox 14.0.1
    cpe:2.3:a:mozilla:firefox:14.0.1
  • Mozilla Firefox 14.0
    cpe:2.3:a:mozilla:firefox:14.0
  • Mozilla Firefox 13.0.1
    cpe:2.3:a:mozilla:firefox:13.0.1
  • Mozilla Firefox 13.0
    cpe:2.3:a:mozilla:firefox:13.0
  • Mozilla Firefox 12.0 beta6
    cpe:2.3:a:mozilla:firefox:12.0:beta6
  • Mozilla Firefox 12.0
    cpe:2.3:a:mozilla:firefox:12.0
  • Mozilla Firefox 11.0
    cpe:2.3:a:mozilla:firefox:11.0
  • Mozilla Firefox 10.0.2
    cpe:2.3:a:mozilla:firefox:10.0.2
  • Mozilla Firefox 10.0.1
    cpe:2.3:a:mozilla:firefox:10.0.1
  • Mozilla Firefox 10.0
    cpe:2.3:a:mozilla:firefox:10.0
  • Mozilla Firefox 9.0.1
    cpe:2.3:a:mozilla:firefox:9.0.1
  • Mozilla Firefox 9.0
    cpe:2.3:a:mozilla:firefox:9.0
  • Mozilla Firefox 8.0
    cpe:2.3:a:mozilla:firefox:8.0
  • Mozilla Firefox 8.0.1
    cpe:2.3:a:mozilla:firefox:8.0.1
  • Mozilla Firefox 7.0.1
    cpe:2.3:a:mozilla:firefox:7.0.1
  • Mozilla Firefox 7.0
    cpe:2.3:a:mozilla:firefox:7.0
  • Mozilla Firefox 6.0.2
    cpe:2.3:a:mozilla:firefox:6.0.2
  • Mozilla Firefox 6.0.1
    cpe:2.3:a:mozilla:firefox:6.0.1
  • Mozilla Firefox 6.0
    cpe:2.3:a:mozilla:firefox:6.0
  • Mozilla Firefox 5.0.1
    cpe:2.3:a:mozilla:firefox:5.0.1
  • Mozilla Firefox 5.0
    cpe:2.3:a:mozilla:firefox:5.0
  • Mozilla Firefox 4.0 beta1
    cpe:2.3:a:mozilla:firefox:4.0:beta1
  • Mozilla Firefox 4.0 beta7
    cpe:2.3:a:mozilla:firefox:4.0:beta7
  • Mozilla Firefox 4.0 beta8
    cpe:2.3:a:mozilla:firefox:4.0:beta8
  • Mozilla Firefox 4.0 beta9
    cpe:2.3:a:mozilla:firefox:4.0:beta9
  • Mozilla Firefox 4.0 beta10
    cpe:2.3:a:mozilla:firefox:4.0:beta10
  • Mozilla Firefox 4.0 beta12
    cpe:2.3:a:mozilla:firefox:4.0:beta12
  • Mozilla Firefox 4.0 beta11
    cpe:2.3:a:mozilla:firefox:4.0:beta11
  • Mozilla Firefox 4.0
    cpe:2.3:a:mozilla:firefox:4.0
  • Mozilla Firefox 4.0.1
    cpe:2.3:a:mozilla:firefox:4.0.1
  • Mozilla Firefox 4.0 beta5
    cpe:2.3:a:mozilla:firefox:4.0:beta5
  • Mozilla Firefox 4.0 beta6
    cpe:2.3:a:mozilla:firefox:4.0:beta6
  • Mozilla Firefox 4.0 beta3
    cpe:2.3:a:mozilla:firefox:4.0:beta3
  • Mozilla Firefox 4.0 beta4
    cpe:2.3:a:mozilla:firefox:4.0:beta4
  • Mozilla Firefox 4.0 beta2
    cpe:2.3:a:mozilla:firefox:4.0:beta2
  • Mozilla Firefox 3.0.1
    cpe:2.3:a:mozilla:firefox:3.0.1
  • Mozilla Firefox 3.6.25
    cpe:2.3:a:mozilla:firefox:3.6.25
  • Mozilla Firefox 3.6.24
    cpe:2.3:a:mozilla:firefox:3.6.24
  • Mozilla Firefox 3.6.3
    cpe:2.3:a:mozilla:firefox:3.6.3
  • Mozilla Firefox 3.0.5
    cpe:2.3:a:mozilla:firefox:3.0.5
  • Mozilla Firefox 3.6.23
    cpe:2.3:a:mozilla:firefox:3.6.23
  • Mozilla Firefox 3.0
    cpe:2.3:a:mozilla:firefox:3.0
  • Mozilla Firefox 3.6.13
    cpe:2.3:a:mozilla:firefox:3.6.13
  • Mozilla Firefox 3.5.7
    cpe:2.3:a:mozilla:firefox:3.5.7
  • Mozilla Firefox 3.6.19
    cpe:2.3:a:mozilla:firefox:3.6.19
  • Mozilla Firefox 3.6.12
    cpe:2.3:a:mozilla:firefox:3.6.12
  • Mozilla Firefox 3.6.8
    cpe:2.3:a:mozilla:firefox:3.6.8
  • Mozilla Firefox 3.6.18
    cpe:2.3:a:mozilla:firefox:3.6.18
  • Mozilla Firefox 3.6.6
    cpe:2.3:a:mozilla:firefox:3.6.6
  • Mozilla Firefox 3.0.17
    cpe:2.3:a:mozilla:firefox:3.0.17
  • Mozilla Firefox 3.6.7
    cpe:2.3:a:mozilla:firefox:3.6.7
  • Mozilla Firefox 3.5.11
    cpe:2.3:a:mozilla:firefox:3.5.11
  • Mozilla Firefox 3.0.7
    cpe:2.3:a:mozilla:firefox:3.0.7
  • Mozilla Firefox 3.5.8
    cpe:2.3:a:mozilla:firefox:3.5.8
  • Mozilla Firefox 3.0.16
    cpe:2.3:a:mozilla:firefox:3.0.16
  • Mozilla Firefox 3.5.2
    cpe:2.3:a:mozilla:firefox:3.5.2
  • Mozilla Firefox 3.6.17
    cpe:2.3:a:mozilla:firefox:3.6.17
  • Mozilla Firefox 3.0.9
    cpe:2.3:a:mozilla:firefox:3.0.9
  • Mozilla Firefox 3.5.9
    cpe:2.3:a:mozilla:firefox:3.5.9
  • Mozilla Firefox 3.5.5
    cpe:2.3:a:mozilla:firefox:3.5.5
  • Mozilla Firefox 3.0.15
    cpe:2.3:a:mozilla:firefox:3.0.15
  • Mozilla Firefox 3.0.2
    cpe:2.3:a:mozilla:firefox:3.0.2
  • Mozilla Firefox 3.0.14
    cpe:2.3:a:mozilla:firefox:3.0.14
  • Mozilla Firefox 3.6.4
    cpe:2.3:a:mozilla:firefox:3.6.4
  • Mozilla Firefox 3.6.20
    cpe:2.3:a:mozilla:firefox:3.6.20
  • Mozilla Firefox 3.5.10
    cpe:2.3:a:mozilla:firefox:3.5.10
  • Mozilla Firefox 3.6.21
    cpe:2.3:a:mozilla:firefox:3.6.21
  • Mozilla Firefox 3.6
    cpe:2.3:a:mozilla:firefox:3.6
  • Mozilla Firefox 3.6.22
    cpe:2.3:a:mozilla:firefox:3.6.22
  • Mozilla Firefox 3.6.2
    cpe:2.3:a:mozilla:firefox:3.6.2
  • Mozilla Firefox 3.6.11
    cpe:2.3:a:mozilla:firefox:3.6.11
  • Mozilla Firefox 3.5.14
    cpe:2.3:a:mozilla:firefox:3.5.14
  • Mozilla Firefox 3.5.12
    cpe:2.3:a:mozilla:firefox:3.5.12
  • Mozilla Firefox 3.0.3
    cpe:2.3:a:mozilla:firefox:3.0.3
  • Mozilla Firefox 3.5.13
    cpe:2.3:a:mozilla:firefox:3.5.13
  • Mozilla Firefox 3.6.10
    cpe:2.3:a:mozilla:firefox:3.6.10
  • Mozilla Firefox 3.5.1
    cpe:2.3:a:mozilla:firefox:3.5.1
  • Mozilla Firefox 3.0.11
    cpe:2.3:a:mozilla:firefox:3.0.11
  • Mozilla Firefox 3.6.9
    cpe:2.3:a:mozilla:firefox:3.6.9
  • Mozilla Firefox 3.0.12
    cpe:2.3:a:mozilla:firefox:3.0.12
  • Mozilla Firefox 3.6.15
    cpe:2.3:a:mozilla:firefox:3.6.15
  • Mozilla Firefox 3.6.16
    cpe:2.3:a:mozilla:firefox:3.6.16
  • Mozilla Firefox 3.6.14
    cpe:2.3:a:mozilla:firefox:3.6.14
  • Mozilla Firefox 3.5.15
    cpe:2.3:a:mozilla:firefox:3.5.15
  • Mozilla Firefox 3.0.6
    cpe:2.3:a:mozilla:firefox:3.0.6
  • Mozilla Firefox 3.0.10
    cpe:2.3:a:mozilla:firefox:3.0.10
  • Mozilla Firefox 3.0.8
    cpe:2.3:a:mozilla:firefox:3.0.8
  • Mozilla Firefox 3.0.4
    cpe:2.3:a:mozilla:firefox:3.0.4
  • Mozilla Firefox 3.0.13
    cpe:2.3:a:mozilla:firefox:3.0.13
  • Mozilla Firefox 3.5.3
    cpe:2.3:a:mozilla:firefox:3.5.3
  • Mozilla Firefox 3.5.4
    cpe:2.3:a:mozilla:firefox:3.5.4
  • Mozilla Firefox 3.5.6
    cpe:2.3:a:mozilla:firefox:3.5.6
  • Mozilla Firefox 3.5
    cpe:2.3:a:mozilla:firefox:3.5
  • Mozilla Firefox 2.0.0.14
    cpe:2.3:a:mozilla:firefox:2.0.0.14
  • Mozilla Firefox 2.0.0.12
    cpe:2.3:a:mozilla:firefox:2.0.0.12
  • Mozilla Firefox 2.0.0.19
    cpe:2.3:a:mozilla:firefox:2.0.0.19
  • Mozilla Firefox 2.0.0.20
    cpe:2.3:a:mozilla:firefox:2.0.0.20
  • Mozilla Firefox 2.0.0.9
    cpe:2.3:a:mozilla:firefox:2.0.0.9
  • Mozilla Firefox 2.0.0.17
    cpe:2.3:a:mozilla:firefox:2.0.0.17
  • Mozilla Firefox 2.0.0.10
    cpe:2.3:a:mozilla:firefox:2.0.0.10
  • Mozilla Firefox 2.0.0.16
    cpe:2.3:a:mozilla:firefox:2.0.0.16
  • Mozilla Firefox 2.0.0.11
    cpe:2.3:a:mozilla:firefox:2.0.0.11
  • Mozilla Firefox 2.0.0.15
    cpe:2.3:a:mozilla:firefox:2.0.0.15
  • Mozilla Firefox 2.0.0.7
    cpe:2.3:a:mozilla:firefox:2.0.0.7
  • Mozilla Firefox 2.0
    cpe:2.3:a:mozilla:firefox:2.0
  • Mozilla Firefox 2.0.0.6
    cpe:2.3:a:mozilla:firefox:2.0.0.6
  • Mozilla Firefox 2.0.0.5
    cpe:2.3:a:mozilla:firefox:2.0.0.5
  • Mozilla Firefox 2.0.0.4
    cpe:2.3:a:mozilla:firefox:2.0.0.4
  • Mozilla Firefox 2.0.0.3
    cpe:2.3:a:mozilla:firefox:2.0.0.3
  • Mozilla Firefox 2.0.0.2
    cpe:2.3:a:mozilla:firefox:2.0.0.2
  • Mozilla Firefox 2.0.0.1
    cpe:2.3:a:mozilla:firefox:2.0.0.1
  • Mozilla Firefox 2.0.0.8
    cpe:2.3:a:mozilla:firefox:2.0.0.8
  • Mozilla Firefox 2.0.0.13
    cpe:2.3:a:mozilla:firefox:2.0.0.13
  • Mozilla Firefox 2.0.0.18
    cpe:2.3:a:mozilla:firefox:2.0.0.18
  • Mozilla Firefox 1.0.1
    cpe:2.3:a:mozilla:firefox:1.0.1
  • Mozilla Firefox 1.0
    cpe:2.3:a:mozilla:firefox:1.0
  • Mozilla Firefox 1.0.3
    cpe:2.3:a:mozilla:firefox:1.0.3
  • Mozilla Firefox 1.0.2
    cpe:2.3:a:mozilla:firefox:1.0.2
  • Mozilla Firefox 1.0.5
    cpe:2.3:a:mozilla:firefox:1.0.5
  • Mozilla Firefox 1.0.4
    cpe:2.3:a:mozilla:firefox:1.0.4
  • Mozilla Firefox 1.0.7
    cpe:2.3:a:mozilla:firefox:1.0.7
  • Mozilla Firefox 1.0.6
    cpe:2.3:a:mozilla:firefox:1.0.6
  • Mozilla Firefox 1.5
    cpe:2.3:a:mozilla:firefox:1.5
  • Mozilla Firefox 1.0.8
    cpe:2.3:a:mozilla:firefox:1.0.8
  • Mozilla Firefox 1.4.1
    cpe:2.3:a:mozilla:firefox:1.4.1
  • Mozilla Firefox 1.0 Preview Release
    cpe:2.3:a:mozilla:firefox:1.0:preview_release
  • Mozilla Firefox 1.5.0.4
    cpe:2.3:a:mozilla:firefox:1.5.0.4
  • Mozilla Firefox 1.5.0.5
    cpe:2.3:a:mozilla:firefox:1.5.0.5
  • Mozilla Firefox 1.5.0.2
    cpe:2.3:a:mozilla:firefox:1.5.0.2
  • Mozilla Firefox 1.5.0.3
    cpe:2.3:a:mozilla:firefox:1.5.0.3
  • Mozilla Firefox 1.5.0.11
    cpe:2.3:a:mozilla:firefox:1.5.0.11
  • Mozilla Firefox 1.5.0.12
    cpe:2.3:a:mozilla:firefox:1.5.0.12
  • Mozilla Firefox 1.5.0.1
    cpe:2.3:a:mozilla:firefox:1.5.0.1
  • Mozilla Firefox 1.5.0.10
    cpe:2.3:a:mozilla:firefox:1.5.0.10
  • Mozilla Firefox 1.5.3
    cpe:2.3:a:mozilla:firefox:1.5.3
  • Mozilla Firefox 1.5.4
    cpe:2.3:a:mozilla:firefox:1.5.4
  • Mozilla Firefox 1.5.1
    cpe:2.3:a:mozilla:firefox:1.5.1
  • Mozilla Firefox 1.5.2
    cpe:2.3:a:mozilla:firefox:1.5.2
  • Mozilla Firefox 1.5.0.8
    cpe:2.3:a:mozilla:firefox:1.5.0.8
  • Mozilla Firefox 1.5.0.9
    cpe:2.3:a:mozilla:firefox:1.5.0.9
  • Mozilla Firefox 1.5.0.6
    cpe:2.3:a:mozilla:firefox:1.5.0.6
  • Mozilla Firefox 1.5.0.7
    cpe:2.3:a:mozilla:firefox:1.5.0.7
  • Mozilla Firefox 1.5 Beta 2
    cpe:2.3:a:mozilla:firefox:1.5:beta2
  • Mozilla Firefox 1.8
    cpe:2.3:a:mozilla:firefox:1.8
  • Mozilla Firefox 1.5.8
    cpe:2.3:a:mozilla:firefox:1.5.8
  • Mozilla Firefox 1.5.7
    cpe:2.3:a:mozilla:firefox:1.5.7
  • Mozilla Firefox 1.5.6
    cpe:2.3:a:mozilla:firefox:1.5.6
  • Mozilla Firefox 1.5.5
    cpe:2.3:a:mozilla:firefox:1.5.5
  • Mozilla Firefox 1.5 Beta 1
    cpe:2.3:a:mozilla:firefox:1.5:beta1
  • Mozilla Firefox 0.10
    cpe:2.3:a:mozilla:firefox:0.10
  • Mozilla Firefox 0.8
    cpe:2.3:a:mozilla:firefox:0.8
  • Mozilla Firefox 0.10.1
    cpe:2.3:a:mozilla:firefox:0.10.1
  • Mozilla Firefox 0.9.1
    cpe:2.3:a:mozilla:firefox:0.9.1
  • Mozilla Firefox 0.9
    cpe:2.3:a:mozilla:firefox:0.9
  • Mozilla Firefox 0.9.3
    cpe:2.3:a:mozilla:firefox:0.9.3
  • Mozilla Firefox 0.9.2
    cpe:2.3:a:mozilla:firefox:0.9.2
  • Mozilla Firefox 0.9 rc
    cpe:2.3:a:mozilla:firefox:0.9:rc
  • Mozilla Firefox 0.6.1
    cpe:2.3:a:mozilla:firefox:0.6.1
  • Mozilla Firefox 0.7
    cpe:2.3:a:mozilla:firefox:0.7
  • Mozilla Firefox 0.7.1
    cpe:2.3:a:mozilla:firefox:0.7.1
  • Mozilla Firefox 0.3
    cpe:2.3:a:mozilla:firefox:0.3
  • Mozilla Firefox 0.4
    cpe:2.3:a:mozilla:firefox:0.4
  • Mozilla Firefox 0.5
    cpe:2.3:a:mozilla:firefox:0.5
  • Mozilla Firefox 0.6
    cpe:2.3:a:mozilla:firefox:0.6
  • Mozilla Firefox 0.1
    cpe:2.3:a:mozilla:firefox:0.1
  • Mozilla Firefox 0.2
    cpe:2.3:a:mozilla:firefox:0.2
  • Mozilla Firefox 17.0.1
    cpe:2.3:a:mozilla:firefox:17.0.1
  • Mozilla Firefox Extended Support Release (ESR) 10.0.5
    cpe:2.3:a:mozilla:firefox_esr:10.0.5
  • Mozilla Firefox Extended Support Release (ESR) 10.0
    cpe:2.3:a:mozilla:firefox_esr:10.0
  • Mozilla Firefox Extended Support Release (ESR) 10.0.9
    cpe:2.3:a:mozilla:firefox_esr:10.0.9
  • Mozilla Firefox Extended Support Release (ESR) 10.0.7
    cpe:2.3:a:mozilla:firefox_esr:10.0.7
  • Mozilla Firefox Extended Support Release (ESR) 10.1
    cpe:2.3:a:mozilla:firefox_esr:10.0.1
  • Mozilla Firefox Extended Support Release (ESR) 10.0.2
    cpe:2.3:a:mozilla:firefox_esr:10.0.2
  • Mozilla Firefox Extended Support Release (ESR) 10.0.3
    cpe:2.3:a:mozilla:firefox_esr:10.0.3
  • Mozilla Firefox Extended Support Release (ESR) 10.0.4
    cpe:2.3:a:mozilla:firefox_esr:10.0.4
  • Mozilla Firefox Extended Support Release (ESR) 10.0.8
    cpe:2.3:a:mozilla:firefox_esr:10.0.8
  • Mozilla Firefox Extended Support Release (ESR) 10.0.11
    cpe:2.3:a:mozilla:firefox_esr:10.0.11
  • Mozilla Firefox Extended Support Release (ESR) 10.0.10
    cpe:2.3:a:mozilla:firefox_esr:10.0.10
  • Mozilla Firefox Extended Support Release (ESR) 10.0.6
    cpe:2.3:a:mozilla:firefox_esr:10.0.6
  • Mozilla Firefox Extended Support Release (ESR) 17.0
    cpe:2.3:a:mozilla:firefox_esr:17.0
  • Mozilla Firefox Extended Support Release (ESR) 17.0.1
    cpe:2.3:a:mozilla:firefox_esr:17.0.1
  • Mozilla Thunderbird 17.0
    cpe:2.3:a:mozilla:thunderbird:17.0
  • Mozilla Thunderbird 16.0
    cpe:2.3:a:mozilla:thunderbird:16.0
  • Mozilla Thunderbird 16.0.2
    cpe:2.3:a:mozilla:thunderbird:16.0.2
  • Mozilla Thunderbird 16.0.1
    cpe:2.3:a:mozilla:thunderbird:16.0.1
  • Mozilla Thunderbird 15.0.1
    cpe:2.3:a:mozilla:thunderbird:15.0.1
  • Mozilla Thunderbird 15.0
    cpe:2.3:a:mozilla:thunderbird:15.0
  • Mozilla Thunderbird 14.0
    cpe:2.3:a:mozilla:thunderbird:14.0
  • Mozilla Thunderbird 13.0.1
    cpe:2.3:a:mozilla:thunderbird:13.0.1
  • Mozilla Thunderbird 13.0
    cpe:2.3:a:mozilla:thunderbird:13.0
  • Mozilla Thunderbird 12.0.1
    cpe:2.3:a:mozilla:thunderbird:12.0.1
  • Mozilla Thunderbird 12.0
    cpe:2.3:a:mozilla:thunderbird:12.0
  • Mozilla Thunderbird 11.0.1
    cpe:2.3:a:mozilla:thunderbird:11.0.1
  • Mozilla Thunderbird 11.0
    cpe:2.3:a:mozilla:thunderbird:11.0
  • Mozilla Thunderbird 10.0.2
    cpe:2.3:a:mozilla:thunderbird:10.0.2
  • Mozilla Thunderbird 10.0.3
    cpe:2.3:a:mozilla:thunderbird:10.0.3
  • Mozilla Thunderbird 10.0.4
    cpe:2.3:a:mozilla:thunderbird:10.0.4
  • Mozilla Thunderbird 10.0.1
    cpe:2.3:a:mozilla:thunderbird:10.0.1
  • Mozilla Thunderbird 10.0
    cpe:2.3:a:mozilla:thunderbird:10.0
  • Mozilla Thunderbird 9.0.1
    cpe:2.3:a:mozilla:thunderbird:9.0.1
  • Mozilla Thunderbird 9.0
    cpe:2.3:a:mozilla:thunderbird:9.0
  • Mozilla Thunderbird 8.0
    cpe:2.3:a:mozilla:thunderbird:8.0
  • Mozilla Thunderbird 7.0.1
    cpe:2.3:a:mozilla:thunderbird:7.0.1
  • Mozilla Thunderbird 7.0
    cpe:2.3:a:mozilla:thunderbird:7.0
  • Mozilla Thunderbird 6.0
    cpe:2.3:a:mozilla:thunderbird:6.0
  • Mozilla Thunderbird 6.0.1
    cpe:2.3:a:mozilla:thunderbird:6.0.1
  • Mozilla Thunderbird 6.0.2
    cpe:2.3:a:mozilla:thunderbird:6.0.2
  • Mozilla Thunderbird 5.0
    cpe:2.3:a:mozilla:thunderbird:5.0
  • Mozilla Thunderbird 3.1.15
    cpe:2.3:a:mozilla:thunderbird:3.1.15
  • Mozilla Thunderbird 3.1.16
    cpe:2.3:a:mozilla:thunderbird:3.1.16
  • Mozilla Thunderbird 3.1.14
    cpe:2.3:a:mozilla:thunderbird:3.1.14
  • Mozilla Thunderbird 3.1.13
    cpe:2.3:a:mozilla:thunderbird:3.1.13
  • Mozilla Thunderbird 3.1.12
    cpe:2.3:a:mozilla:thunderbird:3.1.12
  • Mozilla Thunderbird 3.1.7
    cpe:2.3:a:mozilla:thunderbird:3.1.7
  • Mozilla Thunderbird 3.1.6
    cpe:2.3:a:mozilla:thunderbird:3.1.6
  • Mozilla Thunderbird 3.1.2
    cpe:2.3:a:mozilla:thunderbird:3.1.2
  • Mozilla Thunderbird 3.0.6
    cpe:2.3:a:mozilla:thunderbird:3.0.6
  • Mozilla Thunderbird 3.1.1
    cpe:2.3:a:mozilla:thunderbird:3.1.1
  • Mozilla Thunderbird 3.1
    cpe:2.3:a:mozilla:thunderbird:3.1
  • Mozilla Thunderbird 3.1.8
    cpe:2.3:a:mozilla:thunderbird:3.1.8
  • Mozilla Thunderbird 3.1.10
    cpe:2.3:a:mozilla:thunderbird:3.1.10
  • Mozilla Thunderbird 3.1.9
    cpe:2.3:a:mozilla:thunderbird:3.1.9
  • Mozilla Thunderbird 3.1.11
    cpe:2.3:a:mozilla:thunderbird:3.1.11
  • Mozilla Thunderbird 3.0.4
    cpe:2.3:a:mozilla:thunderbird:3.0.4
  • Mozilla Thunderbird 3.0
    cpe:2.3:a:mozilla:thunderbird:3.0
  • Mozilla Thunderbird 3.0.5
    cpe:2.3:a:mozilla:thunderbird:3.0.5
  • Mozilla Thunderbird 3.0.2
    cpe:2.3:a:mozilla:thunderbird:3.0.2
  • Mozilla Thunderbird 3.0.3
    cpe:2.3:a:mozilla:thunderbird:3.0.3
  • Mozilla Thunderbird 3.0.1
    cpe:2.3:a:mozilla:thunderbird:3.0.1
  • Mozilla Thunderbird 3.0.8
    cpe:2.3:a:mozilla:thunderbird:3.0.8
  • Mozilla Thunderbird 3.0.7
    cpe:2.3:a:mozilla:thunderbird:3.0.7
  • Mozilla Thunderbird 3.1.4
    cpe:2.3:a:mozilla:thunderbird:3.1.4
  • Mozilla Thunderbird 3.1.3
    cpe:2.3:a:mozilla:thunderbird:3.1.3
  • Mozilla Thunderbird 3.0.11
    cpe:2.3:a:mozilla:thunderbird:3.0.11
  • Mozilla Thunderbird 3.1.5
    cpe:2.3:a:mozilla:thunderbird:3.1.5
  • Mozilla Thunderbird 3.0.9
    cpe:2.3:a:mozilla:thunderbird:3.0.9
  • Mozilla Thunderbird 3.0.10
    cpe:2.3:a:mozilla:thunderbird:3.0.10
  • Mozilla Thunderbird 3.1.17
    cpe:2.3:a:mozilla:thunderbird:3.1.17
  • Mozilla Thunderbird 2.0.0.1
    cpe:2.3:a:mozilla:thunderbird:2.0.0.1
  • Mozilla Thunderbird 2.0.0.0
    cpe:2.3:a:mozilla:thunderbird:2.0.0.0
  • Mozilla Thunderbird 2.0.0.3
    cpe:2.3:a:mozilla:thunderbird:2.0.0.3
  • Mozilla Thunderbird 2.0.0.2
    cpe:2.3:a:mozilla:thunderbird:2.0.0.2
  • Mozilla Thunderbird 2.0.0.19
    cpe:2.3:a:mozilla:thunderbird:2.0.0.19
  • Mozilla Thunderbird 2.0.0.5
    cpe:2.3:a:mozilla:thunderbird:2.0.0.5
  • Mozilla Thunderbird 2.0.0.4
    cpe:2.3:a:mozilla:thunderbird:2.0.0.4
  • Mozilla Thunderbird 2.0.0.8
    cpe:2.3:a:mozilla:thunderbird:2.0.0.8
  • Mozilla Thunderbird 2.0.0.7
    cpe:2.3:a:mozilla:thunderbird:2.0.0.7
  • Mozilla Thunderbird 2.0.0.20
    cpe:2.3:a:mozilla:thunderbird:2.0.0.20
  • Mozilla Thunderbird 2.0.0.21
    cpe:2.3:a:mozilla:thunderbird:2.0.0.21
  • Mozilla Thunderbird 2.0.0.16
    cpe:2.3:a:mozilla:thunderbird:2.0.0.16
  • Mozilla Thunderbird 2.0.0.15
    cpe:2.3:a:mozilla:thunderbird:2.0.0.15
  • Mozilla Thunderbird 2.0.0.14
    cpe:2.3:a:mozilla:thunderbird:2.0.0.14
  • Mozilla Thunderbird 2.0.0.17
    cpe:2.3:a:mozilla:thunderbird:2.0.0.17
  • Mozilla Thunderbird 2.0.0.9
    cpe:2.3:a:mozilla:thunderbird:2.0.0.9
  • Mozilla Thunderbird 2.0.0.6
    cpe:2.3:a:mozilla:thunderbird:2.0.0.6
  • Mozilla Thunderbird 2.0.0.12
    cpe:2.3:a:mozilla:thunderbird:2.0.0.12
  • Mozilla Thunderbird 2.0.0.11
    cpe:2.3:a:mozilla:thunderbird:2.0.0.11
  • Mozilla Thunderbird 2.0
    cpe:2.3:a:mozilla:thunderbird:2.0
  • Mozilla Thunderbird 2.0.0.13
    cpe:2.3:a:mozilla:thunderbird:2.0.0.13
  • Mozilla Thunderbird 2.0.0.22
    cpe:2.3:a:mozilla:thunderbird:2.0.0.22
  • Mozilla Thunderbird 2.0.0.23
    cpe:2.3:a:mozilla:thunderbird:2.0.0.23
  • Mozilla Thunderbird 2.0.0.18
    cpe:2.3:a:mozilla:thunderbird:2.0.0.18
  • Mozilla Thunderbird 1.5.0.9
    cpe:2.3:a:mozilla:thunderbird:1.5.0.9
  • Mozilla Thunderbird 1.5.0.8
    cpe:2.3:a:mozilla:thunderbird:1.5.0.8
  • Mozilla Thunderbird 1.5.2
    cpe:2.3:a:mozilla:thunderbird:1.5.2
  • Mozilla Thunderbird 1.5.1
    cpe:2.3:a:mozilla:thunderbird:1.5.1
  • Mozilla Thunderbird 1.0.6
    cpe:2.3:a:mozilla:thunderbird:1.0.6
  • Mozilla Thunderbird 1.0.7
    cpe:2.3:a:mozilla:thunderbird:1.0.7
  • Mozilla Thunderbird 1.0.8
    cpe:2.3:a:mozilla:thunderbird:1.0.8
  • Mozilla Thunderbird 1.5
    cpe:2.3:a:mozilla:thunderbird:1.5
  • Mozilla Thunderbird 1.0.2
    cpe:2.3:a:mozilla:thunderbird:1.0.2
  • Mozilla Thunderbird 1.0.3
    cpe:2.3:a:mozilla:thunderbird:1.0.3
  • Mozilla Thunderbird 1.0.4
    cpe:2.3:a:mozilla:thunderbird:1.0.4
  • Mozilla Thunderbird 1.0.5
    cpe:2.3:a:mozilla:thunderbird:1.0.5
  • Mozilla Thunderbird 1.5.0.3
    cpe:2.3:a:mozilla:thunderbird:1.5.0.3
  • Mozilla Thunderbird 1.5.0.4
    cpe:2.3:a:mozilla:thunderbird:1.5.0.4
  • Mozilla Thunderbird 1.5.0.6
    cpe:2.3:a:mozilla:thunderbird:1.5.0.6
  • Mozilla Thunderbird 1.5.0.7
    cpe:2.3:a:mozilla:thunderbird:1.5.0.7
  • Mozilla Thunderbird 1.5.0.1
    cpe:2.3:a:mozilla:thunderbird:1.5.0.1
  • Mozilla Thunderbird 1.5.0.10
    cpe:2.3:a:mozilla:thunderbird:1.5.0.10
  • Mozilla Thunderbird 1.5.0.11
    cpe:2.3:a:mozilla:thunderbird:1.5.0.11
  • Mozilla Thunderbird 1.5.0.2
    cpe:2.3:a:mozilla:thunderbird:1.5.0.2
  • Mozilla Thunderbird 1.0.5 Beta
    cpe:2.3:a:mozilla:thunderbird:1.0.5:beta
  • Mozilla Thunderbird 1.5.0.12
    cpe:2.3:a:mozilla:thunderbird:1.5.0.12
  • Mozilla Thunderbird 1.5.0.5
    cpe:2.3:a:mozilla:thunderbird:1.5.0.5
  • Mozilla Thunderbird 1.5.0.13
    cpe:2.3:a:mozilla:thunderbird:1.5.0.13
  • Mozilla Thunderbird 1.5.0.14
    cpe:2.3:a:mozilla:thunderbird:1.5.0.14
  • Mozilla Thunderbird 1.5 Beta 2
    cpe:2.3:a:mozilla:thunderbird:1.5:beta2
  • Mozilla Mozilla Mail 1.7.1
    cpe:2.3:a:mozilla:thunderbird:1.7.1
  • Mozilla Mozilla Mail 1.7.3
    cpe:2.3:a:mozilla:thunderbird:1.7.3
  • Mozilla Thunderbird 1.0
    cpe:2.3:a:mozilla:thunderbird:1.0
  • Mozilla Thunderbird 1.0.1
    cpe:2.3:a:mozilla:thunderbird:1.0.1
  • Mozilla Thunderbird 0.7.2
    cpe:2.3:a:mozilla:thunderbird:0.7.2
  • Mozilla Thunderbird 0.7.3
    cpe:2.3:a:mozilla:thunderbird:0.7.3
  • Mozilla Thunderbird 0.7
    cpe:2.3:a:mozilla:thunderbird:0.7
  • Mozilla Thunderbird 0.7.1
    cpe:2.3:a:mozilla:thunderbird:0.7.1
  • Mozilla Thunderbird 0.8
    cpe:2.3:a:mozilla:thunderbird:0.8
  • Mozilla Thunderbird 0.9
    cpe:2.3:a:mozilla:thunderbird:0.9
  • Mozilla Thunderbird 0.1
    cpe:2.3:a:mozilla:thunderbird:0.1
  • Mozilla Thunderbird 0.2
    cpe:2.3:a:mozilla:thunderbird:0.2
  • Mozilla Thunderbird 0.5
    cpe:2.3:a:mozilla:thunderbird:0.5
  • Mozilla Thunderbird 0.6
    cpe:2.3:a:mozilla:thunderbird:0.6
  • Mozilla Thunderbird 0.3
    cpe:2.3:a:mozilla:thunderbird:0.3
  • Mozilla Thunderbird 0.4
    cpe:2.3:a:mozilla:thunderbird:0.4
  • Mozilla Thunderbird Extended Support Release (ESR) 10.0.5
    cpe:2.3:a:mozilla:thunderbird_esr:10.0.5
  • Mozilla Thunderbird Extended Support Release (ESR) 10.0
    cpe:2.3:a:mozilla:thunderbird_esr:10.0
  • Mozilla Thunderbird Extended Support Release (ESR) 10.0.1
    cpe:2.3:a:mozilla:thunderbird_esr:10.0.1
  • Mozilla Thunderbird Extended Support Release (ESR) 10.0.2
    cpe:2.3:a:mozilla:thunderbird_esr:10.0.2
  • Mozilla Thunderbird Extended Support Release (ESR) 10.0.3
    cpe:2.3:a:mozilla:thunderbird_esr:10.0.3
  • Mozilla Thunderbird Extended Support Release (ESR) 10.0.4
    cpe:2.3:a:mozilla:thunderbird_esr:10.0.4
  • Mozilla Thunderbird Extended Support Release (ESR) 10.0.9
    cpe:2.3:a:mozilla:thunderbird_esr:10.0.9
  • Mozilla Thunderbird Extended Support Release (ESR) 10.0.8
    cpe:2.3:a:mozilla:thunderbird_esr:10.0.8
  • Mozilla Thunderbird Extended Support Release (ESR) 10.0.7
    cpe:2.3:a:mozilla:thunderbird_esr:10.0.7
  • Mozilla Thunderbird Extended Support Release (ESR) 10.0.11
    cpe:2.3:a:mozilla:thunderbird_esr:10.0.11
  • Mozilla Thunderbird Extended Support Release (ESR) 10.0.10
    cpe:2.3:a:mozilla:thunderbird_esr:10.0.10
  • Mozilla Thunderbird Extended Support Release (ESR) 10.0.6
    cpe:2.3:a:mozilla:thunderbird_esr:10.0.6
  • Mozilla Thunderbird Extended Support Release (ESR) 17.0
    cpe:2.3:a:mozilla:thunderbird_esr:17.0
  • Mozilla Thunderbird Extended Support Release (ESR) 17.0.1
    cpe:2.3:a:mozilla:thunderbird_esr:17.0.1
  • Mozilla Seamonkey 2.15 beta4
    cpe:2.3:a:mozilla:seamonkey:2.15:beta4
  • Mozilla Seamonkey 2.15 beta3
    cpe:2.3:a:mozilla:seamonkey:2.15:beta3
  • Mozilla Seamonkey 2.15 beta2
    cpe:2.3:a:mozilla:seamonkey:2.15:beta2
  • Mozilla Seamonkey 2.15 beta1
    cpe:2.3:a:mozilla:seamonkey:2.15:beta1
  • Mozilla Seamonkey 2.15 beta5
    cpe:2.3:a:mozilla:seamonkey:2.15:beta5
  • Mozilla Seamonkey 2.15 beta6
    cpe:2.3:a:mozilla:seamonkey:2.15:beta6
  • cpe:2.3:a:mozilla:seamonkey:2.14.1
    cpe:2.3:a:mozilla:seamonkey:2.14.1
  • Mozilla Seamonkey 2.14 beta1
    cpe:2.3:a:mozilla:seamonkey:2.14:beta1
  • Mozilla Seamonkey 2.14 beta5
    cpe:2.3:a:mozilla:seamonkey:2.14:beta5
  • Mozilla Seamonkey 2.14 beta4
    cpe:2.3:a:mozilla:seamonkey:2.14:beta4
  • Mozilla Seamonkey 2.14 beta3
    cpe:2.3:a:mozilla:seamonkey:2.14:beta3
  • Mozilla Seamonkey 2.14 beta2
    cpe:2.3:a:mozilla:seamonkey:2.14:beta2
  • Mozilla Seamonkey 2.14
    cpe:2.3:a:mozilla:seamonkey:2.14
  • Mozilla SeaMonkey 2.13 beta1
    cpe:2.3:a:mozilla:seamonkey:2.13:beta1
  • Mozilla SeaMonkey 2.13 beta2
    cpe:2.3:a:mozilla:seamonkey:2.13:beta2
  • Mozilla SeaMonkey 2.13 beta3
    cpe:2.3:a:mozilla:seamonkey:2.13:beta3
  • Mozilla SeaMonkey 2.13 beta4
    cpe:2.3:a:mozilla:seamonkey:2.13:beta4
  • Mozilla SeaMonkey 2.13 beta5
    cpe:2.3:a:mozilla:seamonkey:2.13:beta5
  • Mozilla SeaMonkey 2.13 beta6
    cpe:2.3:a:mozilla:seamonkey:2.13:beta6
  • Mozilla SeaMonkey 2.13
    cpe:2.3:a:mozilla:seamonkey:2.13
  • Mozilla Seamonkey 2.13.2
    cpe:2.3:a:mozilla:seamonkey:2.13.2
  • Mozilla SeaMonkey 2.13.1
    cpe:2.3:a:mozilla:seamonkey:2.13.1
  • Mozilla SeaMonkey 2.12.1
    cpe:2.3:a:mozilla:seamonkey:2.12.1
  • Mozilla SeaMonkey 2.12 beta5
    cpe:2.3:a:mozilla:seamonkey:2.12:beta5
  • Mozilla SeaMonkey 2.12 beta6
    cpe:2.3:a:mozilla:seamonkey:2.12:beta6
  • Mozilla SeaMonkey 2.12 beta3
    cpe:2.3:a:mozilla:seamonkey:2.12:beta3
  • Mozilla SeaMonkey 2.12 beta4
    cpe:2.3:a:mozilla:seamonkey:2.12:beta4
  • Mozilla SeaMonkey 2.12 beta1
    cpe:2.3:a:mozilla:seamonkey:2.12:beta1
  • Mozilla SeaMonkey 2.12 beta2
    cpe:2.3:a:mozilla:seamonkey:2.12:beta2
  • Mozilla SeaMonkey 2.12
    cpe:2.3:a:mozilla:seamonkey:2.12
  • Mozilla SeaMonkey 2.11 beta4
    cpe:2.3:a:mozilla:seamonkey:2.11:beta4
  • Mozilla SeaMonkey 2.11 beta3
    cpe:2.3:a:mozilla:seamonkey:2.11:beta3
  • Mozilla SeaMonkey 2.11 beta2
    cpe:2.3:a:mozilla:seamonkey:2.11:beta2
  • Mozilla SeaMonkey 2.11 beta1
    cpe:2.3:a:mozilla:seamonkey:2.11:beta1
  • Mozilla SeaMonkey 2.11 beta6
    cpe:2.3:a:mozilla:seamonkey:2.11:beta6
  • Mozilla SeaMonkey 2.11 beta5
    cpe:2.3:a:mozilla:seamonkey:2.11:beta5
  • Mozilla SeaMonkey 2.11
    cpe:2.3:a:mozilla:seamonkey:2.11
  • Mozilla SeaMonkey 2.10
    cpe:2.3:a:mozilla:seamonkey:2.10
  • Mozilla SeaMonkey 2.10.1
    cpe:2.3:a:mozilla:seamonkey:2.10.1
  • Mozilla SeaMonkey 2.10 beta3
    cpe:2.3:a:mozilla:seamonkey:2.10:beta3
  • Mozilla SeaMonkey 2.10 beta2
    cpe:2.3:a:mozilla:seamonkey:2.10:beta2
  • Mozilla SeaMonkey 2.10 beta1
    cpe:2.3:a:mozilla:seamonkey:2.10:beta1
  • Mozilla SeaMonkey 2.9.1
    cpe:2.3:a:mozilla:seamonkey:2.9.1
  • Mozilla SeaMonkey 2.9 beta4
    cpe:2.3:a:mozilla:seamonkey:2.9:beta4
  • Mozilla SeaMonkey 2.9 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.9:beta2
  • Mozilla SeaMonkey 2.9 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.9:beta1
  • Mozilla SeaMonkey 2.9
    cpe:2.3:a:mozilla:seamonkey:2.9
  • Mozilla SeaMonkey 2.9 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.9:beta3
  • Mozilla SeaMonkey 2.8 Beta 6
    cpe:2.3:a:mozilla:seamonkey:2.8:beta6
  • Mozilla SeaMonkey 2.8
    cpe:2.3:a:mozilla:seamonkey:2.8
  • Mozilla SeaMonkey 2.8 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.8:beta1
  • Mozilla SeaMonkey 2.8 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.8:beta3
  • Mozilla SeaMonkey 2.8 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.8:beta2
  • Mozilla SeaMonkey 2.8 Beta 5
    cpe:2.3:a:mozilla:seamonkey:2.8:beta5
  • Mozilla SeaMonkey 2.8 Beta 4
    cpe:2.3:a:mozilla:seamonkey:2.8:beta4
  • Mozilla SeaMonkey 2.7.1
    cpe:2.3:a:mozilla:seamonkey:2.7.1
  • Mozilla SeaMonkey 2.7.2
    cpe:2.3:a:mozilla:seamonkey:2.7.2
  • Mozilla SeaMonkey 2.7 Beta 4
    cpe:2.3:a:mozilla:seamonkey:2.7:beta4
  • Mozilla SeaMonkey 2.7 Beta 5
    cpe:2.3:a:mozilla:seamonkey:2.7:beta5
  • Mozilla SeaMonkey 2.7 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.7:beta1
  • Mozilla SeaMonkey 2.7 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.7:beta2
  • Mozilla SeaMonkey 2.7 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.7:beta3
  • Mozilla SeaMonkey 2.7
    cpe:2.3:a:mozilla:seamonkey:2.7
  • Mozilla SeaMonkey 2.6 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.6:beta1
  • Mozilla SeaMonkey 2.6 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.6:beta2
  • Mozilla SeaMonkey 2.6 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.6:beta3
  • Mozilla SeaMonkey 2.6 Beta 4
    cpe:2.3:a:mozilla:seamonkey:2.6:beta4
  • Mozilla SeaMonkey 2.6
    cpe:2.3:a:mozilla:seamonkey:2.6
  • Mozilla SeaMonkey 2.6.1
    cpe:2.3:a:mozilla:seamonkey:2.6.1
  • Mozilla SeaMonkey 2.5
    cpe:2.3:a:mozilla:seamonkey:2.5
  • Mozilla SeaMonkey 2.5 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.5:beta1
  • Mozilla SeaMonkey 2.5 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.5:beta3
  • Mozilla SeaMonkey 2.5 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.5:beta2
  • Mozilla SeaMonkey 2.5 Beta 4
    cpe:2.3:a:mozilla:seamonkey:2.5:beta4
  • Mozilla SeaMonkey 2.4
    cpe:2.3:a:mozilla:seamonkey:2.4
  • Mozilla SeaMonkey 2.4.1
    cpe:2.3:a:mozilla:seamonkey:2.4.1
  • Mozilla SeaMonkey 2.4 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.4:beta1
  • Mozilla SeaMonkey 2.4 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.4:beta3
  • Mozilla SeaMonkey 2.4 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.4:beta2
  • Mozilla SeaMonkey 2.3.3
    cpe:2.3:a:mozilla:seamonkey:2.3.3
  • Mozilla SeaMonkey 2.3 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.3:beta3
  • Mozilla SeaMonkey 2.3 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.3:beta2
  • Mozilla SeaMonkey 2.3.1
    cpe:2.3:a:mozilla:seamonkey:2.3.1
  • Mozilla SeaMonkey 2.3
    cpe:2.3:a:mozilla:seamonkey:2.3
  • Mozilla SeaMonkey 2.3.2
    cpe:2.3:a:mozilla:seamonkey:2.3.2
  • Mozilla SeaMonkey 2.3 Beta1
    cpe:2.3:a:mozilla:seamonkey:2.3:beta1
  • Mozilla SeaMonkey 2.2 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.2:beta1
  • Mozilla SeaMonkey 2.2
    cpe:2.3:a:mozilla:seamonkey:2.2
  • Mozilla SeaMonkey 2.2 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.2:beta2
  • Mozilla SeaMonkey 2.2 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.2:beta3
  • Mozilla SeaMonkey 2.1 Release Candidate 2
    cpe:2.3:a:mozilla:seamonkey:2.1:rc2
  • Mozilla SeaMonkey 2.1 Release Candidate 1
    cpe:2.3:a:mozilla:seamonkey:2.1:rc1
  • Mozilla SeaMonkey 2.1 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.1:beta3
  • Mozilla SeaMonkey 2.1 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.1:beta2
  • Mozilla SeaMonkey 2.1 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.1:beta1
  • Mozilla SeaMonkey 2.1 alpha3
    cpe:2.3:a:mozilla:seamonkey:2.1:alpha3
  • Mozilla SeaMonkey 2.1 alpha2
    cpe:2.3:a:mozilla:seamonkey:2.1:alpha2
  • Mozilla SeaMonkey 2.1 alpha1
    cpe:2.3:a:mozilla:seamonkey:2.1:alpha1
  • Mozilla SeaMonkey 2.1
    cpe:2.3:a:mozilla:seamonkey:2.1
  • Mozilla SeaMonkey 2.0.11
    cpe:2.3:a:mozilla:seamonkey:2.0.11
  • Mozilla SeaMonkey 2.0.6
    cpe:2.3:a:mozilla:seamonkey:2.0.6
  • Mozilla SeaMonkey 2.0.5
    cpe:2.3:a:mozilla:seamonkey:2.0.5
  • Mozilla SeaMonkey 2.0.2
    cpe:2.3:a:mozilla:seamonkey:2.0.2
  • Mozilla SeaMonkey 2.0.1
    cpe:2.3:a:mozilla:seamonkey:2.0.1
  • Mozilla SeaMonkey 2.0.12
    cpe:2.3:a:mozilla:seamonkey:2.0.12
  • Mozilla SeaMonkey 2.0.13
    cpe:2.3:a:mozilla:seamonkey:2.0.13
  • Mozilla SeaMonkey 2.0.14
    cpe:2.3:a:mozilla:seamonkey:2.0.14
  • Mozilla SeaMonkey 2.0.3
    cpe:2.3:a:mozilla:seamonkey:2.0.3
  • Mozilla SeaMonkey 2.0
    cpe:2.3:a:mozilla:seamonkey:2.0
  • Mozilla SeaMonkey 2.0 RC2
    cpe:2.3:a:mozilla:seamonkey:2.0:rc2
  • Mozilla SeaMonkey 2.0.4
    cpe:2.3:a:mozilla:seamonkey:2.0.4
  • Mozilla SeaMonkey 2.0 Alpha 2
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2
  • Mozilla SeaMonkey 2.0 Alpha 1
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1
  • Mozilla SeaMonkey 2.0 RC1
    cpe:2.3:a:mozilla:seamonkey:2.0:rc1
  • Mozilla SeaMonkey 2.0 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.0:beta_2
  • Mozilla SeaMonkey 2.0 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.0:beta_1
  • Mozilla SeaMonkey 2.0 Alpha 3
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3
  • Mozilla SeaMonkey 2.0.8
    cpe:2.3:a:mozilla:seamonkey:2.0.8
  • Mozilla SeaMonkey 2.0.7
    cpe:2.3:a:mozilla:seamonkey:2.0.7
  • cpe:2.3:a:mozilla:seamonkey:2.0a1:-:pre
    cpe:2.3:a:mozilla:seamonkey:2.0a1:-:pre
  • cpe:2.3:a:mozilla:seamonkey:2.0a1pre
    cpe:2.3:a:mozilla:seamonkey:2.0a1pre
  • Mozilla SeaMonkey 2.0.9
    cpe:2.3:a:mozilla:seamonkey:2.0.9
  • Mozilla SeaMonkey 2.0.10
    cpe:2.3:a:mozilla:seamonkey:2.0.10
  • Mozilla SeaMonkey 1.1.17
    cpe:2.3:a:mozilla:seamonkey:1.1.17
  • Mozilla SeaMonkey 1.1.16
    cpe:2.3:a:mozilla:seamonkey:1.1.16
  • Mozilla Seamonkey 1.1.1
    cpe:2.3:a:mozilla:seamonkey:1.1.1
  • Mozilla SeaMonkey 1.1.14
    cpe:2.3:a:mozilla:seamonkey:1.1.14
  • Mozilla SeaMonkey 1.1.15
    cpe:2.3:a:mozilla:seamonkey:1.1.15
  • Mozilla SeaMonkey 1.1.11
    cpe:2.3:a:mozilla:seamonkey:1.1.11
  • Mozilla SeaMonkey 1.1.12
    cpe:2.3:a:mozilla:seamonkey:1.1.12
  • Mozilla SeaMonkey 1.1 alpha
    cpe:2.3:a:mozilla:seamonkey:1.1:alpha
  • cpe:2.3:a:mozilla:seamonkey:1.0:-:beta
    cpe:2.3:a:mozilla:seamonkey:1.0:-:beta
  • Mozilla SeaMonkey 1.0 alpha
    cpe:2.3:a:mozilla:seamonkey:1.0:alpha
  • Mozilla SeaMonkey 1.1.10
    cpe:2.3:a:mozilla:seamonkey:1.1.10
  • Mozilla SeaMonkey 1.0 beta
    cpe:2.3:a:mozilla:seamonkey:1.0:beta
  • Mozilla Seamonkey 1.1.4
    cpe:2.3:a:mozilla:seamonkey:1.1.4
  • Mozilla Seamonkey 1.1.5
    cpe:2.3:a:mozilla:seamonkey:1.1.5
  • cpe:2.3:a:mozilla:seamonkey:1.0:-:alpha
    cpe:2.3:a:mozilla:seamonkey:1.0:-:alpha
  • cpe:2.3:a:mozilla:seamonkey:1.1.5:1.1.10
    cpe:2.3:a:mozilla:seamonkey:1.1.5:1.1.10
  • cpe:2.3:a:mozilla:seamonkey:1.0:-:dev
    cpe:2.3:a:mozilla:seamonkey:1.0:-:dev
  • cpe:2.3:a:mozilla:seamonkey:1.0.99
    cpe:2.3:a:mozilla:seamonkey:1.0.99
  • Mozilla Seamonkey 1.1.19
    cpe:2.3:a:mozilla:seamonkey:1.1.19
  • Mozilla Seamonkey 1.1.18
    cpe:2.3:a:mozilla:seamonkey:1.1.18
  • Mozilla SeaMonkey 1.1.8
    cpe:2.3:a:mozilla:seamonkey:1.1.8
  • Mozilla Seamonkey 1.1.7
    cpe:2.3:a:mozilla:seamonkey:1.1.7
  • Mozilla Seamonkey 1.1.6
    cpe:2.3:a:mozilla:seamonkey:1.1.6
  • Mozilla SeaMonkey 1.1.9
    cpe:2.3:a:mozilla:seamonkey:1.1.9
  • Mozilla SeaMonkey 1.5.0.8
    cpe:2.3:a:mozilla:seamonkey:1.5.0.8
  • Mozilla SeaMonkey 1.5.0.9
    cpe:2.3:a:mozilla:seamonkey:1.5.0.9
  • Mozilla SeaMonkey 1.0.9
    cpe:2.3:a:mozilla:seamonkey:1.0.9
  • Mozilla SeaMonkey 1.0.8
    cpe:2.3:a:mozilla:seamonkey:1.0.8
  • Mozilla SeaMonkey 1.0.7
    cpe:2.3:a:mozilla:seamonkey:1.0.7
  • Mozilla SeaMonkey 1.0.6
    cpe:2.3:a:mozilla:seamonkey:1.0.6
  • Mozilla SeaMonkey 1.5.0.10
    cpe:2.3:a:mozilla:seamonkey:1.5.0.10
  • Mozilla Seamonkey 1.1.3
    cpe:2.3:a:mozilla:seamonkey:1.1.3
  • Mozilla Seamonkey 1.1.2
    cpe:2.3:a:mozilla:seamonkey:1.1.2
  • Mozilla SeaMonkey 1.1.13
    cpe:2.3:a:mozilla:seamonkey:1.1.13
  • Mozilla SeaMonkey 1.1
    cpe:2.3:a:mozilla:seamonkey:1.1
  • Mozilla SeaMonkey 1.0.1
    cpe:2.3:a:mozilla:seamonkey:1.0.1
  • Mozilla SeaMonkey 1.0
    cpe:2.3:a:mozilla:seamonkey:1.0
  • Mozilla SeaMonkey 1.1 beta
    cpe:2.3:a:mozilla:seamonkey:1.1:beta
  • Mozilla SeaMonkey 1.0.5
    cpe:2.3:a:mozilla:seamonkey:1.0.5
  • Mozilla SeaMonkey 1.0.4
    cpe:2.3:a:mozilla:seamonkey:1.0.4
  • Mozilla SeaMonkey 1.0.3
    cpe:2.3:a:mozilla:seamonkey:1.0.3
  • Mozilla SeaMonkey 1.0.2
    cpe:2.3:a:mozilla:seamonkey:1.0.2
CVSS
Base: 9.3 (as of 14-01-2013 - 13:50)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201309-23.NASL
    description The remote host is affected by the vulnerability described in GLSA-201309-23 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Further, a remote attacker could conduct XSS attacks, spoof URLs, bypass address space layout randomization, conduct clickjacking attacks, obtain potentially sensitive information, bypass access restrictions, modify the local filesystem, or conduct other unspecified attacks. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 70183
    published 2013-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70183
    title GLSA-201309-23 : Mozilla Products: Multiple vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_17_0_2.NASL
    description The installed version of Firefox ESR is earlier than 17.0.2 and thus, is potentially affected by the following security issues : - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to the 'AutoWrapperChanger' class that does not properly manage objects during garbage collection. (CVE-2012-0745) - An error exists related to 'jsval', 'quickstubs', and compartmental mismatches that could lead to potentially exploitable crashes. (CVE-2013-0746) - Errors exist related to events in the plugin handler that could allow same-origin policy bypass. (CVE-2013-0747) - An error related to the 'toString' method of XBL objects could lead to address information leakage. (CVE-2013-0748) - A buffer overflow exists related to JavaScript string concatenation. (CVE-2013-0750) - An error exists related to multiple XML bindings with SVG content, contained in XBL files. (CVE-2013-0752) - A use-after-free error exists related to 'XMLSerializer' and 'serializeToStream'. (CVE-2013-0753) - A use-after-free error exists related to garbage collection and 'ListenManager'. (CVE-2013-0754) - A use-after-free error exists related to the 'Vibrate' library and 'domDoc'. (CVE-2013-0755) - A use-after-free error exists related to JavaScript 'Proxy' objects. (CVE-2013-0756) - 'Chrome Object Wrappers' (COW) can be bypassed by changing object prototypes, which could allow arbitrary code execution. (CVE-2013-0757) - An error related to SVG elements and plugins could allow privilege escalation. (CVE-2013-0758) - An error exists related to the address bar that could allow URL spoofing attacks. (CVE-2013-0759) - An error exists related to SSL and threading that could result in potentially exploitable crashes. (CVE-2013-0764) - An error exists related to 'Canvas' and bad height or width values passed to it from HTML. (CVE-2013-0768)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 63544
    published 2013-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63544
    title Firefox ESR < 17.0.2 Multiple Vulnerabilities (Mac OS X)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_THUNDERBIRD_10_0_12.NASL
    description The installed version of Thunderbird 10.x is potentially affected by the following security issues : - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to 'jsval', 'quickstubs', and compartmental mismatches that could lead to potentially exploitable crashes. (CVE-2013-0746) - An error related to the 'toString' method of XBL objects could lead to address information leakage. (CVE-2013-0748) - A buffer overflow exists related to JavaScript string concatenation. (CVE-2013-0750) - A use-after-free error exists related to 'XMLSerializer' and 'serializeToStream'. (CVE-2013-0753) - A use-after-free error exists related to garbage collection and 'ListenManager'. (CVE-2013-0754) - An error related to SVG elements and plugins could allow privilege escalation. (CVE-2013-0758) - An error exists related to the address bar that could allow URL spoofing attacks. (CVE-2013-0759) - Multiple, unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. (CVE-2013-0762, CVE-2013-0766, CVE-2013-0767) - An unspecified memory corruption issue exists. (CVE-2013-0769) Please note the 10.x ESR branch will no longer be supported as of 02/13/2013. Only the 17.x ESR branch will receive security updates after that date.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 63546
    published 2013-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63546
    title Thunderbird 10.x < 10.0.12 Multiple Vulnerabilities (Mac OS X)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_1702.NASL
    description The installed version of Firefox 17.x is potentially affected by the following security issues : - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to the 'AutoWrapperChanger' class that does not properly manage objects during garbage collection. (CVE-2012-0745) - An error exists related to 'jsval', 'quickstubs', and compartmental mismatches that could lead to potentially exploitable crashes. (CVE-2013-0746) - Errors exist related to events in the plugin handler that could allow same-origin policy bypass. (CVE-2013-0747) - An error related to the 'toString' method of XBL objects could lead to address information leakage. (CVE-2013-0748) - A buffer overflow exists related to JavaScript string concatenation. (CVE-2013-0750) - An error exists related to multiple XML bindings with SVG content, contained in XBL files. (CVE-2013-0752) - A use-after-free error exists related to 'XMLSerializer' and 'serializeToStream'. (CVE-2013-0753) - A use-after-free error exists related to garbage collection and 'ListenManager'. (CVE-2013-0754) - A use-after-free error exists related to the 'Vibrate' library and 'domDoc'. (CVE-2013-0755) - A use-after-free error exists related to JavaScript 'Proxy' objects. (CVE-2013-0756) - 'Chrome Object Wrappers' (COW) can be bypassed by changing object prototypes, which could allow arbitrary code execution. (CVE-2013-0757) - An error related to SVG elements and plugins could allow privilege escalation. (CVE-2013-0758) - An error exists related to the address bar that could allow URL spoofing attacks. (CVE-2013-0759) - An error exists related to SSL and threading that could result in potentially exploitable crashes. (CVE-2013-0764) - An error exists related to 'Canvas' and bad height or width values passed to it from HTML. (CVE-2013-0768)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 63550
    published 2013-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63550
    title Firefox ESR 17.x < 17.0.2 Multiple Vulnerabilities
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_10012.NASL
    description The installed version of Firefox 10.x is potentially affected by the following security issues : - Multiple, unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. (CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771) - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to the 'AutoWrapperChanger' class that does not properly manage objects during garbage collection. (CVE-2012-0745) - An error exists related to 'jsval', 'quickstubs', and compartmental mismatches that could lead to potentially exploitable crashes. (CVE-2013-0746) - Errors exist related to events in the plugin handler that could allow same-origin policy bypass. (CVE-2013-0747) - An error related to the 'toString' method of XBL objects could lead to address information leakage. (CVE-2013-0748) - An unspecified memory corruption issue exists. (CVE-2013-0749, CVE-2013-0769) - A buffer overflow exists related to JavaScript string concatenation. (CVE-2013-0750) - An error exists related to multiple XML bindings with SVG content, contained in XBL files. (CVE-2013-0752) - A use-after-free error exists related to 'XMLSerializer' and 'serializeToStream'. (CVE-2013-0753) - A use-after-free error exists related to garbage collection and 'ListenManager'. (CVE-2013-0754) - A use-after-free error exists related to the 'Vibrate' library and 'domDoc'. (CVE-2013-0755) - A use-after-free error exists related to JavaScript 'Proxy' objects. (CVE-2013-0756) - 'Chrome Object Wrappers' (COW) can be bypassed by changing object prototypes, which could allow arbitrary code execution. (CVE-2013-0757) - An error related to SVG elements and plugins could allow privilege escalation. (CVE-2013-0758) - An error exists related to the address bar that could allow URL spoofing attacks. (CVE-2013-0759) - An error exists related to SSL and threading that could result in potentially exploitable crashes. (CVE-2013-0764) - An error exists related to 'Canvas' and bad height or width values passed to it from HTML. (CVE-2013-0768) Please note the 10.x ESR branch will no longer be supported as of 02/13/2013. Only the 17.x ESR branch will receive security updates after that date.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 63548
    published 2013-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63548
    title Firefox 10.x < 10.0.12 Multiple Vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0145.NASL
    description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769) A flaw was found in the way Chrome Object Wrappers were implemented. Malicious content could be used to cause Thunderbird to execute arbitrary code via plug-ins installed in Thunderbird. (CVE-2013-0758) A flaw in the way Thunderbird displayed URL values could allow malicious content or a user to perform a phishing attack. (CVE-2013-0759) An information disclosure flaw was found in the way certain JavaScript functions were implemented in Thunderbird. An attacker could use this flaw to bypass Address Space Layout Randomization (ASLR) and other security restrictions. (CVE-2013-0748) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt, regenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse Ruderman as the original reporters of these issues. Note: All issues except CVE-2013-0744, CVE-2013-0753, and CVE-2013-0754 cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.12 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 63432
    published 2013-01-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63432
    title CentOS 5 / 6 : thunderbird (CESA-2013:0145)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_FIREFOX-201301-130110.NASL
    description Mozilla Firefox was updated to the 10.0.12ESR release. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2013-01) - Christoph Diehl, Christian Holler, Mats Palmgren, and Chiaki Ishikawa reported memory safety problems and crashes that affect Firefox ESR 10, Firefox ESR 17, and Firefox 17. (CVE-2013-0769) - Bill Gianopoulos, Benoit Jacob, Christoph Diehl, Christian Holler, Gary Kwong, Robert O'Callahan, and Scoobidiver reported memory safety problems and crashes that affect Firefox ESR 17 and Firefox 17. (CVE-2013-0749) - Jesse Ruderman, Christian Holler, Julian Seward, and Scoobidiver reported memory safety problems and crashes that affect Firefox 17. (CVE-2013-0770) - Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free, out of bounds read, and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting three additional user-after-free and out of bounds read flaws introduced during Firefox development that were fixed before general release. (MFSA 2013-02) The following issue was fixed in Firefox 18 : - Global-buffer-overflow in CharDistributionAnalysis::HandleOneChar. (CVE-2013-0760) The following issues were fixed in Firefox 18, ESR 17.0.1, and ESR 10.0.12 : - Heap-use-after-free in imgRequest::OnStopFrame. (CVE-2013-0762) - Heap-use-after-free in ~nsHTMLEditRules. (CVE-2013-0766) - Out of bounds read in nsSVGPathElement::GetPathLengthScale. (CVE-2013-0767) The following issues were fixed in Firefox 18 and ESR 17.0.1 : - Heap-use-after-free in mozilla::TrackUnionStream::EndTrack. (CVE-2013-0761) - Heap-use-after-free in Mesa, triggerable by resizing a WebGL canvas. (CVE-2013-0763) - Heap-buffer-overflow in gfxTextRun::ShrinkToLigatureBoundaries. (CVE-2013-0771) The following issue was fixed in Firefox 18 and in the earlier ESR 10.0.11 release : - Heap-buffer-overflow in nsWindow::OnExposeEvent. (CVE-2012-5829) - Security researcher miaubiz used the Address Sanitizer tool to discover a buffer overflow in Canvas when specific bad height and width values were given through HTML. This could lead to a potentially exploitable crash. (CVE-2013-0768). (MFSA 2013-03) Miaubiz also found a potentially exploitable crash when 2D and 3D content was mixed which was introduced during Firefox development and fixed before general release. - Security researcher Masato Kinugawa found a flaw in which the displayed URL values within the addressbar can be spoofed by a page during loading. This allows for phishing attacks where a malicious page can spoof the identify of another site. (CVE-2013-0759). (MFSA 2013-04) - Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered that the combination of large numbers of columns and column groups in a table could cause the array containing the columns during rendering to overwrite itself. This can lead to a user-after-free causing a potentially exploitable crash. (CVE-2013-0744). (MFSA 2013-05) - Mozilla developer Wesley Johnston reported that when there are two or more iframes on the same HTML page, an iframe is able to see the touch events and their targets that occur within the other iframes on the page. If the iframes are from the same origin, they can also access the properties and methods of the targets of other iframes but same-origin policy (SOP) restricts access across domains. This allows for information leakage and possibilities for cross-site scripting (XSS) if another vulnerability can be used to get around SOP restrictions. (CVE-2013-0751). (MFSA 2013-06) - Mozilla community member Jerry Baker reported a crashing issue found through Thunderbird when downloading messages over a Secure Sockets Layer (SSL) connection. This was caused by a bug in the networking code assuming that secure connections were entirely handled on the socket transport thread when they can occur on a variety of threads. The resulting crash was potentially exploitable. (CVE-2013-0764). (MFSA 2013-07) - Mozilla developer Olli Pettay discovered that the AutoWrapperChanger class fails to keep some JavaScript objects alive during garbage collection. This can lead to an exploitable crash allowing for arbitrary code execution. (CVE-2013-0745). (MFSA 2013-08) - Mozilla developer Boris Zbarsky reported reported a problem where jsval-returning quickstubs fail to wrap their return values, causing a compartment mismatch. This mismatch can cause garbage collection to occur incorrectly and lead to a potentially exploitable crash. (CVE-2013-0746). (MFSA 2013-09) - Mozilla security researcher Jesse Ruderman reported that events in the plugin handler can be manipulated by web content to bypass same-origin policy (SOP) restrictions. This can allow for clickjacking on malicious web pages. (CVE-2013-0747). (MFSA 2013-10) - Mozilla security researcher Jesse Ruderman discovered that using the toString function of XBL objects can lead to inappropriate information leakage by revealing the address space layout instead of just the ID of the object. This layout information could potentially be used to bypass ASLR and other security protections. (CVE-2013-0748). (MFSA 2013-11) - Security researcher pa_kt reported a flaw via TippingPoint's Zero Day Initiative that an integer overflow is possible when calculating the length for a JavaScript string concatenation, which is then used for memory allocation. This results in a buffer overflow, leading to a potentially exploitable memory corruption. (CVE-2013-0750). (MFSA 2013-12) - Security researcher Sviatoslav Chagaev reported that when using an XBL file containing multiple XML bindings with SVG content, a memory corruption can occur. In concern with remote XUL, this can lead to an exploitable crash. (CVE-2013-0752). (MFSA 2013-13) - Security researcher Mariusz Mlynski reported that it is possible to change the prototype of an object and bypass Chrome Object Wrappers (COW) to gain access to chrome privileged functions. This could allow for arbitrary code execution. (CVE-2013-0757). (MFSA 2013-14) - Security researcher Mariusz Mlynski reported that it is possible to open a chrome privileged web page through plugin objects through interaction with SVG elements. This could allow for arbitrary code execution. (CVE-2013-0758). (MFSA 2013-15) - Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free in XMLSerializer by the exposing of serializeToStream to web content. This can lead to arbitrary code execution when exploited. (CVE-2013-0753). (MFSA 2013-16) - Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free within the ListenerManager when garbage collection is forced after data in listener objects have been allocated in some circumstances. This results in a use-after-free which can lead to arbitrary code execution. (CVE-2013-0754). (MFSA 2013-17) - Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free using the domDoc pointer within Vibrate library. This can lead to arbitrary code execution when exploited. (CVE-2013-0755). (MFSA 2013-18) - Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a garbage collection flaw in JavaScript Proxy objects. This can lead to a use-after-free leading to arbitrary code execution. (CVE-2013-0756). (MFSA 2013-19) - Google reported to Mozilla that TURKTRUST, a certificate authority in Mozilla's root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle (MITM) traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates. (CVE-2013-0743). (MFSA 2013-20)
    last seen 2019-02-21
    modified 2014-05-22
    plugin id 64136
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64136
    title SuSE 11.2 Security Update : MozillaFirefox (SAT Patch Number 7224)
  • NASL family Windows
    NASL id SEAMONKEY_215.NASL
    description The installed version of SeaMonkey is earlier than 2.15 and thus, is potentially affected by the following security issues : - Multiple, unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. (CVE-2012-5829, CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771) - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to the 'AutoWrapperChanger' class that does not properly manage objects during garbage collection. (CVE-2012-0745) - An error exists related to 'jsval', 'quickstubs', and compartmental mismatches that can lead potentially exploitable crashes. (CVE-2013-0746) - Errors exist related to events in the plugin handler that can allow same-origin policy bypass. (CVE-2013-0747) - An error related to the 'toString' method of XBL objects can lead to address information leakage. (CVE-2013-0748) - An unspecified memory corruption issue exists. (CVE-2013-0749, CVE-2013-0769, CVE-2013-0770) - A buffer overflow exists related to JavaScript string concatenation. (CVE-2013-0750) - An error exists related to multiple XML bindings with SVG content, contained in XBL files. (CVE-2013-0752) - A use-after-free error exists related to 'XMLSerializer' and 'serializeToStream'. (CVE-2013-0753) - A use-after-free error exists related to garbage collection and 'ListenManager'. (CVE-2013-0754) - A use-after-free error exists related to the 'Vibrate' library and 'domDoc'. (CVE-2013-0755) - A use-after-free error exists related to JavaScript 'Proxy' objects. (CVE-2013-0756) - 'Chrome Object Wrappers' (COW) can be bypassed by changing object prototypes and can allow arbitrary code execution. (CVE-2013-0757) - An error related to SVG elements and plugins can allow privilege escalation. (CVE-2013-0758) - An error exists related to the address bar that can allow URL spoofing attacks. (CVE-2013-0759) - An error exists related to SSL and threading that can result in potentially exploitable crashes. (CVE-2013-0764) - An error exists related to 'Canvas' and bad height or width values passed to it from HTML. (CVE-2013-0768)
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 63554
    published 2013-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63554
    title SeaMonkey < 2.15 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-17.NASL
    description The Mozilla January 8th 2013 security release contains updates : Mozilla Firefox was updated to version 18.0. Mozilla SeaMonkey was updated to version 2.15. Mozilla Thunderbird was updated to version 17.0.2. Mozilla XULRunner was updated to version 17.0.2. - MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 Miscellaneous memory safety hazards - MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-20 13-0767 CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 Use-after-free and buffer overflow issues found using Address Sanitizer - MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow in Canvas - MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in addressbar during page loads - MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free when displaying table with many columns and column groups - MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are shared across iframes - MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to handling of SSL on threads - MFSA 2013-08/CVE-2013-0745 (bmo#794158) AutoWrapperChanger fails to keep objects alive during garbage collection - MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment mismatch with quickstubs returned values - MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event manipulation in plugin handler to bypass same-origin policy - MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space layout leaked in XBL objects - MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow in JavaScript string concatenation - MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption in XBL with XML bindings containing SVG - MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object Wrapper (COW) bypass through changing prototype - MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege escalation through plugin objects - MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free in serializeToStream - MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free in ListenerManager - MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free in Vibrate - MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free in JavaScript Proxy objects Mozilla NSPR was updated to 4.9.4, containing some small bugfixes and new features. Mozilla NSS was updated to 3.14.1 containing various new features, security fix and bugfixes : - MFSA 2013-20/CVE-2013-0743 (bmo#825022, bnc#796628) revoke mis-issued intermediate certificates from TURKTRUST Cryptographic changes done : - Support for TLS 1.1 (RFC 4346) - Experimental support for DTLS 1.0 (RFC 4347) and DTLS-SRTP (RFC 5764) - Support for AES-CTR, AES-CTS, and AES-GCM - Support for Keying Material Exporters for TLS (RFC 5705) - Support for certificate signatures using the MD5 hash algorithm is now disabled by default - The NSS license has changed to MPL 2.0. Previous releases were released under a MPL 1.1/GPL 2.0/LGPL 2.1 tri-license. For more information about MPL 2.0, please see http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional explanation on GPL/LGPL compatibility, see security/nss/COPYING in the source code. - Export and DES cipher suites are disabled by default. Non-ECC AES and Triple DES cipher suites are enabled by default Please see http://www.mozilla.org/security/announce/ for more information.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 74918
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74918
    title openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0144.NASL
    description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769) A flaw was found in the way Chrome Object Wrappers were implemented. Malicious content could be used to cause Firefox to execute arbitrary code via plug-ins installed in Firefox. (CVE-2013-0758) A flaw in the way Firefox displayed URL values in the address bar could allow a malicious site or user to perform a phishing attack. (CVE-2013-0759) An information disclosure flaw was found in the way certain JavaScript functions were implemented in Firefox. An attacker could use this flaw to bypass Address Space Layout Randomization (ASLR) and other security restrictions. (CVE-2013-0748) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.12 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt, regenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse Ruderman as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.12 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 63445
    published 2013-01-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63445
    title RHEL 5 / 6 : firefox (RHSA-2013:0144)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0145.NASL
    description From Red Hat Security Advisory 2013:0145 : An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769) A flaw was found in the way Chrome Object Wrappers were implemented. Malicious content could be used to cause Thunderbird to execute arbitrary code via plug-ins installed in Thunderbird. (CVE-2013-0758) A flaw in the way Thunderbird displayed URL values could allow malicious content or a user to perform a phishing attack. (CVE-2013-0759) An information disclosure flaw was found in the way certain JavaScript functions were implemented in Thunderbird. An attacker could use this flaw to bypass Address Space Layout Randomization (ASLR) and other security restrictions. (CVE-2013-0748) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt, regenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse Ruderman as the original reporters of these issues. Note: All issues except CVE-2013-0744, CVE-2013-0753, and CVE-2013-0754 cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.12 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68708
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68708
    title Oracle Linux 6 : thunderbird (ELSA-2013-0145)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0144.NASL
    description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769) A flaw was found in the way Chrome Object Wrappers were implemented. Malicious content could be used to cause Firefox to execute arbitrary code via plug-ins installed in Firefox. (CVE-2013-0758) A flaw in the way Firefox displayed URL values in the address bar could allow a malicious site or user to perform a phishing attack. (CVE-2013-0759) An information disclosure flaw was found in the way certain JavaScript functions were implemented in Firefox. An attacker could use this flaw to bypass Address Space Layout Randomization (ASLR) and other security restrictions. (CVE-2013-0748) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.12 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt, regenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse Ruderman as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.12 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 63431
    published 2013-01-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63431
    title CentOS 5 / 6 : firefox / xulrunner (CESA-2013:0144)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_A4ED66325AA911E28FCBC8600054B392.NASL
    description The Mozilla Project reports : MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2) MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer MFSA 2013-03 Buffer Overflow in Canvas MFSA 2013-04 URL spoofing in addressbar during page loads MFSA 2013-05 Use-after-free when displaying table with many columns and column groups MFSA 2013-06 Touch events are shared across iframes MFSA 2013-07 Crash due to handling of SSL on threads MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection MFSA 2013-09 Compartment mismatch with quickstubs returned values MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy MFSA 2013-11 Address space layout leaked in XBL objects MFSA 2013-12 Buffer overflow in JavaScript string concatenation MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype MFSA 2013-15 Privilege escalation through plugin objects MFSA 2013-16 Use-after-free in serializeToStream MFSA 2013-17 Use-after-free in ListenerManager MFSA 2013-18 Use-after-free in Vibrate MFSA 2013-19 Use-after-free in JavaScript Proxy objects MFSA 2013-20 Mis-issued TURKTRUST certificates
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 63463
    published 2013-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63463
    title FreeBSD : mozilla -- multiple vulnerabilities (a4ed6632-5aa9-11e2-8fcb-c8600054b392)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_18_0.NASL
    description The installed version of Firefox is earlier than 18.0 and thus, is potentially affected by the following security issues : - Multiple unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. (CVE-2012-5829, CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771) - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to the 'AutoWrapperChanger' class that does not properly manage objects during garbage collection. (CVE-2012-0745) - An error exists related to 'jsval', 'quickstubs', and compartmental mismatches that can lead to potentially exploitable crashes. (CVE-2013-0746) - Errors exist related to events in the plugin handler that can allow same-origin policy bypass. (CVE-2013-0747) - An error related to the 'toString' method of XBL objects can lead to address information leakage. (CVE-2013-0748) - An unspecified memory corruption issue exists. (CVE-2013-0749, CVE-2013-0769, CVE-2013-0770) - A buffer overflow exists related to JavaScript string concatenation. (CVE-2013-0750) - An error exists related to multiple XML bindings with SVG content, contained in XBL files. (CVE-2013-0752) - A use-after-free error exists related to 'XMLSerializer' and 'serializeToStream'. (CVE-2013-0753) - A use-after-free error exists related to garbage collection and 'ListenManager'. (CVE-2013-0754) - A use-after-free error exists related to the 'Vibrate' library and 'domDoc'. (CVE-2013-0755) - A use-after-free error exists related to JavaScript 'Proxy' objects. (CVE-2013-0756) - 'Chrome Object Wrappers' (COW) can be bypassed by changing object prototypes and can allow arbitrary code execution. (CVE-2013-0757) - An error related to SVG elements and plugins can allow privilege escalation. (CVE-2013-0758) - An error exists related to the address bar that can allow URL spoofing attacks. (CVE-2013-0759) - An error exists related to SSL and threading that can result in potentially exploitable crashes. (CVE-2013-0764) - An error exists related to 'Canvas' and bad height or width values passed to it from HTML. (CVE-2013-0768)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 63545
    published 2013-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63545
    title Firefox < 18.0 Multiple Vulnerabilities (Mac OS X)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1681-3.NASL
    description USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, some translations became unusable after upgrading. This update fixes the problem. We apologize for the inconvenience. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, and Julian Seward discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0769, CVE-2013-0749, CVE-2013-0770) Abhishek Arya discovered several user-after-free and buffer overflows in Firefox. An attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771, CVE-2012-5829) A stack buffer was discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0768) Masato Kinugawa discovered that Firefox did not always properly display URL values in the address bar. A remote attacker could exploit this to conduct URL spoofing and phishing attacks. (CVE-2013-0759) Atte Kettunen discovered that Firefox did not properly handle HTML tables with a large number of columns and column groups. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0744) Jerry Baker discovered that Firefox did not always properly handle threading when performing downloads over SSL connections. An attacker could exploit this to cause a denial of service via application crash. (CVE-2013-0764) Olli Pettay and Boris Zbarsky discovered flaws in the Javacript engine of Firefox. An attacker could cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0745, CVE-2013-0746) Jesse Ruderman discovered a flaw in the way Firefox handled plugins. If a user were tricked into opening a specially crafted page, a remote attacker could exploit this to bypass security protections to conduct clickjacking attacks. (CVE-2013-0747) Jesse Ruderman discovered an information leak in Firefox. An attacker could exploit this to reveal memory address layout which could help in bypassing ASLR protections. (CVE-2013-0748) An integer overflow was discovered in the JavaScript engine, leading to a heap-based buffer overflow. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2013-0750) Sviatoslav Chagaev discovered that Firefox did not properly handle XBL files with multiple XML bindings with SVG content. An attacker could cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0752) Mariusz Mlynski discovered two flaws to gain access to privileged chrome functions. An attacker could possibly exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2013-0757, CVE-2013-0758) Several use-after-free issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2013-0753, CVE-2013-0754, CVE-2013-0755, CVE-2013-0756) Two intermediate CA certificates were mis-issued by the TURKTRUST certificate authority. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2013-0743). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 63665
    published 2013-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63665
    title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1681-3)
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_1702.NASL
    description The installed version of Thunderbird is earlier than 17.0.2 and thus, is potentially affected by the following security issues : - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to the 'AutoWrapperChanger' class that does not properly manage objects during garbage collection. (CVE-2012-0745) - An error exists related to 'jsval', 'quickstubs', and compartmental mismatches that could lead to potentially exploitable crashes. (CVE-2013-0746) - Errors exist related to events in the plugin handler that could allow same-origin policy bypass. (CVE-2013-0747) - An error related to the 'toString' method of XBL objects could lead to address information leakage. (CVE-2013-0748) - An unspecified memory corruption issue exists. (CVE-2013-0749, CVE-2013-0769) - A buffer overflow exists related to JavaScript string concatenation. (CVE-2013-0750) - An error exists related to multiple XML bindings with SVG content, contained in XBL files. (CVE-2013-0752) - A use-after-free error exists related to 'XMLSerializer' and 'serializeToStream'. (CVE-2013-0753) - A use-after-free error exists related to garbage collection and 'ListenManager'. (CVE-2013-0754) - A use-after-free error exists related to the 'Vibrate' library and 'domDoc'. (CVE-2013-0755) - A use-after-free error exists related to JavaScript 'Proxy' objects. (CVE-2013-0756) - 'Chrome Object Wrappers' (COW) can be bypassed by changing object prototypes, which could allow arbitrary code execution. (CVE-2013-0757) - An error related to SVG elements and plugins could allow privilege escalation. (CVE-2013-0758) - An error exists related to the address bar that could allow URL spoofing attacks. (CVE-2013-0759) - Multiple, unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. (CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771) - An error exists related to SSL and threading that could result in potentially exploitable crashes. (CVE-2013-0764) - An error exists related to 'Canvas' and bad height or width values passed to it from HTML. (CVE-2013-0768)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 63553
    published 2013-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63553
    title Mozilla Thunderbird < 17.0.2 Multiple Vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130108_FIREFOX_ON_SL5_X.NASL
    description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769) A flaw was found in the way Chrome Object Wrappers were implemented. Malicious content could be used to cause Firefox to execute arbitrary code via plug-ins installed in Firefox. (CVE-2013-0758) A flaw in the way Firefox displayed URL values in the address bar could allow a malicious site or user to perform a phishing attack. (CVE-2013-0759) An information disclosure flaw was found in the way certain JavaScript functions were implemented in Firefox. An attacker could use this flaw to bypass Address Space Layout Randomization (ASLR) and other security restrictions. (CVE-2013-0748) After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 63471
    published 2013-01-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63471
    title Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_180.NASL
    description The installed version of Firefox is earlier than 18.0 and thus, is potentially affected by the following security issues : - Multiple, unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. (CVE-2012-5829, CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771) - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to the 'AutoWrapperChanger' class that does not properly manage objects during garbage collection. (CVE-2012-0745) - An error exists related to 'jsval', 'quickstubs', and compartmental mismatches that can lead potentially exploitable crashes. (CVE-2013-0746) - Errors exist related to events in the plugin handler that can allow same-origin policy bypass. (CVE-2013-0747) - An error related to the 'toString' method of XBL objects can lead to address information leakage. (CVE-2013-0748) - An unspecified memory corruption issue exists. (CVE-2013-0749, CVE-2013-0769, CVE-2013-0770) - A buffer overflow exists related to JavaScript string concatenation. (CVE-2013-0750) - An error exists related to multiple XML bindings with SVG content, contained in XBL files. (CVE-2013-0752) - A use-after-free error exists related to 'XMLSerializer' and 'serializeToStream'. (CVE-2013-0753) - A use-after-free error exists related to garbage collection and 'ListenManager'. (CVE-2013-0754) - A use-after-free error exists related to the 'Vibrate' library and 'domDoc'. (CVE-2013-0755) - A use-after-free error exists related to JavaScript 'Proxy' objects. (CVE-2013-0756) - 'Chrome Object Wrappers' (COW) can be bypassed by changing object prototypes and can allow arbitrary code execution. (CVE-2013-0757) - An error related to SVG elements and plugins can allow privilege escalation. (CVE-2013-0758) - An error exists related to the address bar that can allow URL spoofing attacks. (CVE-2013-0759) - An error exists related to SSL and threading that can result in potentially exploitable crashes. (CVE-2013-0764) - An error exists related to 'Canvas' and bad height or width values passed to it from HTML. (CVE-2013-0768)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 63551
    published 2013-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63551
    title Firefox < 18.0 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FIREFOX-201301-8426.NASL
    description Mozilla Firefox was updated to the 10.0.12ESR release. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2013-01) o Christoph Diehl, Christian Holler, Mats Palmgren, and Chiaki Ishikawa reported memory safety problems and crashes that affect Firefox ESR 10, Firefox ESR 17, and Firefox 17. (CVE-2013-0769) o Bill Gianopoulos, Benoit Jacob, Christoph Diehl, Christian Holler, Gary Kwong, Robert O'Callahan, and Scoobidiver reported memory safety problems and crashes that affect Firefox ESR 17 and Firefox 17. (CVE-2013-0749) o Jesse Ruderman, Christian Holler, Julian Seward, and Scoobidiver reported memory safety problems and crashes that affect Firefox 17. (CVE-2013-0770) - Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free, out of bounds read, and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting three additional user-after-free and out of bounds read flaws introduced during Firefox development that were fixed before general release. (MFSA 2013-02) The following issue was fixed in Firefox 18 : o Global-buffer-overflow in CharDistributionAnalysis::HandleOneChar. (CVE-2013-0760) The following issues were fixed in Firefox 18, ESR 17.0.1, and ESR 10.0.12 : o Heap-use-after-free in imgRequest::OnStopFrame (CVE-2013-0762) o Heap-use-after-free in ~nsHTMLEditRules (CVE-2013-0766) o Out of bounds read in nsSVGPathElement::GetPathLengthScale. (CVE-2013-0767) The following issues were fixed in Firefox 18 and ESR 17.0.1 : o Heap-use-after-free in mozilla::TrackUnionStream::EndTrack (CVE-2013-0761) o Heap-use-after-free in Mesa, triggerable by resizing a WebGL canvas (CVE-2013-0763) o Heap-buffer-overflow in gfxTextRun::ShrinkToLigatureBoundaries. (CVE-2013-0771) The following issue was fixed in Firefox 18 and in the earlier ESR 10.0.11 release : o Heap-buffer-overflow in nsWindow::OnExposeEvent. (CVE-2012-5829) - Security researcher miaubiz used the Address Sanitizer tool to discover a buffer overflow in Canvas when specific bad height and width values were given through HTML. This could lead to a potentially exploitable crash. (CVE-2013-0768). (MFSA 2013-03) Miaubiz also found a potentially exploitable crash when 2D and 3D content was mixed which was introduced during Firefox development and fixed before general release. - Security researcher Masato Kinugawa found a flaw in which the displayed URL values within the addressbar can be spoofed by a page during loading. This allows for phishing attacks where a malicious page can spoof the identify of another site. (CVE-2013-0759). (MFSA 2013-04) - Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered that the combination of large numbers of columns and column groups in a table could cause the array containing the columns during rendering to overwrite itself. This can lead to a user-after-free causing a potentially exploitable crash. (CVE-2013-0744). (MFSA 2013-05) - Mozilla developer Wesley Johnston reported that when there are two or more iframes on the same HTML page, an iframe is able to see the touch events and their targets that occur within the other iframes on the page. If the iframes are from the same origin, they can also access the properties and methods of the targets of other iframes but same-origin policy (SOP) restricts access across domains. This allows for information leakage and possibilities for cross-site scripting (XSS) if another vulnerability can be used to get around SOP restrictions. (CVE-2013-0751). (MFSA 2013-06) - Mozilla community member Jerry Baker reported a crashing issue found through Thunderbird when downloading messages over a Secure Sockets Layer (SSL) connection. This was caused by a bug in the networking code assuming that secure connections were entirely handled on the socket transport thread when they can occur on a variety of threads. The resulting crash was potentially exploitable. (CVE-2013-0764). (MFSA 2013-07) - Mozilla developer Olli Pettay discovered that the AutoWrapperChanger class fails to keep some JavaScript objects alive during garbage collection. This can lead to an exploitable crash allowing for arbitrary code execution. (CVE-2013-0745). (MFSA 2013-08) - Mozilla developer Boris Zbarsky reported reported a problem where jsval-returning quickstubs fail to wrap their return values, causing a compartment mismatch. This mismatch can cause garbage collection to occur incorrectly and lead to a potentially exploitable crash. (CVE-2013-0746). (MFSA 2013-09) - Mozilla security researcher Jesse Ruderman reported that events in the plugin handler can be manipulated by web content to bypass same-origin policy (SOP) restrictions. This can allow for clickjacking on malicious web pages. (CVE-2013-0747). (MFSA 2013-10) - Mozilla security researcher Jesse Ruderman discovered that using the toString function of XBL objects can lead to inappropriate information leakage by revealing the address space layout instead of just the ID of the object. This layout information could potentially be used to bypass ASLR and other security protections. (CVE-2013-0748). (MFSA 2013-11) - Security researcher pa_kt reported a flaw via TippingPoint's Zero Day Initiative that an integer overflow is possible when calculating the length for a JavaScript string concatenation, which is then used for memory allocation. This results in a buffer overflow, leading to a potentially exploitable memory corruption. (CVE-2013-0750). (MFSA 2013-12) - Security researcher Sviatoslav Chagaev reported that when using an XBL file containing multiple XML bindings with SVG content, a memory corruption can occur. In concern with remote XUL, this can lead to an exploitable crash. (CVE-2013-0752). (MFSA 2013-13) - Security researcher Mariusz Mlynski reported that it is possible to change the prototype of an object and bypass Chrome Object Wrappers (COW) to gain access to chrome privileged functions. This could allow for arbitrary code execution. (CVE-2013-0757). (MFSA 2013-14) - Security researcher Mariusz Mlynski reported that it is possible to open a chrome privileged web page through plugin objects through interaction with SVG elements. This could allow for arbitrary code execution. (CVE-2013-0758). (MFSA 2013-15) - Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free in XMLSerializer by the exposing of serializeToStream to web content. This can lead to arbitrary code execution when exploited. (CVE-2013-0753). (MFSA 2013-16) - Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free within the ListenerManager when garbage collection is forced after data in listener objects have been allocated in some circumstances. This results in a use-after-free which can lead to arbitrary code execution. (CVE-2013-0754). (MFSA 2013-17) - Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free using the domDoc pointer within Vibrate library. This can lead to arbitrary code execution when exploited. (CVE-2013-0755). (MFSA 2013-18) - Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a garbage collection flaw in JavaScript Proxy objects. This can lead to a use-after-free leading to arbitrary code execution. (CVE-2013-0756). (MFSA 2013-19) - Google reported to Mozilla that TURKTRUST, a certificate authority in Mozilla's root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle (MITM) traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates. (CVE-2013-0743). (MFSA 2013-20)
    last seen 2019-02-21
    modified 2014-05-22
    plugin id 63626
    published 2013-01-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63626
    title SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 8426)
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_10012.NASL
    description The installed version of Thunderbird 10.x is potentially affected by the following security issues : - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to 'jsval', 'quickstubs', and compartmental mismatches that could lead to potentially exploitable crashes. (CVE-2013-0746) - An error related to the 'toString' method of XBL objects could lead to address information leakage. (CVE-2013-0748) - A buffer overflow exists related to JavaScript string concatenation. (CVE-2013-0750) - A use-after-free error exists related to 'XMLSerializer' and 'serializeToStream'. (CVE-2013-0753) - A use-after-free error exists related to garbage collection and 'ListenManager'. (CVE-2013-0754) - An error related to SVG elements and plugins could allow privilege escalation. (CVE-2013-0758) - An error exists related to the address bar that could allow URL spoofing attacks. (CVE-2013-0759) - Multiple, unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. (CVE-2013-0762, CVE-2013-0766, CVE-2013-0767) - An unspecified memory corruption issue exists. (CVE-2013-0769) Please note the 10.x ESR branch will no longer be supported as of 02/13/2013. Only the 17.x ESR branch will receive security updates after that date.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 63552
    published 2013-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63552
    title Mozilla Thunderbird 10.x < 10.0.12 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_10_0_12.NASL
    description The installed version of Firefox is earlier than 10.0.12 and thus, is potentially affected by the following security issues : - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to 'jsval', 'quickstubs', and compartmental mismatches that could lead to potentially exploitable crashes. (CVE-2013-0746) - An error related to the 'toString' method of XBL objects could lead to address information leakage. (CVE-2013-0748) - A buffer overflow exists related to JavaScript string concatenation. (CVE-2013-0750) - A use-after-free error exists related to 'XMLSerializer' and 'serializeToStream'. (CVE-2013-0753) - A use-after-free error exists related to garbage collection and 'ListenManager'. (CVE-2013-0754) - An error related to SVG elements and plugins could allow privilege escalation. (CVE-2013-0758) - An error exists related to the address bar that could allow URL spoofing attacks. (CVE-2013-0759) - Multiple, unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. (CVE-2013-0762, CVE-2013-0766, CVE-2013-0767) - An unspecified memory corruption issue exists. (CVE-2013-0769) Please note the 10.x ESR branch will no longer be supported as of 02/13/2013. Only the 17.x ESR branch will receive security updates after that date.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 63542
    published 2013-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63542
    title Firefox < 10.0.12 Multiple Vulnerabilities (Mac OS X)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0144.NASL
    description From Red Hat Security Advisory 2013:0144 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769) A flaw was found in the way Chrome Object Wrappers were implemented. Malicious content could be used to cause Firefox to execute arbitrary code via plug-ins installed in Firefox. (CVE-2013-0758) A flaw in the way Firefox displayed URL values in the address bar could allow a malicious site or user to perform a phishing attack. (CVE-2013-0759) An information disclosure flaw was found in the way certain JavaScript functions were implemented in Firefox. An attacker could use this flaw to bypass Address Space Layout Randomization (ASLR) and other security restrictions. (CVE-2013-0748) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.12 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt, regenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse Ruderman as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.12 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68707
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68707
    title Oracle Linux 5 / 6 : firefox (ELSA-2013-0144)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130108_THUNDERBIRD_ON_SL5_X.NASL
    description Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769) A flaw was found in the way Chrome Object Wrappers were implemented. Malicious content could be used to cause Thunderbird to execute arbitrary code via plug- ins installed in Thunderbird. (CVE-2013-0758) A flaw in the way Thunderbird displayed URL values could allow malicious content or a user to perform a phishing attack. (CVE-2013-0759) An information disclosure flaw was found in the way certain JavaScript functions were implemented in Thunderbird. An attacker could use this flaw to bypass Address Space Layout Randomization (ASLR) and other security restrictions. (CVE-2013-0748) Note: All issues except CVE-2013-0744, CVE-2013-0753, and CVE-2013-0754 cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 63472
    published 2013-01-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63472
    title Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1681-2.NASL
    description USN-1681-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, and Julian Seward discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0769, CVE-2013-0749, CVE-2013-0770) Abhishek Arya discovered several user-after-free and buffer overflows in Firefox. An attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771, CVE-2012-5829) A stack buffer was discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0768) Masato Kinugawa discovered that Firefox did not always properly display URL values in the address bar. A remote attacker could exploit this to conduct URL spoofing and phishing attacks. (CVE-2013-0759) Atte Kettunen discovered that Firefox did not properly handle HTML tables with a large number of columns and column groups. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0744) Jerry Baker discovered that Firefox did not always properly handle threading when performing downloads over SSL connections. An attacker could exploit this to cause a denial of service via application crash. (CVE-2013-0764) Olli Pettay and Boris Zbarsky discovered flaws in the Javacript engine of Firefox. An attacker could cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0745, CVE-2013-0746) Jesse Ruderman discovered a flaw in the way Firefox handled plugins. If a user were tricked into opening a specially crafted page, a remote attacker could exploit this to bypass security protections to conduct clickjacking attacks. (CVE-2013-0747) Jesse Ruderman discovered an information leak in Firefox. An attacker could exploit this to reveal memory address layout which could help in bypassing ASLR protections. (CVE-2013-0748) An integer overflow was discovered in the JavaScript engine, leading to a heap-based buffer overflow. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2013-0750) Sviatoslav Chagaev discovered that Firefox did not properly handle XBL files with multiple XML bindings with SVG content. An attacker could cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0752) Mariusz Mlynski discovered two flaws to gain access to privileged chrome functions. An attacker could possibly exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2013-0757, CVE-2013-0758) Several use-after-free issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2013-0753, CVE-2013-0754, CVE-2013-0755, CVE-2013-0756) Two intermediate CA certificates were mis-issued by the TURKTRUST certificate authority. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2013-0743). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 63448
    published 2013-01-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63448
    title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1681-2)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1681-1.NASL
    description Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, and Julian Seward discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0769, CVE-2013-0749, CVE-2013-0770) Abhishek Arya discovered several user-after-free and buffer overflows in Firefox. An attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771, CVE-2012-5829) A stack buffer was discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0768) Masato Kinugawa discovered that Firefox did not always properly display URL values in the address bar. A remote attacker could exploit this to conduct URL spoofing and phishing attacks. (CVE-2013-0759) Atte Kettunen discovered that Firefox did not properly handle HTML tables with a large number of columns and column groups. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0744) Jerry Baker discovered that Firefox did not always properly handle threading when performing downloads over SSL connections. An attacker could exploit this to cause a denial of service via application crash. (CVE-2013-0764) Olli Pettay and Boris Zbarsky discovered flaws in the Javacript engine of Firefox. An attacker could cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0745, CVE-2013-0746) Jesse Ruderman discovered a flaw in the way Firefox handled plugins. If a user were tricked into opening a specially crafted page, a remote attacker could exploit this to bypass security protections to conduct clickjacking attacks. (CVE-2013-0747) Jesse Ruderman discovered an information leak in Firefox. An attacker could exploit this to reveal memory address layout which could help in bypassing ASLR protections. (CVE-2013-0748) An integer overflow was discovered in the JavaScript engine, leading to a heap-based buffer overflow. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2013-0750) Sviatoslav Chagaev discovered that Firefox did not properly handle XBL files with multiple XML bindings with SVG content. An attacker could cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0752) Mariusz Mlynski discovered two flaws to gain access to privileged chrome functions. An attacker could possibly exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2013-0757, CVE-2013-0758) Several use-after-free issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2013-0753, CVE-2013-0754, CVE-2013-0755, CVE-2013-0756) Two intermediate CA certificates were mis-issued by the TURKTRUST certificate authority. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2013-0743). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 63447
    published 2013-01-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63447
    title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1681-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_THUNDERBIRD_17_0_2.NASL
    description The installed version of Thunderbird is earlier than 17.0.2 and thus, is potentially affected by the following security issues : - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. (CVE-2013-0743) - A use-after-free error exists related to displaying HTML tables with many columns and column groups. (CVE-2013-0744) - An error exists related to the 'AutoWrapperChanger' class that does not properly manage objects during garbage collection. (CVE-2012-0745) - An error exists related to 'jsval', 'quickstubs', and compartmental mismatches that could lead to potentially exploitable crashes. (CVE-2013-0746) - Errors exist related to events in the plugin handler that could allow same-origin policy bypass. (CVE-2013-0747) - An error related to the 'toString' method of XBL objects could lead to address information leakage. (CVE-2013-0748) - Unspecified memory corruption issues exist. (CVE-2013-0749, CVE-2013-0769) - A buffer overflow exists related to JavaScript string concatenation. (CVE-2013-0750) - An error exists related to multiple XML bindings with SVG content, contained in XBL files. (CVE-2013-0752) - A use-after-free error exists related to 'XMLSerializer' and 'serializeToStream'. (CVE-2013-0753) - A use-after-free error exists related to garbage collection and 'ListenManager'. (CVE-2013-0754) - A use-after-free error exists related to the 'Vibrate' library and 'domDoc'. (CVE-2013-0755) - A use-after-free error exists related to JavaScript 'Proxy' objects. (CVE-2013-0756) - 'Chrome Object Wrappers' (COW) can be bypassed by changing object prototypes, which could allow arbitrary code execution. (CVE-2013-0757) - An error related to SVG elements and plugins could allow privilege escalation. (CVE-2013-0758) - An error exists related to the address bar that could allow URL spoofing attacks. (CVE-2013-0759) - Multiple, unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. (CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771) - An error exists related to SSL and threading that could result in potentially exploitable crashes. (CVE-2013-0764) - An error exists related to 'Canvas' and bad height or width values passed to it from HTML. (CVE-2013-0768)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 63547
    published 2013-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63547
    title Thunderbird < 17.0.2 Multiple Vulnerabilities (Mac OS X)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0145.NASL
    description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769) A flaw was found in the way Chrome Object Wrappers were implemented. Malicious content could be used to cause Thunderbird to execute arbitrary code via plug-ins installed in Thunderbird. (CVE-2013-0758) A flaw in the way Thunderbird displayed URL values could allow malicious content or a user to perform a phishing attack. (CVE-2013-0759) An information disclosure flaw was found in the way certain JavaScript functions were implemented in Thunderbird. An attacker could use this flaw to bypass Address Space Layout Randomization (ASLR) and other security restrictions. (CVE-2013-0748) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt, regenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse Ruderman as the original reporters of these issues. Note: All issues except CVE-2013-0744, CVE-2013-0753, and CVE-2013-0754 cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.12 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 63446
    published 2013-01-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63446
    title RHEL 5 / 6 : thunderbird (RHSA-2013:0145)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2013-0306-1.NASL
    description Mozilla Firefox is updated to the 10.0.12ESR version. This is a roll-up update for LTSS. It fixes a lot of security issues and bugs. 10.0.12ESR fixes specifically : MFSA 2013-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Christoph Diehl, Christian Holler, Mats Palmgren, and Chiaki Ishikawa reported memory safety problems and crashes that affect Firefox ESR 10, Firefox ESR 17, and Firefox 17. (CVE-2013-0769) Bill Gianopoulos, Benoit Jacob, Christoph Diehl, Christian Holler, Gary Kwong, Robert O'Callahan, and Scoobidiver reported memory safety problems and crashes that affect Firefox ESR 17 and Firefox 17. (CVE-2013-0749) Jesse Ruderman, Christian Holler, Julian Seward, and Scoobidiver reported memory safety problems and crashes that affect Firefox 17. (CVE-2013-0770) MFSA 2013-02: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free, out of bounds read, and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting three additional user-after-free and out of bounds read flaws introduced during Firefox development that were fixed before general release. The following issue has been fixed in Firefox 18 : - Global-buffer-overflow in CharDistributionAnalysis::HandleOneChar (CVE-2013-0760) The following issues has been fixed in Firefox 18, ESR 17.0.1, and ESR 10.0.12 : - Heap-use-after-free in imgRequest::OnStopFrame (CVE-2013-0762) - Heap-use-after-free in ~nsHTMLEditRules (CVE-2013-0766) - Out of bounds read in nsSVGPathElement::GetPathLengthScale (CVE-2013-0763) - Heap-buffer-overflow in gfxTextRun::ShrinkToLigatureBoundaries (CVE-2013-0771) The following issue has been fixed in Firefox 18 and in the earlier ESR 10.0.11 release : - Heap-buffer-overflow in nsWindow::OnExposeEvent (CVE-2012-5829) MFSA 2013-03: Security researcher miaubiz used the Address Sanitizer tool to discover a buffer overflow in Canvas when specific bad height and width values were given through HTML. This could lead to a potentially exploitable crash. (CVE-2013-0768) Miaubiz also found a potentially exploitable crash when 2D and 3D content was mixed which was introduced during Firefox development and fixed before general release. MFSA 2013-04: Security researcher Masato Kinugawa found a flaw in which the displayed URL values within the addressbar can be spoofed by a page during loading. This allows for phishing attacks where a malicious page can spoof the identify of another site. (CVE-2013-0759) MFSA 2013-05: Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered that the combination of large numbers of columns and column groups in a table could cause the array containing the columns during rendering to overwrite itself. This can lead to a user-after-free causing a potentially exploitable crash. (CVE-2013-0744) MFSA 2013-06: Mozilla developer Wesley Johnston reported that when there are two or more iframes on the same HTML page, an iframe is able to see the touch events and their targets that occur within the other iframes on the page. If the iframes are from the same origin, they can also access the properties and methods of the targets of other iframes but same-origin policy (SOP) restricts access across domains. This allows for information leakage and possibilities for cross-site scripting (XSS) if another vulnerability can be used to get around SOP restrictions. (CVE-2013-0751) MFSA 2013-07: Mozilla community member Jerry Baker reported a crashing issue found through Thunderbird when downloading messages over a Secure Sockets Layer (SSL) connection. This was caused by a bug in the networking code assuming that secure connections were entirely handled on the socket transport thread when they can occur on a variety of threads. The resulting crash was potentially exploitable. (CVE-2013-0764) MFSA 2013-08: Mozilla developer Olli Pettay discovered that the AutoWrapperChanger class fails to keep some JavaScript objects alive during garbage collection. This can lead to an exploitable crash allowing for arbitrary code execution. (CVE-2013-0745) MFSA 2013-09: Mozilla developer Boris Zbarsky reported reported a problem where jsval-returning quickstubs fail to wrap their return values, causing a compartment mismatch. This mismatch can cause garbage collection to occur incorrectly and lead to a potentially exploitable crash. (CVE-2013-0746) MFSA 2013-10: Mozilla security researcher Jesse Ruderman reported that events in the plugin handler can be manipulated by web content to bypass same-origin policy (SOP) restrictions. This can allow for clickjacking on malicious web pages. (CVE-2013-0747) MFSA 2013-11: Mozilla security researcher Jesse Ruderman discovered that using the toString function of XBL objects can lead to inappropriate information leakage by revealing the address space layout instead of just the ID of the object. This layout information could potentially be used to bypass ASLR and other security protections. (CVE-2013-0748) MFSA 2013-12: Security researcher pa_kt reported a flaw via TippingPoint's Zero Day Initiative that an integer overflow is possible when calculating the length for a JavaScript string concatenation, which is then used for memory allocation. This results in a buffer overflow, leading to a potentially exploitable memory corruption. (CVE-2013-0750) MFSA 2013-13: Security researcher Sviatoslav Chagaev reported that when using an XBL file containing multiple XML bindings with SVG content, a memory corruption can occur. In concern with remote XUL, this can lead to an exploitable crash. (CVE-2013-0752) MFSA 2013-14: Security researcher Mariusz Mlynski reported that it is possible to change the prototype of an object and bypass Chrome Object Wrappers (COW) to gain access to chrome privileged functions. This could allow for arbitrary code execution. (CVE-2013-0757) MFSA 2013-15: Security researcher Mariusz Mlynski reported that it is possible to open a chrome privileged web page through plugin objects through interaction with SVG elements. This could allow for arbitrary code execution. (CVE-2013-0758) MFSA 2013-16: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free in XMLSerializer by the exposing of serializeToStream to web content. This can lead to arbitrary code execution when exploited. (CVE-2013-0753) MFSA 2013-17: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free within the ListenerManager when garbage collection is forced after data in listener objects have been allocated in some circumstances. This results in a use-after-free which can lead to arbitrary code execution. (CVE-2013-0754) MFSA 2013-18: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free using the domDoc pointer within Vibrate library. This can lead to arbitrary code execution when exploited. (CVE-2013-0755) MFSA 2013-19: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a garbage collection flaw in JavaScript Proxy objects. This can lead to a use-after-free leading to arbitrary code execution. (CVE-2013-0756) MFSA 2013-20: Google reported to Mozilla that TURKTRUST, a certificate authority in Mozilla's root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle (MITM) traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates. (CVE-2013-0743) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-19
    plugin id 83574
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83574
    title SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2013:0306-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1681-4.NASL
    description USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, Firefox suffered from instabilities when accessing some websites. This update fixes the problem. We apologize for the inconvenience. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, and Julian Seward discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0769, CVE-2013-0749, CVE-2013-0770) Abhishek Arya discovered several user-after-free and buffer overflows in Firefox. An attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771, CVE-2012-5829) A stack buffer was discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0768) Masato Kinugawa discovered that Firefox did not always properly display URL values in the address bar. A remote attacker could exploit this to conduct URL spoofing and phishing attacks. (CVE-2013-0759) Atte Kettunen discovered that Firefox did not properly handle HTML tables with a large number of columns and column groups. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0744) Jerry Baker discovered that Firefox did not always properly handle threading when performing downloads over SSL connections. An attacker could exploit this to cause a denial of service via application crash. (CVE-2013-0764) Olli Pettay and Boris Zbarsky discovered flaws in the Javacript engine of Firefox. An attacker could cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0745, CVE-2013-0746) Jesse Ruderman discovered a flaw in the way Firefox handled plugins. If a user were tricked into opening a specially crafted page, a remote attacker could exploit this to bypass security protections to conduct clickjacking attacks. (CVE-2013-0747) Jesse Ruderman discovered an information leak in Firefox. An attacker could exploit this to reveal memory address layout which could help in bypassing ASLR protections. (CVE-2013-0748) An integer overflow was discovered in the JavaScript engine, leading to a heap-based buffer overflow. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2013-0750) Sviatoslav Chagaev discovered that Firefox did not properly handle XBL files with multiple XML bindings with SVG content. An attacker could cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0752) Mariusz Mlynski discovered two flaws to gain access to privileged chrome functions. An attacker could possibly exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2013-0757, CVE-2013-0758) Several use-after-free issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2013-0753, CVE-2013-0754, CVE-2013-0755, CVE-2013-0756) Two intermediate CA certificates were mis-issued by the TURKTRUST certificate authority. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2013-0743). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 64480
    published 2013-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64480
    title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1681-4)
oval via4
accepted 2014-10-06T04:01:56.765-04:00
class vulnerability
contributors
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Richard Helbing
    organization baramundi software
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
definition_extensions
  • comment Mozilla Seamonkey is installed
    oval oval:org.mitre.oval:def:6372
  • comment Mozilla Thunderbird Mainline release is installed
    oval oval:org.mitre.oval:def:22093
  • comment Mozilla Firefox Mainline release is installed
    oval oval:org.mitre.oval:def:22259
  • comment Mozilla Firefox ESR is installed
    oval oval:org.mitre.oval:def:22414
  • comment Mozilla Firefox ESR is installed
    oval oval:org.mitre.oval:def:22414
  • comment Mozilla Thunderbird ESR is installed
    oval oval:org.mitre.oval:def:22216
description Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the jsval data type for their return values, which allows remote attackers to execute arbitrary code or cause a denial of service (compartment mismatch and application crash) via crafted JavaScript code that is not properly handled during garbage collection.
family windows
id oval:org.mitre.oval:def:16570
status accepted
submitted 2013-05-13T10:26:26.748+04:00
title Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the jsval data type for their return values, which allows remote attackers to execute arbitrary code or cause a denial of service (compartment mismatch and application crash) via crafted JavaScript code that is not properly handled during garbage collection.
version 36
redhat via4
advisories
  • rhsa
    id RHSA-2013:0144
  • rhsa
    id RHSA-2013:0145
rpms
  • xulrunner-0:10.0.12-1.el6_3
  • xulrunner-devel-0:10.0.12-1.el6_3
  • firefox-0:10.0.12-1.el6_3
  • xulrunner-0:10.0.12-1.el5_9
  • xulrunner-devel-0:10.0.12-1.el5_9
  • firefox-0:10.0.12-1.el5_9
  • thunderbird-0:10.0.12-3.el6_3
  • thunderbird-0:10.0.12-3.el5_9
refmap via4
confirm
suse
  • SUSE-SU-2013:0048
  • SUSE-SU-2013:0049
  • openSUSE-SU-2013:0131
  • openSUSE-SU-2013:0149
ubuntu
  • USN-1681-1
  • USN-1681-2
  • USN-1681-4
Last major update 02-11-2013 - 23:30
Published 13-01-2013 - 15:55
Last modified 18-09-2017 - 21:35
Back to Top