ID CVE-2013-0780
Summary Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties.
References
Vulnerable Configurations
  • Mozilla Firefox 16.0.2
    cpe:2.3:a:mozilla:firefox:16.0.2
  • Mozilla Firefox 16.0.1
    cpe:2.3:a:mozilla:firefox:16.0.1
  • Mozilla Firefox 16.0
    cpe:2.3:a:mozilla:firefox:16.0
  • Mozilla Firefox 15.0.1
    cpe:2.3:a:mozilla:firefox:15.0.1
  • Mozilla Firefox 15.0
    cpe:2.3:a:mozilla:firefox:15.0
  • Mozilla Firefox 14.0.1
    cpe:2.3:a:mozilla:firefox:14.0.1
  • Mozilla Firefox 14.0
    cpe:2.3:a:mozilla:firefox:14.0
  • Mozilla Firefox 13.0.1
    cpe:2.3:a:mozilla:firefox:13.0.1
  • Mozilla Firefox 13.0
    cpe:2.3:a:mozilla:firefox:13.0
  • Mozilla Firefox 12.0 beta6
    cpe:2.3:a:mozilla:firefox:12.0:beta6
  • Mozilla Firefox 12.0
    cpe:2.3:a:mozilla:firefox:12.0
  • Mozilla Firefox 11.0
    cpe:2.3:a:mozilla:firefox:11.0
  • Mozilla Firefox 10.0.2
    cpe:2.3:a:mozilla:firefox:10.0.2
  • Mozilla Firefox 10.0.1
    cpe:2.3:a:mozilla:firefox:10.0.1
  • Mozilla Firefox 10.0
    cpe:2.3:a:mozilla:firefox:10.0
  • Mozilla Firefox 9.0.1
    cpe:2.3:a:mozilla:firefox:9.0.1
  • Mozilla Firefox 9.0
    cpe:2.3:a:mozilla:firefox:9.0
  • Mozilla Firefox 8.0
    cpe:2.3:a:mozilla:firefox:8.0
  • Mozilla Firefox 8.0.1
    cpe:2.3:a:mozilla:firefox:8.0.1
  • Mozilla Firefox 7.0.1
    cpe:2.3:a:mozilla:firefox:7.0.1
  • Mozilla Firefox 7.0
    cpe:2.3:a:mozilla:firefox:7.0
  • Mozilla Firefox 6.0.2
    cpe:2.3:a:mozilla:firefox:6.0.2
  • Mozilla Firefox 6.0.1
    cpe:2.3:a:mozilla:firefox:6.0.1
  • Mozilla Firefox 6.0
    cpe:2.3:a:mozilla:firefox:6.0
  • Mozilla Firefox 5.0.1
    cpe:2.3:a:mozilla:firefox:5.0.1
  • Mozilla Firefox 5.0
    cpe:2.3:a:mozilla:firefox:5.0
  • Mozilla Firefox 4.0 beta1
    cpe:2.3:a:mozilla:firefox:4.0:beta1
  • Mozilla Firefox 4.0 beta7
    cpe:2.3:a:mozilla:firefox:4.0:beta7
  • Mozilla Firefox 4.0 beta8
    cpe:2.3:a:mozilla:firefox:4.0:beta8
  • Mozilla Firefox 4.0 beta9
    cpe:2.3:a:mozilla:firefox:4.0:beta9
  • Mozilla Firefox 4.0 beta10
    cpe:2.3:a:mozilla:firefox:4.0:beta10
  • Mozilla Firefox 4.0 beta12
    cpe:2.3:a:mozilla:firefox:4.0:beta12
  • Mozilla Firefox 4.0 beta11
    cpe:2.3:a:mozilla:firefox:4.0:beta11
  • Mozilla Firefox 4.0
    cpe:2.3:a:mozilla:firefox:4.0
  • Mozilla Firefox 4.0.1
    cpe:2.3:a:mozilla:firefox:4.0.1
  • Mozilla Firefox 4.0 beta5
    cpe:2.3:a:mozilla:firefox:4.0:beta5
  • Mozilla Firefox 4.0 beta6
    cpe:2.3:a:mozilla:firefox:4.0:beta6
  • Mozilla Firefox 4.0 beta3
    cpe:2.3:a:mozilla:firefox:4.0:beta3
  • Mozilla Firefox 4.0 beta4
    cpe:2.3:a:mozilla:firefox:4.0:beta4
  • Mozilla Firefox 4.0 beta2
    cpe:2.3:a:mozilla:firefox:4.0:beta2
  • Mozilla Firefox 3.0.1
    cpe:2.3:a:mozilla:firefox:3.0.1
  • Mozilla Firefox 3.6.25
    cpe:2.3:a:mozilla:firefox:3.6.25
  • Mozilla Firefox 3.6.24
    cpe:2.3:a:mozilla:firefox:3.6.24
  • Mozilla Firefox 3.6.3
    cpe:2.3:a:mozilla:firefox:3.6.3
  • Mozilla Firefox 3.0.5
    cpe:2.3:a:mozilla:firefox:3.0.5
  • Mozilla Firefox 3.6.23
    cpe:2.3:a:mozilla:firefox:3.6.23
  • Mozilla Firefox 3.0
    cpe:2.3:a:mozilla:firefox:3.0
  • Mozilla Firefox 3.6.13
    cpe:2.3:a:mozilla:firefox:3.6.13
  • Mozilla Firefox 3.5.7
    cpe:2.3:a:mozilla:firefox:3.5.7
  • Mozilla Firefox 3.6.19
    cpe:2.3:a:mozilla:firefox:3.6.19
  • Mozilla Firefox 3.6.12
    cpe:2.3:a:mozilla:firefox:3.6.12
  • Mozilla Firefox 3.6.8
    cpe:2.3:a:mozilla:firefox:3.6.8
  • Mozilla Firefox 3.6.18
    cpe:2.3:a:mozilla:firefox:3.6.18
  • Mozilla Firefox 3.6.6
    cpe:2.3:a:mozilla:firefox:3.6.6
  • Mozilla Firefox 3.0.17
    cpe:2.3:a:mozilla:firefox:3.0.17
  • Mozilla Firefox 3.6.7
    cpe:2.3:a:mozilla:firefox:3.6.7
  • Mozilla Firefox 3.5.11
    cpe:2.3:a:mozilla:firefox:3.5.11
  • Mozilla Firefox 3.0.7
    cpe:2.3:a:mozilla:firefox:3.0.7
  • Mozilla Firefox 3.5.8
    cpe:2.3:a:mozilla:firefox:3.5.8
  • Mozilla Firefox 3.0.16
    cpe:2.3:a:mozilla:firefox:3.0.16
  • Mozilla Firefox 3.5.2
    cpe:2.3:a:mozilla:firefox:3.5.2
  • Mozilla Firefox 3.6.17
    cpe:2.3:a:mozilla:firefox:3.6.17
  • Mozilla Firefox 3.0.9
    cpe:2.3:a:mozilla:firefox:3.0.9
  • Mozilla Firefox 3.5.9
    cpe:2.3:a:mozilla:firefox:3.5.9
  • Mozilla Firefox 3.5.5
    cpe:2.3:a:mozilla:firefox:3.5.5
  • Mozilla Firefox 3.0.15
    cpe:2.3:a:mozilla:firefox:3.0.15
  • Mozilla Firefox 3.0.2
    cpe:2.3:a:mozilla:firefox:3.0.2
  • Mozilla Firefox 3.0.14
    cpe:2.3:a:mozilla:firefox:3.0.14
  • Mozilla Firefox 3.6.4
    cpe:2.3:a:mozilla:firefox:3.6.4
  • Mozilla Firefox 3.6.20
    cpe:2.3:a:mozilla:firefox:3.6.20
  • Mozilla Firefox 3.5.10
    cpe:2.3:a:mozilla:firefox:3.5.10
  • Mozilla Firefox 3.6.21
    cpe:2.3:a:mozilla:firefox:3.6.21
  • Mozilla Firefox 3.6
    cpe:2.3:a:mozilla:firefox:3.6
  • Mozilla Firefox 3.6.22
    cpe:2.3:a:mozilla:firefox:3.6.22
  • Mozilla Firefox 3.6.2
    cpe:2.3:a:mozilla:firefox:3.6.2
  • Mozilla Firefox 3.6.11
    cpe:2.3:a:mozilla:firefox:3.6.11
  • Mozilla Firefox 3.5.14
    cpe:2.3:a:mozilla:firefox:3.5.14
  • Mozilla Firefox 3.5.12
    cpe:2.3:a:mozilla:firefox:3.5.12
  • Mozilla Firefox 3.0.3
    cpe:2.3:a:mozilla:firefox:3.0.3
  • Mozilla Firefox 3.5.13
    cpe:2.3:a:mozilla:firefox:3.5.13
  • Mozilla Firefox 3.6.10
    cpe:2.3:a:mozilla:firefox:3.6.10
  • Mozilla Firefox 3.5.1
    cpe:2.3:a:mozilla:firefox:3.5.1
  • Mozilla Firefox 3.0.11
    cpe:2.3:a:mozilla:firefox:3.0.11
  • Mozilla Firefox 3.6.9
    cpe:2.3:a:mozilla:firefox:3.6.9
  • Mozilla Firefox 3.0.12
    cpe:2.3:a:mozilla:firefox:3.0.12
  • Mozilla Firefox 3.6.15
    cpe:2.3:a:mozilla:firefox:3.6.15
  • Mozilla Firefox 3.6.16
    cpe:2.3:a:mozilla:firefox:3.6.16
  • Mozilla Firefox 3.6.14
    cpe:2.3:a:mozilla:firefox:3.6.14
  • Mozilla Firefox 3.5.15
    cpe:2.3:a:mozilla:firefox:3.5.15
  • Mozilla Firefox 3.0.6
    cpe:2.3:a:mozilla:firefox:3.0.6
  • Mozilla Firefox 3.0.10
    cpe:2.3:a:mozilla:firefox:3.0.10
  • Mozilla Firefox 3.0.8
    cpe:2.3:a:mozilla:firefox:3.0.8
  • Mozilla Firefox 3.0.4
    cpe:2.3:a:mozilla:firefox:3.0.4
  • Mozilla Firefox 3.0.13
    cpe:2.3:a:mozilla:firefox:3.0.13
  • Mozilla Firefox 3.5.3
    cpe:2.3:a:mozilla:firefox:3.5.3
  • Mozilla Firefox 3.5.4
    cpe:2.3:a:mozilla:firefox:3.5.4
  • Mozilla Firefox 3.5.6
    cpe:2.3:a:mozilla:firefox:3.5.6
  • Mozilla Firefox 3.5
    cpe:2.3:a:mozilla:firefox:3.5
  • Mozilla Firefox 2.0.0.14
    cpe:2.3:a:mozilla:firefox:2.0.0.14
  • Mozilla Firefox 2.0.0.12
    cpe:2.3:a:mozilla:firefox:2.0.0.12
  • Mozilla Firefox 2.0.0.19
    cpe:2.3:a:mozilla:firefox:2.0.0.19
  • Mozilla Firefox 2.0.0.20
    cpe:2.3:a:mozilla:firefox:2.0.0.20
  • Mozilla Firefox 2.0.0.9
    cpe:2.3:a:mozilla:firefox:2.0.0.9
  • Mozilla Firefox 2.0.0.17
    cpe:2.3:a:mozilla:firefox:2.0.0.17
  • Mozilla Firefox 2.0.0.10
    cpe:2.3:a:mozilla:firefox:2.0.0.10
  • Mozilla Firefox 2.0.0.16
    cpe:2.3:a:mozilla:firefox:2.0.0.16
  • Mozilla Firefox 2.0.0.11
    cpe:2.3:a:mozilla:firefox:2.0.0.11
  • Mozilla Firefox 2.0.0.15
    cpe:2.3:a:mozilla:firefox:2.0.0.15
  • Mozilla Firefox 2.0.0.7
    cpe:2.3:a:mozilla:firefox:2.0.0.7
  • Mozilla Firefox 2.0
    cpe:2.3:a:mozilla:firefox:2.0
  • Mozilla Firefox 2.0.0.6
    cpe:2.3:a:mozilla:firefox:2.0.0.6
  • Mozilla Firefox 2.0.0.5
    cpe:2.3:a:mozilla:firefox:2.0.0.5
  • Mozilla Firefox 2.0.0.4
    cpe:2.3:a:mozilla:firefox:2.0.0.4
  • Mozilla Firefox 2.0.0.3
    cpe:2.3:a:mozilla:firefox:2.0.0.3
  • Mozilla Firefox 2.0.0.2
    cpe:2.3:a:mozilla:firefox:2.0.0.2
  • Mozilla Firefox 2.0.0.1
    cpe:2.3:a:mozilla:firefox:2.0.0.1
  • Mozilla Firefox 2.0.0.8
    cpe:2.3:a:mozilla:firefox:2.0.0.8
  • Mozilla Firefox 2.0.0.13
    cpe:2.3:a:mozilla:firefox:2.0.0.13
  • Mozilla Firefox 2.0.0.18
    cpe:2.3:a:mozilla:firefox:2.0.0.18
  • Mozilla Firefox 1.0.1
    cpe:2.3:a:mozilla:firefox:1.0.1
  • Mozilla Firefox 1.0
    cpe:2.3:a:mozilla:firefox:1.0
  • Mozilla Firefox 1.0.3
    cpe:2.3:a:mozilla:firefox:1.0.3
  • Mozilla Firefox 1.0.2
    cpe:2.3:a:mozilla:firefox:1.0.2
  • Mozilla Firefox 1.0.5
    cpe:2.3:a:mozilla:firefox:1.0.5
  • Mozilla Firefox 1.0.4
    cpe:2.3:a:mozilla:firefox:1.0.4
  • Mozilla Firefox 1.0.7
    cpe:2.3:a:mozilla:firefox:1.0.7
  • Mozilla Firefox 1.0.6
    cpe:2.3:a:mozilla:firefox:1.0.6
  • Mozilla Firefox 1.5
    cpe:2.3:a:mozilla:firefox:1.5
  • Mozilla Firefox 1.0.8
    cpe:2.3:a:mozilla:firefox:1.0.8
  • Mozilla Firefox 1.4.1
    cpe:2.3:a:mozilla:firefox:1.4.1
  • Mozilla Firefox 1.0 Preview Release
    cpe:2.3:a:mozilla:firefox:1.0:preview_release
  • Mozilla Firefox 1.5.0.4
    cpe:2.3:a:mozilla:firefox:1.5.0.4
  • Mozilla Firefox 1.5.0.5
    cpe:2.3:a:mozilla:firefox:1.5.0.5
  • Mozilla Firefox 1.5.0.2
    cpe:2.3:a:mozilla:firefox:1.5.0.2
  • Mozilla Firefox 1.5.0.3
    cpe:2.3:a:mozilla:firefox:1.5.0.3
  • Mozilla Firefox 1.5.0.11
    cpe:2.3:a:mozilla:firefox:1.5.0.11
  • Mozilla Firefox 1.5.0.12
    cpe:2.3:a:mozilla:firefox:1.5.0.12
  • Mozilla Firefox 1.5.0.1
    cpe:2.3:a:mozilla:firefox:1.5.0.1
  • Mozilla Firefox 1.5.0.10
    cpe:2.3:a:mozilla:firefox:1.5.0.10
  • Mozilla Firefox 1.5.3
    cpe:2.3:a:mozilla:firefox:1.5.3
  • Mozilla Firefox 1.5.4
    cpe:2.3:a:mozilla:firefox:1.5.4
  • Mozilla Firefox 1.5.1
    cpe:2.3:a:mozilla:firefox:1.5.1
  • Mozilla Firefox 1.5.2
    cpe:2.3:a:mozilla:firefox:1.5.2
  • Mozilla Firefox 1.5.0.8
    cpe:2.3:a:mozilla:firefox:1.5.0.8
  • Mozilla Firefox 1.5.0.9
    cpe:2.3:a:mozilla:firefox:1.5.0.9
  • Mozilla Firefox 1.5.0.6
    cpe:2.3:a:mozilla:firefox:1.5.0.6
  • Mozilla Firefox 1.5.0.7
    cpe:2.3:a:mozilla:firefox:1.5.0.7
  • Mozilla Firefox 1.5 Beta 2
    cpe:2.3:a:mozilla:firefox:1.5:beta2
  • Mozilla Firefox 1.8
    cpe:2.3:a:mozilla:firefox:1.8
  • Mozilla Firefox 1.5.8
    cpe:2.3:a:mozilla:firefox:1.5.8
  • Mozilla Firefox 1.5.7
    cpe:2.3:a:mozilla:firefox:1.5.7
  • Mozilla Firefox 1.5.6
    cpe:2.3:a:mozilla:firefox:1.5.6
  • Mozilla Firefox 1.5.5
    cpe:2.3:a:mozilla:firefox:1.5.5
  • Mozilla Firefox 1.5 Beta 1
    cpe:2.3:a:mozilla:firefox:1.5:beta1
  • Mozilla Firefox 0.10
    cpe:2.3:a:mozilla:firefox:0.10
  • Mozilla Firefox 0.8
    cpe:2.3:a:mozilla:firefox:0.8
  • Mozilla Firefox 0.10.1
    cpe:2.3:a:mozilla:firefox:0.10.1
  • Mozilla Firefox 0.9.1
    cpe:2.3:a:mozilla:firefox:0.9.1
  • Mozilla Firefox 0.9
    cpe:2.3:a:mozilla:firefox:0.9
  • Mozilla Firefox 0.9.3
    cpe:2.3:a:mozilla:firefox:0.9.3
  • Mozilla Firefox 0.9.2
    cpe:2.3:a:mozilla:firefox:0.9.2
  • Mozilla Firefox 0.9 rc
    cpe:2.3:a:mozilla:firefox:0.9:rc
  • Mozilla Firefox 0.6.1
    cpe:2.3:a:mozilla:firefox:0.6.1
  • Mozilla Firefox 0.7
    cpe:2.3:a:mozilla:firefox:0.7
  • Mozilla Firefox 0.7.1
    cpe:2.3:a:mozilla:firefox:0.7.1
  • Mozilla Firefox 0.3
    cpe:2.3:a:mozilla:firefox:0.3
  • Mozilla Firefox 0.4
    cpe:2.3:a:mozilla:firefox:0.4
  • Mozilla Firefox 0.5
    cpe:2.3:a:mozilla:firefox:0.5
  • Mozilla Firefox 0.6
    cpe:2.3:a:mozilla:firefox:0.6
  • Mozilla Firefox 0.1
    cpe:2.3:a:mozilla:firefox:0.1
  • Mozilla Firefox 0.2
    cpe:2.3:a:mozilla:firefox:0.2
  • Mozilla Firefox 17.0
    cpe:2.3:a:mozilla:firefox:17.0
  • Mozilla Firefox 17.0.1
    cpe:2.3:a:mozilla:firefox:17.0.1
  • Mozilla Firefox 18.0.2
    cpe:2.3:a:mozilla:firefox:18.0.2
  • Mozilla Firefox 18.0
    cpe:2.3:a:mozilla:firefox:18.0
  • Mozilla Firefox 18.0.1
    cpe:2.3:a:mozilla:firefox:18.0.1
  • Mozilla Firefox Extended Support Release (ESR) 17.0
    cpe:2.3:a:mozilla:firefox_esr:17.0
  • Mozilla Firefox Extended Support Release (ESR) 17.0.2
    cpe:2.3:a:mozilla:firefox_esr:17.0.2
  • Mozilla Firefox Extended Support Release (ESR) 17.0.1
    cpe:2.3:a:mozilla:firefox_esr:17.0.1
  • Mozilla Thunderbird 16.0
    cpe:2.3:a:mozilla:thunderbird:16.0
  • Mozilla Thunderbird 16.0.2
    cpe:2.3:a:mozilla:thunderbird:16.0.2
  • Mozilla Thunderbird 16.0.1
    cpe:2.3:a:mozilla:thunderbird:16.0.1
  • Mozilla Thunderbird 15.0.1
    cpe:2.3:a:mozilla:thunderbird:15.0.1
  • Mozilla Thunderbird 15.0
    cpe:2.3:a:mozilla:thunderbird:15.0
  • Mozilla Thunderbird 14.0
    cpe:2.3:a:mozilla:thunderbird:14.0
  • Mozilla Thunderbird 13.0.1
    cpe:2.3:a:mozilla:thunderbird:13.0.1
  • Mozilla Thunderbird 13.0
    cpe:2.3:a:mozilla:thunderbird:13.0
  • Mozilla Thunderbird 12.0.1
    cpe:2.3:a:mozilla:thunderbird:12.0.1
  • Mozilla Thunderbird 12.0
    cpe:2.3:a:mozilla:thunderbird:12.0
  • Mozilla Thunderbird 11.0.1
    cpe:2.3:a:mozilla:thunderbird:11.0.1
  • Mozilla Thunderbird 11.0
    cpe:2.3:a:mozilla:thunderbird:11.0
  • Mozilla Thunderbird 10.0.2
    cpe:2.3:a:mozilla:thunderbird:10.0.2
  • Mozilla Thunderbird 10.0.3
    cpe:2.3:a:mozilla:thunderbird:10.0.3
  • Mozilla Thunderbird 10.0.4
    cpe:2.3:a:mozilla:thunderbird:10.0.4
  • Mozilla Thunderbird 10.0.1
    cpe:2.3:a:mozilla:thunderbird:10.0.1
  • Mozilla Thunderbird 10.0
    cpe:2.3:a:mozilla:thunderbird:10.0
  • Mozilla Thunderbird 9.0.1
    cpe:2.3:a:mozilla:thunderbird:9.0.1
  • Mozilla Thunderbird 9.0
    cpe:2.3:a:mozilla:thunderbird:9.0
  • Mozilla Thunderbird 8.0
    cpe:2.3:a:mozilla:thunderbird:8.0
  • Mozilla Thunderbird 7.0.1
    cpe:2.3:a:mozilla:thunderbird:7.0.1
  • Mozilla Thunderbird 7.0
    cpe:2.3:a:mozilla:thunderbird:7.0
  • Mozilla Thunderbird 6.0
    cpe:2.3:a:mozilla:thunderbird:6.0
  • Mozilla Thunderbird 6.0.1
    cpe:2.3:a:mozilla:thunderbird:6.0.1
  • Mozilla Thunderbird 6.0.2
    cpe:2.3:a:mozilla:thunderbird:6.0.2
  • Mozilla Thunderbird 5.0
    cpe:2.3:a:mozilla:thunderbird:5.0
  • Mozilla Thunderbird 3.1.15
    cpe:2.3:a:mozilla:thunderbird:3.1.15
  • Mozilla Thunderbird 3.1.16
    cpe:2.3:a:mozilla:thunderbird:3.1.16
  • Mozilla Thunderbird 3.1.14
    cpe:2.3:a:mozilla:thunderbird:3.1.14
  • Mozilla Thunderbird 3.1.13
    cpe:2.3:a:mozilla:thunderbird:3.1.13
  • Mozilla Thunderbird 3.1.12
    cpe:2.3:a:mozilla:thunderbird:3.1.12
  • Mozilla Thunderbird 3.1.7
    cpe:2.3:a:mozilla:thunderbird:3.1.7
  • Mozilla Thunderbird 3.1.6
    cpe:2.3:a:mozilla:thunderbird:3.1.6
  • Mozilla Thunderbird 3.1.2
    cpe:2.3:a:mozilla:thunderbird:3.1.2
  • Mozilla Thunderbird 3.0.6
    cpe:2.3:a:mozilla:thunderbird:3.0.6
  • Mozilla Thunderbird 3.1.1
    cpe:2.3:a:mozilla:thunderbird:3.1.1
  • Mozilla Thunderbird 3.1
    cpe:2.3:a:mozilla:thunderbird:3.1
  • Mozilla Thunderbird 3.1.8
    cpe:2.3:a:mozilla:thunderbird:3.1.8
  • Mozilla Thunderbird 3.1.10
    cpe:2.3:a:mozilla:thunderbird:3.1.10
  • Mozilla Thunderbird 3.1.9
    cpe:2.3:a:mozilla:thunderbird:3.1.9
  • Mozilla Thunderbird 3.1.11
    cpe:2.3:a:mozilla:thunderbird:3.1.11
  • Mozilla Thunderbird 3.0.4
    cpe:2.3:a:mozilla:thunderbird:3.0.4
  • Mozilla Thunderbird 3.0
    cpe:2.3:a:mozilla:thunderbird:3.0
  • Mozilla Thunderbird 3.0.5
    cpe:2.3:a:mozilla:thunderbird:3.0.5
  • Mozilla Thunderbird 3.0.2
    cpe:2.3:a:mozilla:thunderbird:3.0.2
  • Mozilla Thunderbird 3.0.3
    cpe:2.3:a:mozilla:thunderbird:3.0.3
  • Mozilla Thunderbird 3.0.1
    cpe:2.3:a:mozilla:thunderbird:3.0.1
  • Mozilla Thunderbird 3.0.8
    cpe:2.3:a:mozilla:thunderbird:3.0.8
  • Mozilla Thunderbird 3.0.7
    cpe:2.3:a:mozilla:thunderbird:3.0.7
  • Mozilla Thunderbird 3.1.4
    cpe:2.3:a:mozilla:thunderbird:3.1.4
  • Mozilla Thunderbird 3.1.3
    cpe:2.3:a:mozilla:thunderbird:3.1.3
  • Mozilla Thunderbird 3.0.11
    cpe:2.3:a:mozilla:thunderbird:3.0.11
  • Mozilla Thunderbird 3.1.5
    cpe:2.3:a:mozilla:thunderbird:3.1.5
  • Mozilla Thunderbird 3.0.9
    cpe:2.3:a:mozilla:thunderbird:3.0.9
  • Mozilla Thunderbird 3.0.10
    cpe:2.3:a:mozilla:thunderbird:3.0.10
  • Mozilla Thunderbird 3.1.17
    cpe:2.3:a:mozilla:thunderbird:3.1.17
  • Mozilla Thunderbird 2.0.0.1
    cpe:2.3:a:mozilla:thunderbird:2.0.0.1
  • Mozilla Thunderbird 2.0.0.0
    cpe:2.3:a:mozilla:thunderbird:2.0.0.0
  • Mozilla Thunderbird 2.0.0.3
    cpe:2.3:a:mozilla:thunderbird:2.0.0.3
  • Mozilla Thunderbird 2.0.0.2
    cpe:2.3:a:mozilla:thunderbird:2.0.0.2
  • Mozilla Thunderbird 2.0.0.19
    cpe:2.3:a:mozilla:thunderbird:2.0.0.19
  • Mozilla Thunderbird 2.0.0.5
    cpe:2.3:a:mozilla:thunderbird:2.0.0.5
  • Mozilla Thunderbird 2.0.0.4
    cpe:2.3:a:mozilla:thunderbird:2.0.0.4
  • Mozilla Thunderbird 2.0.0.8
    cpe:2.3:a:mozilla:thunderbird:2.0.0.8
  • Mozilla Thunderbird 2.0.0.7
    cpe:2.3:a:mozilla:thunderbird:2.0.0.7
  • Mozilla Thunderbird 2.0.0.20
    cpe:2.3:a:mozilla:thunderbird:2.0.0.20
  • Mozilla Thunderbird 2.0.0.21
    cpe:2.3:a:mozilla:thunderbird:2.0.0.21
  • Mozilla Thunderbird 2.0.0.16
    cpe:2.3:a:mozilla:thunderbird:2.0.0.16
  • Mozilla Thunderbird 2.0.0.15
    cpe:2.3:a:mozilla:thunderbird:2.0.0.15
  • Mozilla Thunderbird 2.0.0.14
    cpe:2.3:a:mozilla:thunderbird:2.0.0.14
  • Mozilla Thunderbird 2.0.0.17
    cpe:2.3:a:mozilla:thunderbird:2.0.0.17
  • Mozilla Thunderbird 2.0.0.9
    cpe:2.3:a:mozilla:thunderbird:2.0.0.9
  • Mozilla Thunderbird 2.0.0.6
    cpe:2.3:a:mozilla:thunderbird:2.0.0.6
  • Mozilla Thunderbird 2.0.0.12
    cpe:2.3:a:mozilla:thunderbird:2.0.0.12
  • Mozilla Thunderbird 2.0.0.11
    cpe:2.3:a:mozilla:thunderbird:2.0.0.11
  • Mozilla Thunderbird 2.0
    cpe:2.3:a:mozilla:thunderbird:2.0
  • Mozilla Thunderbird 2.0.0.13
    cpe:2.3:a:mozilla:thunderbird:2.0.0.13
  • Mozilla Thunderbird 2.0.0.22
    cpe:2.3:a:mozilla:thunderbird:2.0.0.22
  • Mozilla Thunderbird 2.0.0.23
    cpe:2.3:a:mozilla:thunderbird:2.0.0.23
  • Mozilla Thunderbird 2.0.0.18
    cpe:2.3:a:mozilla:thunderbird:2.0.0.18
  • Mozilla Thunderbird 1.5.0.9
    cpe:2.3:a:mozilla:thunderbird:1.5.0.9
  • Mozilla Thunderbird 1.5.0.8
    cpe:2.3:a:mozilla:thunderbird:1.5.0.8
  • Mozilla Thunderbird 1.5.2
    cpe:2.3:a:mozilla:thunderbird:1.5.2
  • Mozilla Thunderbird 1.5.1
    cpe:2.3:a:mozilla:thunderbird:1.5.1
  • Mozilla Thunderbird 1.0.6
    cpe:2.3:a:mozilla:thunderbird:1.0.6
  • Mozilla Thunderbird 1.0.7
    cpe:2.3:a:mozilla:thunderbird:1.0.7
  • Mozilla Thunderbird 1.0.8
    cpe:2.3:a:mozilla:thunderbird:1.0.8
  • Mozilla Thunderbird 1.5
    cpe:2.3:a:mozilla:thunderbird:1.5
  • Mozilla Thunderbird 1.0.2
    cpe:2.3:a:mozilla:thunderbird:1.0.2
  • Mozilla Thunderbird 1.0.3
    cpe:2.3:a:mozilla:thunderbird:1.0.3
  • Mozilla Thunderbird 1.0.4
    cpe:2.3:a:mozilla:thunderbird:1.0.4
  • Mozilla Thunderbird 1.0.5
    cpe:2.3:a:mozilla:thunderbird:1.0.5
  • Mozilla Thunderbird 1.5.0.3
    cpe:2.3:a:mozilla:thunderbird:1.5.0.3
  • Mozilla Thunderbird 1.5.0.4
    cpe:2.3:a:mozilla:thunderbird:1.5.0.4
  • Mozilla Thunderbird 1.5.0.6
    cpe:2.3:a:mozilla:thunderbird:1.5.0.6
  • Mozilla Thunderbird 1.5.0.7
    cpe:2.3:a:mozilla:thunderbird:1.5.0.7
  • Mozilla Thunderbird 1.5.0.1
    cpe:2.3:a:mozilla:thunderbird:1.5.0.1
  • Mozilla Thunderbird 1.5.0.10
    cpe:2.3:a:mozilla:thunderbird:1.5.0.10
  • Mozilla Thunderbird 1.5.0.11
    cpe:2.3:a:mozilla:thunderbird:1.5.0.11
  • Mozilla Thunderbird 1.5.0.2
    cpe:2.3:a:mozilla:thunderbird:1.5.0.2
  • Mozilla Thunderbird 1.0.5 Beta
    cpe:2.3:a:mozilla:thunderbird:1.0.5:beta
  • Mozilla Thunderbird 1.5.0.12
    cpe:2.3:a:mozilla:thunderbird:1.5.0.12
  • Mozilla Thunderbird 1.5.0.5
    cpe:2.3:a:mozilla:thunderbird:1.5.0.5
  • Mozilla Thunderbird 1.5.0.13
    cpe:2.3:a:mozilla:thunderbird:1.5.0.13
  • Mozilla Thunderbird 1.5.0.14
    cpe:2.3:a:mozilla:thunderbird:1.5.0.14
  • Mozilla Thunderbird 1.5 Beta 2
    cpe:2.3:a:mozilla:thunderbird:1.5:beta2
  • Mozilla Mozilla Mail 1.7.1
    cpe:2.3:a:mozilla:thunderbird:1.7.1
  • Mozilla Mozilla Mail 1.7.3
    cpe:2.3:a:mozilla:thunderbird:1.7.3
  • Mozilla Thunderbird 1.0
    cpe:2.3:a:mozilla:thunderbird:1.0
  • Mozilla Thunderbird 1.0.1
    cpe:2.3:a:mozilla:thunderbird:1.0.1
  • Mozilla Thunderbird 0.7.2
    cpe:2.3:a:mozilla:thunderbird:0.7.2
  • Mozilla Thunderbird 0.7.3
    cpe:2.3:a:mozilla:thunderbird:0.7.3
  • Mozilla Thunderbird 0.7
    cpe:2.3:a:mozilla:thunderbird:0.7
  • Mozilla Thunderbird 0.7.1
    cpe:2.3:a:mozilla:thunderbird:0.7.1
  • Mozilla Thunderbird 0.8
    cpe:2.3:a:mozilla:thunderbird:0.8
  • Mozilla Thunderbird 0.9
    cpe:2.3:a:mozilla:thunderbird:0.9
  • Mozilla Thunderbird 0.1
    cpe:2.3:a:mozilla:thunderbird:0.1
  • Mozilla Thunderbird 0.2
    cpe:2.3:a:mozilla:thunderbird:0.2
  • Mozilla Thunderbird 0.5
    cpe:2.3:a:mozilla:thunderbird:0.5
  • Mozilla Thunderbird 0.6
    cpe:2.3:a:mozilla:thunderbird:0.6
  • Mozilla Thunderbird 0.3
    cpe:2.3:a:mozilla:thunderbird:0.3
  • Mozilla Thunderbird 0.4
    cpe:2.3:a:mozilla:thunderbird:0.4
  • Mozilla Thunderbird 17.0
    cpe:2.3:a:mozilla:thunderbird:17.0
  • Mozilla Thunderbird 17.0.2
    cpe:2.3:a:mozilla:thunderbird:17.0.2
  • Mozilla Thunderbird Extended Support Release (ESR) 17.0
    cpe:2.3:a:mozilla:thunderbird_esr:17.0
  • Mozilla Thunderbird Extended Support Release (ESR) 17.0.1
    cpe:2.3:a:mozilla:thunderbird_esr:17.0.1
  • Mozilla Seamonkey 2.15 beta4
    cpe:2.3:a:mozilla:seamonkey:2.15:beta4
  • Mozilla Seamonkey 2.15 beta3
    cpe:2.3:a:mozilla:seamonkey:2.15:beta3
  • Mozilla Seamonkey 2.15 beta2
    cpe:2.3:a:mozilla:seamonkey:2.15:beta2
  • Mozilla Seamonkey 2.15 beta1
    cpe:2.3:a:mozilla:seamonkey:2.15:beta1
  • Mozilla Seamonkey 2.15 beta5
    cpe:2.3:a:mozilla:seamonkey:2.15:beta5
  • cpe:2.3:a:mozilla:seamonkey:2.14.1
    cpe:2.3:a:mozilla:seamonkey:2.14.1
  • Mozilla Seamonkey 2.14 beta1
    cpe:2.3:a:mozilla:seamonkey:2.14:beta1
  • Mozilla Seamonkey 2.14 beta5
    cpe:2.3:a:mozilla:seamonkey:2.14:beta5
  • Mozilla Seamonkey 2.14 beta4
    cpe:2.3:a:mozilla:seamonkey:2.14:beta4
  • Mozilla Seamonkey 2.14 beta3
    cpe:2.3:a:mozilla:seamonkey:2.14:beta3
  • Mozilla Seamonkey 2.14 beta2
    cpe:2.3:a:mozilla:seamonkey:2.14:beta2
  • Mozilla Seamonkey 2.14
    cpe:2.3:a:mozilla:seamonkey:2.14
  • Mozilla SeaMonkey 2.13 beta1
    cpe:2.3:a:mozilla:seamonkey:2.13:beta1
  • Mozilla SeaMonkey 2.13 beta2
    cpe:2.3:a:mozilla:seamonkey:2.13:beta2
  • Mozilla SeaMonkey 2.13 beta3
    cpe:2.3:a:mozilla:seamonkey:2.13:beta3
  • Mozilla SeaMonkey 2.13 beta4
    cpe:2.3:a:mozilla:seamonkey:2.13:beta4
  • Mozilla SeaMonkey 2.13 beta5
    cpe:2.3:a:mozilla:seamonkey:2.13:beta5
  • Mozilla SeaMonkey 2.13 beta6
    cpe:2.3:a:mozilla:seamonkey:2.13:beta6
  • Mozilla SeaMonkey 2.13
    cpe:2.3:a:mozilla:seamonkey:2.13
  • Mozilla Seamonkey 2.13.2
    cpe:2.3:a:mozilla:seamonkey:2.13.2
  • Mozilla SeaMonkey 2.13.1
    cpe:2.3:a:mozilla:seamonkey:2.13.1
  • Mozilla SeaMonkey 2.12.1
    cpe:2.3:a:mozilla:seamonkey:2.12.1
  • Mozilla SeaMonkey 2.12 beta5
    cpe:2.3:a:mozilla:seamonkey:2.12:beta5
  • Mozilla SeaMonkey 2.12 beta6
    cpe:2.3:a:mozilla:seamonkey:2.12:beta6
  • Mozilla SeaMonkey 2.12 beta3
    cpe:2.3:a:mozilla:seamonkey:2.12:beta3
  • Mozilla SeaMonkey 2.12 beta4
    cpe:2.3:a:mozilla:seamonkey:2.12:beta4
  • Mozilla SeaMonkey 2.12 beta1
    cpe:2.3:a:mozilla:seamonkey:2.12:beta1
  • Mozilla SeaMonkey 2.12 beta2
    cpe:2.3:a:mozilla:seamonkey:2.12:beta2
  • Mozilla SeaMonkey 2.12
    cpe:2.3:a:mozilla:seamonkey:2.12
  • Mozilla SeaMonkey 2.11 beta4
    cpe:2.3:a:mozilla:seamonkey:2.11:beta4
  • Mozilla SeaMonkey 2.11 beta3
    cpe:2.3:a:mozilla:seamonkey:2.11:beta3
  • Mozilla SeaMonkey 2.11 beta2
    cpe:2.3:a:mozilla:seamonkey:2.11:beta2
  • Mozilla SeaMonkey 2.11 beta1
    cpe:2.3:a:mozilla:seamonkey:2.11:beta1
  • Mozilla SeaMonkey 2.11 beta6
    cpe:2.3:a:mozilla:seamonkey:2.11:beta6
  • Mozilla SeaMonkey 2.11 beta5
    cpe:2.3:a:mozilla:seamonkey:2.11:beta5
  • Mozilla SeaMonkey 2.11
    cpe:2.3:a:mozilla:seamonkey:2.11
  • Mozilla SeaMonkey 2.10
    cpe:2.3:a:mozilla:seamonkey:2.10
  • Mozilla SeaMonkey 2.10.1
    cpe:2.3:a:mozilla:seamonkey:2.10.1
  • Mozilla SeaMonkey 2.10 beta3
    cpe:2.3:a:mozilla:seamonkey:2.10:beta3
  • Mozilla SeaMonkey 2.10 beta2
    cpe:2.3:a:mozilla:seamonkey:2.10:beta2
  • Mozilla SeaMonkey 2.10 beta1
    cpe:2.3:a:mozilla:seamonkey:2.10:beta1
  • Mozilla SeaMonkey 2.9.1
    cpe:2.3:a:mozilla:seamonkey:2.9.1
  • Mozilla SeaMonkey 2.9 beta4
    cpe:2.3:a:mozilla:seamonkey:2.9:beta4
  • Mozilla SeaMonkey 2.9 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.9:beta2
  • Mozilla SeaMonkey 2.9 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.9:beta1
  • Mozilla SeaMonkey 2.9
    cpe:2.3:a:mozilla:seamonkey:2.9
  • Mozilla SeaMonkey 2.9 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.9:beta3
  • Mozilla SeaMonkey 2.8 Beta 6
    cpe:2.3:a:mozilla:seamonkey:2.8:beta6
  • Mozilla SeaMonkey 2.8
    cpe:2.3:a:mozilla:seamonkey:2.8
  • Mozilla SeaMonkey 2.8 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.8:beta1
  • Mozilla SeaMonkey 2.8 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.8:beta3
  • Mozilla SeaMonkey 2.8 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.8:beta2
  • Mozilla SeaMonkey 2.8 Beta 5
    cpe:2.3:a:mozilla:seamonkey:2.8:beta5
  • Mozilla SeaMonkey 2.8 Beta 4
    cpe:2.3:a:mozilla:seamonkey:2.8:beta4
  • Mozilla SeaMonkey 2.7.1
    cpe:2.3:a:mozilla:seamonkey:2.7.1
  • Mozilla SeaMonkey 2.7.2
    cpe:2.3:a:mozilla:seamonkey:2.7.2
  • Mozilla SeaMonkey 2.7 Beta 4
    cpe:2.3:a:mozilla:seamonkey:2.7:beta4
  • Mozilla SeaMonkey 2.7 Beta 5
    cpe:2.3:a:mozilla:seamonkey:2.7:beta5
  • Mozilla SeaMonkey 2.7 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.7:beta1
  • Mozilla SeaMonkey 2.7 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.7:beta2
  • Mozilla SeaMonkey 2.7 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.7:beta3
  • Mozilla SeaMonkey 2.7
    cpe:2.3:a:mozilla:seamonkey:2.7
  • Mozilla SeaMonkey 2.6 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.6:beta1
  • Mozilla SeaMonkey 2.6 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.6:beta2
  • Mozilla SeaMonkey 2.6 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.6:beta3
  • Mozilla SeaMonkey 2.6 Beta 4
    cpe:2.3:a:mozilla:seamonkey:2.6:beta4
  • Mozilla SeaMonkey 2.6
    cpe:2.3:a:mozilla:seamonkey:2.6
  • Mozilla SeaMonkey 2.6.1
    cpe:2.3:a:mozilla:seamonkey:2.6.1
  • Mozilla SeaMonkey 2.5
    cpe:2.3:a:mozilla:seamonkey:2.5
  • Mozilla SeaMonkey 2.5 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.5:beta1
  • Mozilla SeaMonkey 2.5 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.5:beta3
  • Mozilla SeaMonkey 2.5 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.5:beta2
  • Mozilla SeaMonkey 2.5 Beta 4
    cpe:2.3:a:mozilla:seamonkey:2.5:beta4
  • Mozilla SeaMonkey 2.4
    cpe:2.3:a:mozilla:seamonkey:2.4
  • Mozilla SeaMonkey 2.4.1
    cpe:2.3:a:mozilla:seamonkey:2.4.1
  • Mozilla SeaMonkey 2.4 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.4:beta1
  • Mozilla SeaMonkey 2.4 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.4:beta3
  • Mozilla SeaMonkey 2.4 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.4:beta2
  • Mozilla SeaMonkey 2.3.3
    cpe:2.3:a:mozilla:seamonkey:2.3.3
  • Mozilla SeaMonkey 2.3 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.3:beta3
  • Mozilla SeaMonkey 2.3 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.3:beta2
  • Mozilla SeaMonkey 2.3.1
    cpe:2.3:a:mozilla:seamonkey:2.3.1
  • Mozilla SeaMonkey 2.3
    cpe:2.3:a:mozilla:seamonkey:2.3
  • Mozilla SeaMonkey 2.3.2
    cpe:2.3:a:mozilla:seamonkey:2.3.2
  • Mozilla SeaMonkey 2.3 Beta1
    cpe:2.3:a:mozilla:seamonkey:2.3:beta1
  • Mozilla SeaMonkey 2.2 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.2:beta1
  • Mozilla SeaMonkey 2.2
    cpe:2.3:a:mozilla:seamonkey:2.2
  • Mozilla SeaMonkey 2.2 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.2:beta2
  • Mozilla SeaMonkey 2.2 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.2:beta3
  • Mozilla SeaMonkey 2.1 Release Candidate 2
    cpe:2.3:a:mozilla:seamonkey:2.1:rc2
  • Mozilla SeaMonkey 2.1 Release Candidate 1
    cpe:2.3:a:mozilla:seamonkey:2.1:rc1
  • Mozilla SeaMonkey 2.1 Beta 3
    cpe:2.3:a:mozilla:seamonkey:2.1:beta3
  • Mozilla SeaMonkey 2.1 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.1:beta2
  • Mozilla SeaMonkey 2.1 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.1:beta1
  • Mozilla SeaMonkey 2.1 alpha3
    cpe:2.3:a:mozilla:seamonkey:2.1:alpha3
  • Mozilla SeaMonkey 2.1 alpha2
    cpe:2.3:a:mozilla:seamonkey:2.1:alpha2
  • Mozilla SeaMonkey 2.1 alpha1
    cpe:2.3:a:mozilla:seamonkey:2.1:alpha1
  • Mozilla SeaMonkey 2.1
    cpe:2.3:a:mozilla:seamonkey:2.1
  • Mozilla SeaMonkey 2.0.11
    cpe:2.3:a:mozilla:seamonkey:2.0.11
  • Mozilla SeaMonkey 2.0.6
    cpe:2.3:a:mozilla:seamonkey:2.0.6
  • Mozilla SeaMonkey 2.0.5
    cpe:2.3:a:mozilla:seamonkey:2.0.5
  • Mozilla SeaMonkey 2.0.2
    cpe:2.3:a:mozilla:seamonkey:2.0.2
  • Mozilla SeaMonkey 2.0.1
    cpe:2.3:a:mozilla:seamonkey:2.0.1
  • Mozilla SeaMonkey 2.0.12
    cpe:2.3:a:mozilla:seamonkey:2.0.12
  • Mozilla SeaMonkey 2.0.13
    cpe:2.3:a:mozilla:seamonkey:2.0.13
  • Mozilla SeaMonkey 2.0.14
    cpe:2.3:a:mozilla:seamonkey:2.0.14
  • Mozilla SeaMonkey 2.0.3
    cpe:2.3:a:mozilla:seamonkey:2.0.3
  • Mozilla SeaMonkey 2.0
    cpe:2.3:a:mozilla:seamonkey:2.0
  • Mozilla SeaMonkey 2.0 RC2
    cpe:2.3:a:mozilla:seamonkey:2.0:rc2
  • Mozilla SeaMonkey 2.0.4
    cpe:2.3:a:mozilla:seamonkey:2.0.4
  • Mozilla SeaMonkey 2.0 Alpha 2
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2
  • Mozilla SeaMonkey 2.0 Alpha 1
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1
  • Mozilla SeaMonkey 2.0 RC1
    cpe:2.3:a:mozilla:seamonkey:2.0:rc1
  • Mozilla SeaMonkey 2.0 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.0:beta_2
  • Mozilla SeaMonkey 2.0 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.0:beta_1
  • Mozilla SeaMonkey 2.0 Alpha 3
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3
  • Mozilla SeaMonkey 2.0.8
    cpe:2.3:a:mozilla:seamonkey:2.0.8
  • Mozilla SeaMonkey 2.0.7
    cpe:2.3:a:mozilla:seamonkey:2.0.7
  • cpe:2.3:a:mozilla:seamonkey:2.0a1:-:pre
    cpe:2.3:a:mozilla:seamonkey:2.0a1:-:pre
  • cpe:2.3:a:mozilla:seamonkey:2.0a1pre
    cpe:2.3:a:mozilla:seamonkey:2.0a1pre
  • Mozilla SeaMonkey 2.0.9
    cpe:2.3:a:mozilla:seamonkey:2.0.9
  • Mozilla SeaMonkey 2.0.10
    cpe:2.3:a:mozilla:seamonkey:2.0.10
  • Mozilla SeaMonkey 1.1.17
    cpe:2.3:a:mozilla:seamonkey:1.1.17
  • Mozilla SeaMonkey 1.1.16
    cpe:2.3:a:mozilla:seamonkey:1.1.16
  • Mozilla Seamonkey 1.1.1
    cpe:2.3:a:mozilla:seamonkey:1.1.1
  • Mozilla SeaMonkey 1.1.14
    cpe:2.3:a:mozilla:seamonkey:1.1.14
  • Mozilla SeaMonkey 1.1.15
    cpe:2.3:a:mozilla:seamonkey:1.1.15
  • Mozilla SeaMonkey 1.1.11
    cpe:2.3:a:mozilla:seamonkey:1.1.11
  • Mozilla SeaMonkey 1.1.12
    cpe:2.3:a:mozilla:seamonkey:1.1.12
  • Mozilla SeaMonkey 1.1 alpha
    cpe:2.3:a:mozilla:seamonkey:1.1:alpha
  • cpe:2.3:a:mozilla:seamonkey:1.0:-:beta
    cpe:2.3:a:mozilla:seamonkey:1.0:-:beta
  • Mozilla SeaMonkey 1.0 alpha
    cpe:2.3:a:mozilla:seamonkey:1.0:alpha
  • Mozilla SeaMonkey 1.1.10
    cpe:2.3:a:mozilla:seamonkey:1.1.10
  • Mozilla SeaMonkey 1.0 beta
    cpe:2.3:a:mozilla:seamonkey:1.0:beta
  • Mozilla Seamonkey 1.1.4
    cpe:2.3:a:mozilla:seamonkey:1.1.4
  • Mozilla Seamonkey 1.1.5
    cpe:2.3:a:mozilla:seamonkey:1.1.5
  • cpe:2.3:a:mozilla:seamonkey:1.0:-:alpha
    cpe:2.3:a:mozilla:seamonkey:1.0:-:alpha
  • cpe:2.3:a:mozilla:seamonkey:1.1.5:1.1.10
    cpe:2.3:a:mozilla:seamonkey:1.1.5:1.1.10
  • cpe:2.3:a:mozilla:seamonkey:1.0:-:dev
    cpe:2.3:a:mozilla:seamonkey:1.0:-:dev
  • cpe:2.3:a:mozilla:seamonkey:1.0.99
    cpe:2.3:a:mozilla:seamonkey:1.0.99
  • Mozilla Seamonkey 1.1.19
    cpe:2.3:a:mozilla:seamonkey:1.1.19
  • Mozilla Seamonkey 1.1.18
    cpe:2.3:a:mozilla:seamonkey:1.1.18
  • Mozilla SeaMonkey 1.1.8
    cpe:2.3:a:mozilla:seamonkey:1.1.8
  • Mozilla Seamonkey 1.1.7
    cpe:2.3:a:mozilla:seamonkey:1.1.7
  • Mozilla Seamonkey 1.1.6
    cpe:2.3:a:mozilla:seamonkey:1.1.6
  • Mozilla SeaMonkey 1.1.9
    cpe:2.3:a:mozilla:seamonkey:1.1.9
  • Mozilla SeaMonkey 1.5.0.8
    cpe:2.3:a:mozilla:seamonkey:1.5.0.8
  • Mozilla SeaMonkey 1.5.0.9
    cpe:2.3:a:mozilla:seamonkey:1.5.0.9
  • Mozilla SeaMonkey 1.0.9
    cpe:2.3:a:mozilla:seamonkey:1.0.9
  • Mozilla SeaMonkey 1.0.8
    cpe:2.3:a:mozilla:seamonkey:1.0.8
  • Mozilla SeaMonkey 1.0.7
    cpe:2.3:a:mozilla:seamonkey:1.0.7
  • Mozilla SeaMonkey 1.0.6
    cpe:2.3:a:mozilla:seamonkey:1.0.6
  • Mozilla SeaMonkey 1.5.0.10
    cpe:2.3:a:mozilla:seamonkey:1.5.0.10
  • Mozilla Seamonkey 1.1.3
    cpe:2.3:a:mozilla:seamonkey:1.1.3
  • Mozilla Seamonkey 1.1.2
    cpe:2.3:a:mozilla:seamonkey:1.1.2
  • Mozilla SeaMonkey 1.1.13
    cpe:2.3:a:mozilla:seamonkey:1.1.13
  • Mozilla SeaMonkey 1.1
    cpe:2.3:a:mozilla:seamonkey:1.1
  • Mozilla SeaMonkey 1.0.1
    cpe:2.3:a:mozilla:seamonkey:1.0.1
  • Mozilla SeaMonkey 1.0
    cpe:2.3:a:mozilla:seamonkey:1.0
  • Mozilla SeaMonkey 1.1 beta
    cpe:2.3:a:mozilla:seamonkey:1.1:beta
  • Mozilla SeaMonkey 1.0.5
    cpe:2.3:a:mozilla:seamonkey:1.0.5
  • Mozilla SeaMonkey 1.0.4
    cpe:2.3:a:mozilla:seamonkey:1.0.4
  • Mozilla SeaMonkey 1.0.3
    cpe:2.3:a:mozilla:seamonkey:1.0.3
  • Mozilla SeaMonkey 1.0.2
    cpe:2.3:a:mozilla:seamonkey:1.0.2
  • Mozilla Seamonkey 2.15 beta6
    cpe:2.3:a:mozilla:seamonkey:2.15:beta6
  • Mozilla Seamonkey 2.15
    cpe:2.3:a:mozilla:seamonkey:2.15
  • Mozilla Seamonkey 2.15.1
    cpe:2.3:a:mozilla:seamonkey:2.15.1
  • Mozilla Seamonkey 2.16 beta2
    cpe:2.3:a:mozilla:seamonkey:2.16:beta2
  • Mozilla Seamonkey 2.16 beta1
    cpe:2.3:a:mozilla:seamonkey:2.16:beta1
  • Mozilla Seamonkey 2.16 beta3
    cpe:2.3:a:mozilla:seamonkey:2.16:beta3
  • Mozilla Seamonkey 2.15.2
    cpe:2.3:a:mozilla:seamonkey:2.15.2
  • Mozilla Seamonkey 2.16 beta4
    cpe:2.3:a:mozilla:seamonkey:2.16:beta4
  • Mozilla Seamonkey 2.16 beta5
    cpe:2.3:a:mozilla:seamonkey:2.16:beta5
CVSS
Base: 9.3 (as of 20-02-2013 - 10:31)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201309-23.NASL
    description The remote host is affected by the vulnerability described in GLSA-201309-23 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Further, a remote attacker could conduct XSS attacks, spoof URLs, bypass address space layout randomization, conduct clickjacking attacks, obtain potentially sensitive information, bypass access restrictions, modify the local filesystem, or conduct other unspecified attacks. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 70183
    published 2013-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70183
    title GLSA-201309-23 : Mozilla Products: Multiple vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1748-1.NASL
    description Bobby Holley discovered vulnerabilities in Chrome Object Wrappers (COW) and System Only Wrappers (SOW). If a user were tricked into opening a specially crafted page and had scripting enabled, a remote attacker could exploit this to bypass security protections to obtain sensitive information or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2013-0773) Frederik Braun discovered that Thunderbird made the location of the active browser profile available to JavaScript workers. Scripting for Thunderbird is disabled by default in Ubuntu. (CVE-2013-0774) A use-after-free vulnerability was discovered in Thunderbird. An attacker could potentially exploit this to execute code with the privileges of the user invoking Thunderbird if scripting were enabled. (CVE-2013-0775) Michal Zalewski discovered that Thunderbird would not always show the correct address when cancelling a proxy authentication prompt. A remote attacker could exploit this to conduct URL spoofing and phishing attacks if scripting were enabled. (CVE-2013-0776) Abhishek Arya discovered several problems related to memory handling. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782) Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, Wayne Mery, Alon Zakai, Christian Holler, Gary Kwong, Luke Wagner, Terrence Cole, Timothy Nikkel, Bill McCloskey, and Nicolas Pierron discovered multiple memory safety issues affecting Thunderbird. If a user had scripting enabled and was tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash. (CVE-2013-0783, CVE-2013-0784). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 64892
    published 2013-02-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64892
    title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1748-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2699.NASL
    description Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, missing input sanitising vulnerabilities, use-after-free vulnerabilities, buffer overflows and other programming errors may lead to the execution of arbitrary code, privilege escalation, information leaks or cross-site-scripting. We're changing the approach for security updates for Iceweasel, Icedove and Iceape in stable-security: Instead of backporting security fixes, we now provide releases based on the Extended Support Release branch. As such, this update introduces packages based on Firefox 17 and at some point in the future we will switch to the next ESR branch once ESR 17 has reached it's end of life. Some Xul extensions currently packaged in the Debian archive are not compatible with the new browser engine. Up-to-date and compatible versions can be retrieved from http://addons.mozilla.org as a short term solution. A solution to keep packaged extensions compatible with the Mozilla releases is still being sorted out. We don't have the resources to backport security fixes to the Iceweasel release in oldstable-security any longer. If you're up to the task and want to help, please get in touch with team@security.debian.org. Otherwise, we'll announce the end of security support for Iceweasel, Icedove and Iceape in Squeeze in the next update round.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 66766
    published 2013-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66766
    title Debian DSA-2699-1 : iceweasel - several vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0272.NASL
    description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0775, CVE-2013-0780, CVE-2013-0782, CVE-2013-0783) It was found that, after canceling a proxy server's authentication prompt, the address bar continued to show the requested site's address. An attacker could use this flaw to conduct phishing attacks by tricking a user into believing they are viewing trusted content. (CVE-2013-0776) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Abhishek Arya, Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, Wayne Mery, and Michal Zalewski as the original reporters of these issues. Note: All issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Important: This erratum upgrades Thunderbird to version 17.0.3 ESR. Thunderbird 17 is not completely backwards-compatible with all Mozilla add-ons and Thunderbird plug-ins that worked with Thunderbird 10.0. Thunderbird 17 checks compatibility on first-launch, and, depending on the individual configuration and the installed add-ons and plug-ins, may disable said Add-ons and plug-ins, or attempt to check for updates and upgrade them. Add-ons and plug-ins may have to be manually updated. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 17.0.3 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 64729
    published 2013-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64729
    title CentOS 5 / 6 : thunderbird (CESA-2013:0272)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0271.NASL
    description From Red Hat Security Advisory 2013:0271 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0775, CVE-2013-0780, CVE-2013-0782, CVE-2013-0783) It was found that, after canceling a proxy server's authentication prompt, the address bar continued to show the requested site's address. An attacker could use this flaw to conduct phishing attacks by tricking a user into believing they are viewing a trusted site. (CVE-2013-0776) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Abhishek Arya, Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, Wayne Mery, and Michal Zalewski as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 17.0.3 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Note that due to a Kerberos credentials change, the following configuration steps may be required when using Firefox 17.0.3 ESR with the Enterprise Identity Management (IPA) web interface : https://access.redhat.com/knowledge/solutions/294303 Important: Firefox 17 is not completely backwards-compatible with all Mozilla add-ons and Firefox plug-ins that worked with Firefox 10.0. Firefox 17 checks compatibility on first-launch, and, depending on the individual configuration and the installed add-ons and plug-ins, may disable said Add-ons and plug-ins, or attempt to check for updates and upgrade them. Add-ons and plug-ins may have to be manually updated. All Firefox users should upgrade to these updated packages, which contain Firefox version 17.0.3 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68732
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68732
    title Oracle Linux 5 / 6 : firefox (ELSA-2013-0271)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130219_FIREFOX_ON_SL5_X.NASL
    description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0775, CVE-2013-0780, CVE-2013-0782, CVE-2013-0783) It was found that, after canceling a proxy server's authentication prompt, the address bar continued to show the requested site's address. An attacker could use this flaw to conduct phishing attacks by tricking a user into believing they are viewing a trusted site. (CVE-2013-0776) Note that due to a Kerberos credentials change, the following configuration steps may be required when using Firefox 17.0.3 ESR with the Enterprise Identity Management (IPA) web interface : Important: Firefox 17 is not completely backwards-compatible with all Mozilla add-ons and Firefox plug-ins that worked with Firefox 10.0. Firefox 17 checks compatibility on first-launch, and, depending on the individual configuration and the installed add-ons and plug-ins, may disable said Add-ons and plug-ins, or attempt to check for updates and upgrade them. Add-ons and plug-ins may have to be manually updated. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 64777
    published 2013-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64777
    title Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_190.NASL
    description The installed version of Firefox is earlier than 19.0 and thus, is potentially affected by the following security issues : - Numerous memory safety errors exist. (CVE-2013-0783, CVE-2013-0784) - An out-of-bounds read error exists related to the handling of GIF images. (CVE-2013-0772) - An error exists related to 'WebIDL' object wrapping that has an unspecified impact. (CVE-2013-0765) - An error exists related to Chrome Object Wrappers (COW) or System Only Wrappers (SOW) that could allow security bypass. (CVE-2013-0773) - The file system location of the active browser profile could be disclosed and used in further attacks. (CVE-2013-0774) - A use-after-free error exists in the function 'nsImageLoadingContent'. (CVE-2013-0775) - Spoofing HTTPS URLs is possible due to an error related to proxy '407' responses and embedded script code. (CVE-2013-0776) - A heap-based use-after-free error exists in the function 'nsDisplayBoxShadowOuter::Paint'. (CVE-2013-0777) - An out-of-bounds read error exists in the function 'ClusterIterator::NextCluster'. (CVE-2013-0778) - An out-of-bounds read error exists in the function 'nsCodingStateMachine::NextState'. (CVE-2013-0779) - A heap-based use-after-free error exists in the function 'nsOverflowContinuationTracker::Finish'. (CVE-2013-0780) - A heap-based use-after-free error exists in the function 'nsPrintEngine::CommonPrint'. (CVE-2013-0781) - A heap-based buffer overflow error exists in the function 'nsSaveAsCharset::DoCharsetConversion'. (CVE-2013-0782)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 64723
    published 2013-02-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64723
    title Firefox < 19.0 Multiple Vulnerabilities
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_1703.NASL
    description The installed version of Thunderbird is earlier than 17.0.3 and thus, is potentially affected by the following security issues : - Numerous memory safety errors exist. (CVE-2013-0783, CVE-2013-0784) - An out-of-bounds read error exists related to the handling of GIF images. (CVE-2013-0772) - An error exists related to 'WebIDL' object wrapping that has an unspecified impact. (CVE-2013-0765) - An error exists related to Chrome Object Wrappers (COW) or System Only Wrappers (SOW) that could allow security bypass. (CVE-2013-0773) - The file system location of the active browser profile could be disclosed and used in further attacks. (CVE-2013-0774) - A use-after-free error exists in the function 'nsImageLoadingContent'. (CVE-2013-0775) - Spoofing HTTPS URLs is possible due to an error related to proxy '407' responses and embedded script code. (CVE-2013-0776) - A heap-based use-after-free error exists in the function 'nsDisplayBoxShadowOuter::Paint'. (CVE-2013-0777) - An out-of-bounds read error exists in the function 'ClusterIterator::NextCluster'. (CVE-2013-0778) - An out-of-bounds read error exists in the function 'nsCodingStateMachine::NextState'. (CVE-2013-0779) - A heap-based use-after-free error exists in the function 'nsOverflowContinuationTracker::Finish'. (CVE-2013-0780) - A heap-based use-after-free error exists in the function 'nsPrintEngine::CommonPrint'. (CVE-2013-0781) - A heap-based buffer overflow error exists in the function 'nsSaveAsCharset::DoCharsetConversion'. (CVE-2013-0782)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 64724
    published 2013-02-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64724
    title Mozilla Thunderbird < 17.0.3 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0271.NASL
    description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0775, CVE-2013-0780, CVE-2013-0782, CVE-2013-0783) It was found that, after canceling a proxy server's authentication prompt, the address bar continued to show the requested site's address. An attacker could use this flaw to conduct phishing attacks by tricking a user into believing they are viewing a trusted site. (CVE-2013-0776) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Abhishek Arya, Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, Wayne Mery, and Michal Zalewski as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 17.0.3 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Note that due to a Kerberos credentials change, the following configuration steps may be required when using Firefox 17.0.3 ESR with the Enterprise Identity Management (IPA) web interface : https://access.redhat.com/knowledge/solutions/294303 Important: Firefox 17 is not completely backwards-compatible with all Mozilla add-ons and Firefox plug-ins that worked with Firefox 10.0. Firefox 17 checks compatibility on first-launch, and, depending on the individual configuration and the installed add-ons and plug-ins, may disable said Add-ons and plug-ins, or attempt to check for updates and upgrade them. Add-ons and plug-ins may have to be manually updated. All Firefox users should upgrade to these updated packages, which contain Firefox version 17.0.3 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 64696
    published 2013-02-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64696
    title RHEL 5 / 6 : firefox (RHSA-2013:0271)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0271.NASL
    description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0775, CVE-2013-0780, CVE-2013-0782, CVE-2013-0783) It was found that, after canceling a proxy server's authentication prompt, the address bar continued to show the requested site's address. An attacker could use this flaw to conduct phishing attacks by tricking a user into believing they are viewing a trusted site. (CVE-2013-0776) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Abhishek Arya, Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, Wayne Mery, and Michal Zalewski as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 17.0.3 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Note that due to a Kerberos credentials change, the following configuration steps may be required when using Firefox 17.0.3 ESR with the Enterprise Identity Management (IPA) web interface : https://access.redhat.com/knowledge/solutions/294303 Important: Firefox 17 is not completely backwards-compatible with all Mozilla add-ons and Firefox plug-ins that worked with Firefox 10.0. Firefox 17 checks compatibility on first-launch, and, depending on the individual configuration and the installed add-ons and plug-ins, may disable said Add-ons and plug-ins, or attempt to check for updates and upgrade them. Add-ons and plug-ins may have to be manually updated. All Firefox users should upgrade to these updated packages, which contain Firefox version 17.0.3 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 64692
    published 2013-02-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64692
    title CentOS 5 / 6 : devhelp / firefox / libproxy / xulrunner / yelp (CESA-2013:0271)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_1703_ESR.NASL
    description The installed version of Firefox ESR 17.x is potentially affected by the following security issues : - Numerous memory safety errors exist. (CVE-2013-0783) - An error exists related to Chrome Object Wrappers (COW) or System Only Wrappers (SOW) that could allow security bypass. (CVE-2013-0773) - The file system location of the active browser profile could be disclosed and used in further attacks. (CVE-2013-0774) - A use-after-free error exists in the function 'nsImageLoadingContent'. (CVE-2013-0775) - Spoofing HTTPS URLs is possible due to an error related to proxy '407' responses and embedded script code. (CVE-2013-0776) - A heap-based use-after-free error exists in the function 'nsOverflowContinuationTracker::Finish'. (CVE-2013-0780) - A heap-based buffer overflow error exists in the function 'nsSaveAsCharset::DoCharsetConversion'. (CVE-2013-0782)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 64722
    published 2013-02-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64722
    title Firefox ESR 17.x < 17.0.3 Multiple Vulnerabilities
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_1703_ESR.NASL
    description The installed version of Thunderbird ESR 17.x is potentially affected by the following security issues : - Numerous memory safety errors exist. (CVE-2013-0783) - An error exists related to Chrome Object Wrappers (COW) or System Only Wrappers (SOW) that could allow security bypass. (CVE-2013-0773) - The file system location of the active browser profile could be disclosed and used in further attacks. (CVE-2013-0774) - A use-after-free error exists in the function 'nsImageLoadingContent'. (CVE-2013-0775) - Spoofing HTTPS URLs is possible due to an error related to proxy '407' responses and embedded script code. (CVE-2013-0776) - A heap-based use-after-free error exists in the function 'nsOverflowContinuationTracker::Finish'. (CVE-2013-0780) - A heap-based buffer overflow error exists in the function 'nsSaveAsCharset::DoCharsetConversion'. (CVE-2013-0782)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 64725
    published 2013-02-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64725
    title Mozilla Thunderbird ESR 17.x < 17.0.3 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_THUNDERBIRD_17_0_3_ESR.NASL
    description The installed version of Thunderbird ESR 17.x is earlier than 17.0.3 and thus, is potentially affected by the following security issues : - Numerous memory safety errors exist. (CVE-2013-0783) - An error exists related to Chrome Object Wrappers (COW) or System Only Wrappers (SOW) that could allow security bypass. (CVE-2013-0773) - The file system location of the active browser profile could be disclosed and used in further attacks. (CVE-2013-0774) - A use-after-free error exists in the function 'nsImageLoadingContent'. (CVE-2013-0775) - Spoofing HTTPS URLs is possible due to an error related to proxy '407' responses and embedded script code. (CVE-2013-0776) - A heap-based use-after-free error exists in the function 'nsOverflowContinuationTracker::Finish'. (CVE-2013-0780) - A heap-based buffer overflow error exists in the function 'nsSaveAsCharset::DoCharsetConversion'. (CVE-2013-0782)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 64721
    published 2013-02-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64721
    title Thunderbird ESR 17.x < 17.0.3 Multiple Vulnerabilities (Mac OS X)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FIREFOX-201303-8506.NASL
    description MozillaFirefox has been updated to the 17.0.4ESR release. Besides the major version update from the 10ESR stable release line to the 17ESR stable release line, this update brings critical security and bugfixes : - VUPEN Security, via TippingPoint's Zero Day Initiative, reported a use-after-free within the HTML editor when content script is run by the document.execCommand() function while internal editor operations are occurring. This could allow for arbitrary code execution. (MFSA 2013-29 / CVE-2013-0787) The Firefox 17.0.3ESR release also contains lots of security fixes : - Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and buffer overflow problems rated as low to critical security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting four additional use-after-free and out of bounds write flaws introduced during Firefox development that were fixed before general release. (MFSA 2013-28) The following issues have been fixed in Firefox 19 and ESR 17.0.3 : - Heap-use-after-free in nsOverflowContinuationTracker::Finish, with -moz-columns. (CVE-2013-0780) - Heap-buffer-overflow WRITE in nsSaveAsCharset::DoCharsetConversion. (CVE-2013-0782) - Google security researcher Michal Zalewski reported an issue where the browser displayed the content of a proxy's 407 response if a user canceled the proxy's authentication prompt. In this circumstance, the addressbar will continue to show the requested site's address, including HTTPS addresses that appear to be secure. This spoofing of addresses can be used for phishing attacks by fooling users into entering credentials, for example. (MFSA 2013-27 / CVE-2013-0776) - Security researcher Nils reported a use-after-free in nsImageLoadingContent when content script is executed. This could allow for arbitrary code execution. (MFSA 2013-26 / CVE-2013-0775) - Mozilla security researcher Frederik Braun discovered that since Firefox 15 the file system location of the active browser profile was available to JavaScript workers. While not dangerous by itself, this could potentially be combined with other vulnerabilities to target the profile in an attack. (MFSA 2013-25 / CVE-2013-0774) - Mozilla developer Bobby Holley discovered that it was possible to bypass some protections in Chrome Object Wrappers (COW) and System Only Wrappers (SOW), making their prototypes mutable by web content. This could be used leak information from chrome objects and possibly allow for arbitrary code execution. (MFSA 2013-24 / CVE-2013-0773) - Mozilla developer Boris Zbarsky reported that in some circumstances a wrapped WebIDL object can be wrapped multiple times, overwriting the existing wrapped state. This could lead to an exploitable condition in rare cases. (MFSA 2013-23 / CVE-2013-0765) - Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found an out-of-bounds read while rendering GIF format images. This could cause a non-exploitable crash and could also attempt to render normally inaccesible data as part of the image. (MFSA 2013-22 / CVE-2013-0772) - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2013-21) Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, and Wayne Mery reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 18. - Memory safety bugs fixed in Firefox ESR 17.0.3, and Firefox 19. (CVE-2013-0783)
    last seen 2019-02-21
    modified 2013-04-09
    plugin id 65598
    published 2013-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65598
    title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8506)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-141.NASL
    description MozillaFirefox was updated to Firefox 19.0 (bnc#804248) MozillaThunderbird was updated to Thunderbird 17.0.3 (bnc#804248) seamonkey was updated to SeaMonkey 2.16 (bnc#804248) xulrunner was updated to 17.0.3esr (bnc#804248) chmsee was updated to version 2.0. Changes in MozillaFirefox 19.0 : - MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous memory safety hazards - MFSA 2013-22/CVE-2013-0772 (bmo#801366) Out-of-bounds read in image rendering - MFSA 2013-23/CVE-2013-0765 (bmo#830614) Wrapped WebIDL objects can be wrapped again - MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers - MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers - MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent - MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy - MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/ CVE-2013-0778/CVE-2013-0779/CVE-2013-0781 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer - removed obsolete patches - mozilla-webrtc.patch - mozilla-gstreamer-803287.patch - added patch to fix session restore window order (bmo#712763) - update to Firefox 18.0.2 - blocklist and CTP updates - fixes in JS engine - update to Firefox 18.0.1 - blocklist updates - backed out bmo#677092 (removed patch) - fixed problems involving HTTP proxy transactions - Fix WebRTC to build on powerpc Changes in MozillaThunderbird : - update to Thunderbird 17.0.3 (bnc#804248) - MFSA 2013-21/CVE-2013-0783 Miscellaneous memory safety hazards - MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers - MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers - MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent - MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy - MFSA 2013-28/CVE-2013-0780/CVE-2013-0782 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer - update Enigmail to 1.5.1 - The release fixes the regressions found in the past few weeks Changes in seamonkey : - update to SeaMonkey 2.16 (bnc#804248) - MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous memory safety hazards - MFSA 2013-22/CVE-2013-0772 (bmo#801366) Out-of-bounds read in image rendering - MFSA 2013-23/CVE-2013-0765 (bmo#830614) Wrapped WebIDL objects can be wrapped again - MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers - MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers - MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent - MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy - MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/ CVE-2013-0778/CVE-2013-0779/CVE-2013-0781 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer - removed obsolete patches - mozilla-webrtc.patch - mozilla-gstreamer-803287.patch - update to SeaMonkey 2.15.2 - Applications could not be removed from the 'Application details' dialog under Preferences, Helper Applications (bmo#826771). - View / Message Body As could show menu items out of context (bmo#831348) - update to SeaMonkey 2.15.1 - backed out bmo#677092 (removed patch) - fixed problems involving HTTP proxy transactions - backed out restartless language packs as it broke multi-locale setup (bmo#677092, bmo#818468) Changes in xulrunner : - update to 17.0.3esr (bnc#804248) - MFSA 2013-21/CVE-2013-0783 Miscellaneous memory safety hazards - MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers - MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers - MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent - MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy - MFSA 2013-28/CVE-2013-0780/CVE-2013-0782 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74898
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74898
    title openSUSE Security Update : Mozilla (openSUSE-SU-2013:0323-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0272.NASL
    description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0775, CVE-2013-0780, CVE-2013-0782, CVE-2013-0783) It was found that, after canceling a proxy server's authentication prompt, the address bar continued to show the requested site's address. An attacker could use this flaw to conduct phishing attacks by tricking a user into believing they are viewing trusted content. (CVE-2013-0776) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Abhishek Arya, Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, Wayne Mery, and Michal Zalewski as the original reporters of these issues. Note: All issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Important: This erratum upgrades Thunderbird to version 17.0.3 ESR. Thunderbird 17 is not completely backwards-compatible with all Mozilla add-ons and Thunderbird plug-ins that worked with Thunderbird 10.0. Thunderbird 17 checks compatibility on first-launch, and, depending on the individual configuration and the installed add-ons and plug-ins, may disable said Add-ons and plug-ins, or attempt to check for updates and upgrade them. Add-ons and plug-ins may have to be manually updated. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 17.0.3 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 64697
    published 2013-02-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64697
    title RHEL 5 / 6 : thunderbird (RHSA-2013:0272)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1729-2.NASL
    description USN-1729-1 fixed vulnerabilities in Firefox. This update introduced a regression which sometimes resulted in freezes and crashes when using multiple tabs with images displayed. This update fixes the problem. We apologize for the inconvenience. Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, Wayne Mery, Alon Zakai, Christian Holler, Gary Kwong, Luke Wagner, Terrence Cole, Timothy Nikkel, Bill McCloskey, and Nicolas Pierron discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash. (CVE-2013-0783, CVE-2013-0784) Atte Kettunen discovered that Firefox could perform an out-of-bounds read while rendering GIF format images. An attacker could exploit this to crash Firefox. (CVE-2013-0772) Boris Zbarsky discovered that Firefox did not properly handle some wrapped WebIDL objects. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0765) Bobby Holley discovered vulnerabilities in Chrome Object Wrappers (COW) and System Only Wrappers (SOW). If a user were tricked into opening a specially crafted page, a remote attacker could exploit this to bypass security protections to obtain sensitive information or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0773) Frederik Braun discovered that Firefox made the location of the active browser profile available to JavaScript workers. (CVE-2013-0774) A use-after-free vulnerability was discovered in Firefox. An attacker could potentially exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2013-0775) Michal Zalewski discovered that Firefox would not always show the correct address when cancelling a proxy authentication prompt. A remote attacker could exploit this to conduct URL spoofing and phishing attacks. (CVE-2013-0776) Abhishek Arya discovered several problems related to memory handling. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 64967
    published 2013-03-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64967
    title Ubuntu 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1729-2)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1729-1.NASL
    description Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, Wayne Mery, Alon Zakai, Christian Holler, Gary Kwong, Luke Wagner, Terrence Cole, Timothy Nikkel, Bill McCloskey, and Nicolas Pierron discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash. (CVE-2013-0783, CVE-2013-0784) Atte Kettunen discovered that Firefox could perform an out-of-bounds read while rendering GIF format images. An attacker could exploit this to crash Firefox. (CVE-2013-0772) Boris Zbarsky discovered that Firefox did not properly handle some wrapped WebIDL objects. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0765) Bobby Holley discovered vulnerabilities in Chrome Object Wrappers (COW) and System Only Wrappers (SOW). If a user were tricked into opening a specially crafted page, a remote attacker could exploit this to bypass security protections to obtain sensitive information or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0773) Frederik Braun that Firefox made the location of the active browser profile available to JavaScript workers. (CVE-2013-0774) A use-after-free vulnerability was discovered in Firefox. An attacker could potentially exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2013-0775) Michal Zalewski discovered that Firefox would not always show the correct address when cancelling a proxy authentication prompt. A remote attacker could exploit this to conduct URL spoofing and phishing attacks. (CVE-2013-0776) Abhishek Arya discovered several problems related to memory handling. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 64698
    published 2013-02-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64698
    title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1729-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0272.NASL
    description From Red Hat Security Advisory 2013:0272 : An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0775, CVE-2013-0780, CVE-2013-0782, CVE-2013-0783) It was found that, after canceling a proxy server's authentication prompt, the address bar continued to show the requested site's address. An attacker could use this flaw to conduct phishing attacks by tricking a user into believing they are viewing trusted content. (CVE-2013-0776) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Abhishek Arya, Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, Wayne Mery, and Michal Zalewski as the original reporters of these issues. Note: All issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Important: This erratum upgrades Thunderbird to version 17.0.3 ESR. Thunderbird 17 is not completely backwards-compatible with all Mozilla add-ons and Thunderbird plug-ins that worked with Thunderbird 10.0. Thunderbird 17 checks compatibility on first-launch, and, depending on the individual configuration and the installed add-ons and plug-ins, may disable said Add-ons and plug-ins, or attempt to check for updates and upgrade them. Add-ons and plug-ins may have to be manually updated. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 17.0.3 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68733
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68733
    title Oracle Linux 6 : thunderbird (ELSA-2013-0272)
  • NASL family Windows
    NASL id SEAMONKEY_216.NASL
    description The installed version of SeaMonkey is earlier than 2.16 and thus, is potentially affected by the following security issues : - Numerous memory safety errors exist. (CVE-2013-0783, CVE-2013-0784) - An out-of-bounds read error exists related to the handling of GIF images. (CVE-2013-0772) - An error exists related to 'WebIDL' object wrapping that has an unspecified impact. (CVE-2013-0765) - An error exists related to Chrome Object Wrappers (COW) or System Only Wrappers (SOW) that could allow security bypass. (CVE-2013-0773) - The file system location of the active browser profile could be disclosed and used in further attacks. (CVE-2013-0774) - A use-after-free error exists in the function 'nsImageLoadingContent'. (CVE-2013-0775) - Spoofing HTTPS URLs is possible due to an error related to proxy '407' responses and embedded script code. (CVE-2013-0776) - A heap-based use-after-free error exists in the function 'nsDisplayBoxShadowOuter::Paint'. (CVE-2013-0777) - An out-of-bounds read error exists in the function 'ClusterIterator::NextCluster'. (CVE-2013-0778) - An out-of-bounds read error exists in the function 'nsCodingStateMachine::NextState'. (CVE-2013-0779) - A heap-based use-after-free error exists in the function 'nsOverflowContinuationTracker::Finish'. (CVE-2013-0780) - A heap-based use-after-free error exists in the function 'nsPrintEngine::CommonPrint'. (CVE-2013-0781) - A heap-based buffer overflow error exists in the function 'nsSaveAsCharset::DoCharsetConversion'. (CVE-2013-0782)
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 64726
    published 2013-02-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64726
    title SeaMonkey < 2.16 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_17_0_3_ESR.NASL
    description The installed version of Firefox ESR 17.x is potentially affected by the following security issues : - Numerous memory safety errors exist. (CVE-2013-0783) - An error exists related to Chrome Object Wrappers (COW) or System Only Wrappers (SOW) that could allow security bypass. (CVE-2013-0773) - The file system location of the active browser profile could be disclosed and used in further attacks. (CVE-2013-0774) - A use-after-free error exists in the function 'nsImageLoadingContent'. (CVE-2013-0775) - Spoofing HTTPS URLs is possible due to an error related to proxy '407' responses and embedded script code. (CVE-2013-0776) - A heap-based use-after-free error exists in the function 'nsOverflowContinuationTracker::Finish'. (CVE-2013-0780) - A heap-based buffer overflow error exists in the function 'nsSaveAsCharset::DoCharsetConversion'. (CVE-2013-0782)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 64718
    published 2013-02-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64718
    title Firefox ESR 17.x < 17.0.3 Multiple Vulnerabilities (Mac OS X)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_THUNDERBIRD_17_0_3.NASL
    description The installed version of Thunderbird is earlier than 17.0.3 and thus, is potentially affected by the following security issues : - Numerous memory safety errors exist. (CVE-2013-0783, CVE-2013-0784) - An out-of-bounds read error exists related to the handling of GIF images. (CVE-2013-0772) - An error exists related to 'WebIDL' object wrapping that has an unspecified impact. (CVE-2013-0765) - An error exists related to Chrome Object Wrappers (COW) or System Only Wrappers (SOW) that could allow security bypass. (CVE-2013-0773) - The file system location of the active browser profile could be disclosed and used in further attacks. (CVE-2013-0774) - A use-after-free error exists in the function 'nsImageLoadingContent'. (CVE-2013-0775) - Spoofing HTTPS URLs is possible due to an error related to proxy '407' responses and embedded script code. (CVE-2013-0776) - A heap-based use-after-free error exists in the function 'nsDisplayBoxShadowOuter::Paint'. (CVE-2013-0777) - An out-of-bounds read error exists in the function 'ClusterIterator::NextCluster'. (CVE-2013-0778) - An out-of-bounds read error exists in the function 'nsCodingStateMachine::NextState'. (CVE-2013-0779) - A heap-based use-after-free error exists in the function 'nsOverflowContinuationTracker::Finish'. (CVE-2013-0780) - A heap-based use-after-free error exists in the function 'nsPrintEngine::CommonPrint'. (CVE-2013-0781) - A heap-based buffer overflow error exists in the function 'nsSaveAsCharset::DoCharsetConversion'. (CVE-2013-0782)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 64720
    published 2013-02-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64720
    title Thunderbird < 17.0.3 Multiple Vulnerabilities (Mac OS X)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_FIREFOX-201303-130305.NASL
    description Mozilla Firefox has been updated to the 17.0.3ESR release. Important: due to compatibility issues, the Beagle plug-in for MozillaFirefox is temporarily disabled by this update. Besides the major version update from the 10ESR stable release line to the 17ESR stable release line, this update brings critical security and bugfixes : - Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and buffer overflow problems rated as low to critical security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting four additional use-after-free and out of bounds write flaws introduced during Firefox development that were fixed before general release. (MFSA 2013-28) - The following issues have been fixed in Firefox 19 and ESR 17.0.3 : - Heap-use-after-free in nsOverflowContinuationTracker::Finish, with -moz-columns. (CVE-2013-0780) - Heap-buffer-overflow WRITE in nsSaveAsCharset::DoCharsetConversion. (CVE-2013-0782) - Google security researcher Michal Zalewski reported an issue where the browser displayed the content of a proxy's 407 response if a user canceled the proxy's authentication prompt. In this circumstance, the addressbar will continue to show the requested site's address, including HTTPS addresses that appear to be secure. This spoofing of addresses can be used for phishing attacks by fooling users into entering credentials, for example. (MFSA 2013-27 / CVE-2013-0776) - Security researcher Nils reported a use-after-free in nsImageLoadingContent when content script is executed. This could allow for arbitrary code execution. (MFSA 2013-26 / CVE-2013-0775) - Mozilla security researcher Frederik Braun discovered that since Firefox 15 the file system location of the active browser profile was available to JavaScript workers. While not dangerous by itself, this could potentially be combined with other vulnerabilities to target the profile in an attack. (MFSA 2013-25 / CVE-2013-0774) - Mozilla developer Bobby Holley discovered that it was possible to bypass some protections in Chrome Object Wrappers (COW) and System Only Wrappers (SOW), making their prototypes mutable by web content. This could be used leak information from chrome objects and possibly allow for arbitrary code execution. (MFSA 2013-24 / CVE-2013-0773) - Mozilla developer Boris Zbarsky reported that in some circumstances a wrapped WebIDL object can be wrapped multiple times, overwriting the existing wrapped state. This could lead to an exploitable condition in rare cases. (MFSA 2013-23 / CVE-2013-0765) - Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found an out-of-bounds read while rendering GIF format images. This could cause a non-exploitable crash and could also attempt to render normally inaccesible data as part of the image. (MFSA 2013-22 / CVE-2013-0772) - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2013-21) Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, and Wayne Mery reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 18. - Memory safety bugs fixed in Firefox ESR 17.0.3, and Firefox 19. (CVE-2013-0783)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 65175
    published 2013-03-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65175
    title SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7447)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130219_THUNDERBIRD_ON_SL5_X.NASL
    description Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0775, CVE-2013-0780, CVE-2013-0782, CVE-2013-0783) It was found that, after canceling a proxy server's authentication prompt, the address bar continued to show the requested site's address. An attacker could use this flaw to conduct phishing attacks by tricking a user into believing they are viewing trusted content. (CVE-2013-0776) Note: All issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Important: This erratum upgrades Thunderbird to version 17.0.3 ESR. Thunderbird 17 is not completely backwards-compatible with all Mozilla add-ons and Thunderbird plug-ins that worked with Thunderbird 10.0. Thunderbird 17 checks compatibility on first-launch, and, depending on the individual configuration and the installed add-ons and plug-ins, may disable said Add-ons and plug-ins, or attempt to check for updates and upgrade them. Add-ons and plug-ins may have to be manually updated. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 64779
    published 2013-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64779
    title Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_19_0.NASL
    description The installed version of Firefox 18.x is potentially affected by the following security issues : - Numerous memory safety errors exist. (CVE-2013-0783, CVE-2013-0784) - An out-of-bounds read error exists related to the handling of GIF images. (CVE-2013-0772) - An error exists related to 'WebIDL' object wrapping that has an unspecified impact. (CVE-2013-0765) - An error exists related to Chrome Object Wrappers (COW) or System Only Wrappers (SOW) that could allow security bypass. (CVE-2013-0773) - The file system location of the active browser profile could be disclosed and used in further attacks. (CVE-2013-0774) - A use-after-free error exists in the function 'nsImageLoadingContent'. (CVE-2013-0775) - Spoofing HTTPS URLs is possible due to an error related to proxy '407' responses and embedded script code. (CVE-2013-0776) - A heap-based use-after-free error exists in the function 'nsDisplayBoxShadowOuter::Paint'. (CVE-2013-0777) - An out-of-bounds read error exists in the function 'ClusterIterator::NextCluster'. (CVE-2013-0778) - An out-of-bounds read error exists in the function 'nsCodingStateMachine::NextState'. (CVE-2013-0779) - A heap-based use-after-free error exists in the function 'nsOverflowContinuationTracker::Finish'. (CVE-2013-0780) - A heap-based use-after-free error exists in the function 'nsPrintEngine::CommonPrint'. (CVE-2013-0781) - A heap-based buffer overflow error exists in the function 'nsSaveAsCharset::DoCharsetConversion'. (CVE-2013-0782)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 64719
    published 2013-02-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64719
    title Firefox 18.x Multiple Vulnerabilities (Mac OS X)
oval via4
accepted 2014-10-06T04:01:53.690-04:00
class vulnerability
contributors
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Richard Helbing
    organization baramundi software
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
definition_extensions
  • comment Mozilla Seamonkey is installed
    oval oval:org.mitre.oval:def:6372
  • comment Mozilla Thunderbird Mainline release is installed
    oval oval:org.mitre.oval:def:22093
  • comment Mozilla Firefox Mainline release is installed
    oval oval:org.mitre.oval:def:22259
  • comment Mozilla Firefox ESR is installed
    oval oval:org.mitre.oval:def:22414
  • comment Mozilla Thunderbird ESR is installed
    oval oval:org.mitre.oval:def:22216
description Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties.
family windows
id oval:org.mitre.oval:def:16383
status accepted
submitted 2013-05-13T10:26:26.748+04:00
title Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties.
version 36
redhat via4
advisories
  • rhsa
    id RHSA-2013:0271
  • rhsa
    id RHSA-2013:0272
rpms
  • yelp-0:2.28.1-17.el6_3
  • libproxy-0:0.3.0-4.el6_3
  • libproxy-bin-0:0.3.0-4.el6_3
  • libproxy-devel-0:0.3.0-4.el6_3
  • libproxy-gnome-0:0.3.0-4.el6_3
  • libproxy-kde-0:0.3.0-4.el6_3
  • libproxy-mozjs-0:0.3.0-4.el6_3
  • libproxy-python-0:0.3.0-4.el6_3
  • libproxy-webkit-0:0.3.0-4.el6_3
  • xulrunner-0:17.0.3-1.el6_3
  • xulrunner-devel-0:17.0.3-1.el6_3
  • firefox-0:17.0.3-1.el6_3
  • yelp-0:2.16.0-30.el5_9
  • devhelp-0:0.12-23.el5_9
  • devhelp-devel-0:0.12-23.el5_9
  • xulrunner-0:17.0.3-1.el5_9
  • xulrunner-devel-0:17.0.3-1.el5_9
  • firefox-0:17.0.3-1.el5_9
  • thunderbird-0:17.0.3-1.el6_3
  • thunderbird-0:17.0.3-1.el5_9
refmap via4
confirm
debian DSA-2699
suse
  • openSUSE-SU-2013:0323
  • openSUSE-SU-2013:0324
ubuntu
  • USN-1729-1
  • USN-1729-2
  • USN-1748-1
Last major update 02-11-2013 - 23:30
Published 19-02-2013 - 18:55
Last modified 18-09-2017 - 21:35
Back to Top