ID CVE-2017-5376
Summary Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
References
Vulnerable Configurations
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • Red Hat Enterprise Linux 5.0
    cpe:2.3:o:redhat:enterprise_linux:5.0
  • cpe:2.3:o:redhat:enterprise_linux:6.0
    cpe:2.3:o:redhat:enterprise_linux:6.0
  • Red Hat Enterprise Linux (RHEL) 7.0 (7)
    cpe:2.3:o:redhat:enterprise_linux:7.0
  • Red Hat Desktop 5.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:5.0
  • Red Hat Enterprise Linux Desktop 6.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • cpe:2.3:o:redhat:enterprise_linux_server:5.0
    cpe:2.3:o:redhat:enterprise_linux_server:5.0
  • Red Hat Enterprise Linux Server 6.0
    cpe:2.3:o:redhat:enterprise_linux_server:6.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • Red Hat Enterprise Linux Advanced mission critical Update Support (AUS) 7.3
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3
  • Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 7.4
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.3
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.4
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.5
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5
  • cpe:2.3:o:redhat:enterprise_linux_workstation:5.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:5.0
  • Red Hat Enterprise Linux Workstation 6.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • Mozilla Thunderbird
    cpe:2.3:a:mozilla:thunderbird
  • Mozilla Thunderbird 0.1
    cpe:2.3:a:mozilla:thunderbird:0.1
  • Mozilla Thunderbird 0.2
    cpe:2.3:a:mozilla:thunderbird:0.2
  • Mozilla Thunderbird 0.3
    cpe:2.3:a:mozilla:thunderbird:0.3
  • Mozilla Thunderbird 0.4
    cpe:2.3:a:mozilla:thunderbird:0.4
  • Mozilla Thunderbird 0.5
    cpe:2.3:a:mozilla:thunderbird:0.5
  • Mozilla Thunderbird 0.6
    cpe:2.3:a:mozilla:thunderbird:0.6
  • Mozilla Thunderbird 0.7
    cpe:2.3:a:mozilla:thunderbird:0.7
  • Mozilla Thunderbird 0.7.1
    cpe:2.3:a:mozilla:thunderbird:0.7.1
  • Mozilla Thunderbird 0.7.2
    cpe:2.3:a:mozilla:thunderbird:0.7.2
  • Mozilla Thunderbird 0.7.3
    cpe:2.3:a:mozilla:thunderbird:0.7.3
  • Mozilla Thunderbird 0.8
    cpe:2.3:a:mozilla:thunderbird:0.8
  • Mozilla Thunderbird 0.9
    cpe:2.3:a:mozilla:thunderbird:0.9
  • Mozilla Thunderbird 1.0
    cpe:2.3:a:mozilla:thunderbird:1.0
  • Mozilla Thunderbird 1.0.1
    cpe:2.3:a:mozilla:thunderbird:1.0.1
  • Mozilla Thunderbird 1.0.2
    cpe:2.3:a:mozilla:thunderbird:1.0.2
  • Mozilla Thunderbird 1.0.3
    cpe:2.3:a:mozilla:thunderbird:1.0.3
  • Mozilla Thunderbird 1.0.4
    cpe:2.3:a:mozilla:thunderbird:1.0.4
  • Mozilla Thunderbird 1.0.5
    cpe:2.3:a:mozilla:thunderbird:1.0.5
  • Mozilla Thunderbird 1.0.5 Beta
    cpe:2.3:a:mozilla:thunderbird:1.0.5:beta
  • Mozilla Thunderbird 1.0.6
    cpe:2.3:a:mozilla:thunderbird:1.0.6
  • Mozilla Thunderbird 1.0.7
    cpe:2.3:a:mozilla:thunderbird:1.0.7
  • Mozilla Thunderbird 1.0.8
    cpe:2.3:a:mozilla:thunderbird:1.0.8
  • Mozilla Thunderbird 1.5
    cpe:2.3:a:mozilla:thunderbird:1.5
  • Mozilla Thunderbird 1.5 Beta 2
    cpe:2.3:a:mozilla:thunderbird:1.5:beta2
  • Mozilla Thunderbird 1.5.0.1
    cpe:2.3:a:mozilla:thunderbird:1.5.0.1
  • Mozilla Thunderbird 1.5.0.2
    cpe:2.3:a:mozilla:thunderbird:1.5.0.2
  • Mozilla Thunderbird 1.5.0.3
    cpe:2.3:a:mozilla:thunderbird:1.5.0.3
  • Mozilla Thunderbird 1.5.0.4
    cpe:2.3:a:mozilla:thunderbird:1.5.0.4
  • Mozilla Thunderbird 1.5.0.5
    cpe:2.3:a:mozilla:thunderbird:1.5.0.5
  • Mozilla Thunderbird 1.5.0.6
    cpe:2.3:a:mozilla:thunderbird:1.5.0.6
  • Mozilla Thunderbird 1.5.0.7
    cpe:2.3:a:mozilla:thunderbird:1.5.0.7
  • Mozilla Thunderbird 1.5.0.8
    cpe:2.3:a:mozilla:thunderbird:1.5.0.8
  • Mozilla Thunderbird 1.5.0.9
    cpe:2.3:a:mozilla:thunderbird:1.5.0.9
  • Mozilla Thunderbird 1.5.0.10
    cpe:2.3:a:mozilla:thunderbird:1.5.0.10
  • Mozilla Thunderbird 1.5.0.11
    cpe:2.3:a:mozilla:thunderbird:1.5.0.11
  • Mozilla Thunderbird 1.5.0.12
    cpe:2.3:a:mozilla:thunderbird:1.5.0.12
  • Mozilla Thunderbird 1.5.0.13
    cpe:2.3:a:mozilla:thunderbird:1.5.0.13
  • Mozilla Thunderbird 1.5.0.14
    cpe:2.3:a:mozilla:thunderbird:1.5.0.14
  • Mozilla Thunderbird 1.5.1
    cpe:2.3:a:mozilla:thunderbird:1.5.1
  • Mozilla Thunderbird 1.5.2
    cpe:2.3:a:mozilla:thunderbird:1.5.2
  • Mozilla Mozilla Mail 1.7.1
    cpe:2.3:a:mozilla:thunderbird:1.7.1
  • Mozilla Mozilla Mail 1.7.3
    cpe:2.3:a:mozilla:thunderbird:1.7.3
  • Mozilla Thunderbird 2.0
    cpe:2.3:a:mozilla:thunderbird:2.0
  • Mozilla Thunderbird 2.0.0.0
    cpe:2.3:a:mozilla:thunderbird:2.0.0.0
  • Mozilla Thunderbird 2.0.0.1
    cpe:2.3:a:mozilla:thunderbird:2.0.0.1
  • Mozilla Thunderbird 2.0.0.2
    cpe:2.3:a:mozilla:thunderbird:2.0.0.2
  • Mozilla Thunderbird 2.0.0.3
    cpe:2.3:a:mozilla:thunderbird:2.0.0.3
  • Mozilla Thunderbird 2.0.0.4
    cpe:2.3:a:mozilla:thunderbird:2.0.0.4
  • Mozilla Thunderbird 2.0.0.5
    cpe:2.3:a:mozilla:thunderbird:2.0.0.5
  • Mozilla Thunderbird 2.0.0.6
    cpe:2.3:a:mozilla:thunderbird:2.0.0.6
  • Mozilla Thunderbird 2.0.0.7
    cpe:2.3:a:mozilla:thunderbird:2.0.0.7
  • Mozilla Thunderbird 2.0.0.8
    cpe:2.3:a:mozilla:thunderbird:2.0.0.8
  • Mozilla Thunderbird 2.0.0.9
    cpe:2.3:a:mozilla:thunderbird:2.0.0.9
  • Mozilla Thunderbird 2.0.0.11
    cpe:2.3:a:mozilla:thunderbird:2.0.0.11
  • Mozilla Thunderbird 2.0.0.12
    cpe:2.3:a:mozilla:thunderbird:2.0.0.12
  • Mozilla Thunderbird 2.0.0.13
    cpe:2.3:a:mozilla:thunderbird:2.0.0.13
  • Mozilla Thunderbird 2.0.0.14
    cpe:2.3:a:mozilla:thunderbird:2.0.0.14
  • Mozilla Thunderbird 2.0.0.15
    cpe:2.3:a:mozilla:thunderbird:2.0.0.15
  • Mozilla Thunderbird 2.0.0.16
    cpe:2.3:a:mozilla:thunderbird:2.0.0.16
  • Mozilla Thunderbird 2.0.0.17
    cpe:2.3:a:mozilla:thunderbird:2.0.0.17
  • Mozilla Thunderbird 2.0.0.18
    cpe:2.3:a:mozilla:thunderbird:2.0.0.18
  • Mozilla Thunderbird 2.0.0.19
    cpe:2.3:a:mozilla:thunderbird:2.0.0.19
  • Mozilla Thunderbird 2.0.0.20
    cpe:2.3:a:mozilla:thunderbird:2.0.0.20
  • Mozilla Thunderbird 2.0.0.21
    cpe:2.3:a:mozilla:thunderbird:2.0.0.21
  • Mozilla Thunderbird 2.0.0.22
    cpe:2.3:a:mozilla:thunderbird:2.0.0.22
  • Mozilla Thunderbird 2.0.0.23
    cpe:2.3:a:mozilla:thunderbird:2.0.0.23
  • Mozilla Thunderbird 2.0.0.14
    cpe:2.3:a:mozilla:thunderbird:2.0.14
  • Mozilla Thunderbird 3.0
    cpe:2.3:a:mozilla:thunderbird:3.0
  • Mozilla Thunderbird 3.0.1
    cpe:2.3:a:mozilla:thunderbird:3.0.1
  • Mozilla Thunderbird 3.0.2
    cpe:2.3:a:mozilla:thunderbird:3.0.2
  • Mozilla Thunderbird 3.0.3
    cpe:2.3:a:mozilla:thunderbird:3.0.3
  • Mozilla Thunderbird 3.0.4
    cpe:2.3:a:mozilla:thunderbird:3.0.4
  • Mozilla Thunderbird 3.0.5
    cpe:2.3:a:mozilla:thunderbird:3.0.5
  • Mozilla Thunderbird 3.0.6
    cpe:2.3:a:mozilla:thunderbird:3.0.6
  • Mozilla Thunderbird 3.0.7
    cpe:2.3:a:mozilla:thunderbird:3.0.7
  • Mozilla Thunderbird 3.0.8
    cpe:2.3:a:mozilla:thunderbird:3.0.8
  • Mozilla Thunderbird 3.0.9
    cpe:2.3:a:mozilla:thunderbird:3.0.9
  • Mozilla Thunderbird 3.0.10
    cpe:2.3:a:mozilla:thunderbird:3.0.10
  • Mozilla Thunderbird 3.0.11
    cpe:2.3:a:mozilla:thunderbird:3.0.11
  • Mozilla Thunderbird 3.1
    cpe:2.3:a:mozilla:thunderbird:3.1
  • Mozilla Thunderbird 3.1.1
    cpe:2.3:a:mozilla:thunderbird:3.1.1
  • Mozilla Thunderbird 3.1.2
    cpe:2.3:a:mozilla:thunderbird:3.1.2
  • Mozilla Thunderbird 3.1.3
    cpe:2.3:a:mozilla:thunderbird:3.1.3
  • Mozilla Thunderbird 3.1.4
    cpe:2.3:a:mozilla:thunderbird:3.1.4
  • Mozilla Thunderbird 3.1.5
    cpe:2.3:a:mozilla:thunderbird:3.1.5
  • Mozilla Thunderbird 3.1.6
    cpe:2.3:a:mozilla:thunderbird:3.1.6
  • Mozilla Thunderbird 3.1.7
    cpe:2.3:a:mozilla:thunderbird:3.1.7
  • Mozilla Thunderbird 3.1.8
    cpe:2.3:a:mozilla:thunderbird:3.1.8
  • Mozilla Thunderbird 3.1.9
    cpe:2.3:a:mozilla:thunderbird:3.1.9
  • Mozilla Thunderbird 3.1.10
    cpe:2.3:a:mozilla:thunderbird:3.1.10
  • Mozilla Thunderbird 3.1.11
    cpe:2.3:a:mozilla:thunderbird:3.1.11
  • Mozilla Thunderbird 3.1.12
    cpe:2.3:a:mozilla:thunderbird:3.1.12
  • Mozilla Thunderbird 3.1.13
    cpe:2.3:a:mozilla:thunderbird:3.1.13
  • Mozilla Thunderbird 3.1.14
    cpe:2.3:a:mozilla:thunderbird:3.1.14
  • Mozilla Thunderbird 3.1.15
    cpe:2.3:a:mozilla:thunderbird:3.1.15
  • Mozilla Thunderbird 3.1.16
    cpe:2.3:a:mozilla:thunderbird:3.1.16
  • Mozilla Thunderbird 3.1.17
    cpe:2.3:a:mozilla:thunderbird:3.1.17
  • Mozilla Thunderbird 3.1.18
    cpe:2.3:a:mozilla:thunderbird:3.1.18
  • Mozilla Thunderbird 3.1.19
    cpe:2.3:a:mozilla:thunderbird:3.1.19
  • Mozilla Thunderbird 5.0
    cpe:2.3:a:mozilla:thunderbird:5.0
  • Mozilla Thunderbird 6.0
    cpe:2.3:a:mozilla:thunderbird:6.0
  • Mozilla Thunderbird 6.0.1
    cpe:2.3:a:mozilla:thunderbird:6.0.1
  • Mozilla Thunderbird 6.0.2
    cpe:2.3:a:mozilla:thunderbird:6.0.2
  • Mozilla Thunderbird 7.0
    cpe:2.3:a:mozilla:thunderbird:7.0
  • Mozilla Thunderbird 7.0.1
    cpe:2.3:a:mozilla:thunderbird:7.0.1
  • Mozilla Thunderbird 8.0
    cpe:2.3:a:mozilla:thunderbird:8.0
  • Mozilla Thunderbird 9.0
    cpe:2.3:a:mozilla:thunderbird:9.0
  • Mozilla Thunderbird 9.0.1
    cpe:2.3:a:mozilla:thunderbird:9.0.1
  • Mozilla Thunderbird 10.0
    cpe:2.3:a:mozilla:thunderbird:10.0
  • Mozilla Thunderbird 10.0.1
    cpe:2.3:a:mozilla:thunderbird:10.0.1
  • Mozilla Thunderbird 10.0.2
    cpe:2.3:a:mozilla:thunderbird:10.0.2
  • Mozilla Thunderbird 10.0.3
    cpe:2.3:a:mozilla:thunderbird:10.0.3
  • Mozilla Thunderbird 10.0.4
    cpe:2.3:a:mozilla:thunderbird:10.0.4
  • Mozilla Thunderbird 11.0
    cpe:2.3:a:mozilla:thunderbird:11.0
  • Mozilla Thunderbird 11.0.1
    cpe:2.3:a:mozilla:thunderbird:11.0.1
  • Mozilla Thunderbird 12.0
    cpe:2.3:a:mozilla:thunderbird:12.0
  • Mozilla Thunderbird 12.0.1
    cpe:2.3:a:mozilla:thunderbird:12.0.1
  • Mozilla Thunderbird 13.0
    cpe:2.3:a:mozilla:thunderbird:13.0
  • Mozilla Thunderbird 13.0.1
    cpe:2.3:a:mozilla:thunderbird:13.0.1
  • Mozilla Thunderbird 14.0
    cpe:2.3:a:mozilla:thunderbird:14.0
  • Mozilla Thunderbird 15.0
    cpe:2.3:a:mozilla:thunderbird:15.0
  • Mozilla Thunderbird 15.0.1
    cpe:2.3:a:mozilla:thunderbird:15.0.1
  • Mozilla Thunderbird 16.0
    cpe:2.3:a:mozilla:thunderbird:16.0
  • Mozilla Thunderbird 16.0.1
    cpe:2.3:a:mozilla:thunderbird:16.0.1
  • Mozilla Thunderbird 16.0.2
    cpe:2.3:a:mozilla:thunderbird:16.0.2
  • Mozilla Thunderbird 17.0
    cpe:2.3:a:mozilla:thunderbird:17.0
  • Mozilla Thunderbird 17.0.1
    cpe:2.3:a:mozilla:thunderbird:17.0.1
  • Mozilla Thunderbird 17.0.2
    cpe:2.3:a:mozilla:thunderbird:17.0.2
  • Mozilla Thunderbird 17.0.3
    cpe:2.3:a:mozilla:thunderbird:17.0.3
  • Mozilla Thunderbird 17.0.4
    cpe:2.3:a:mozilla:thunderbird:17.0.4
  • Mozilla Thunderbird 17.0.5
    cpe:2.3:a:mozilla:thunderbird:17.0.5
  • Mozilla Thunderbird 17.0.6
    cpe:2.3:a:mozilla:thunderbird:17.0.6
  • Mozilla Thunderbird 17.0.7
    cpe:2.3:a:mozilla:thunderbird:17.0.7
  • Mozilla Thunderbird 17.0.8
    cpe:2.3:a:mozilla:thunderbird:17.0.8
  • Mozilla Thunderbird 17.0.9
    cpe:2.3:a:mozilla:thunderbird:17.0.9
  • Mozilla Thunderbird 17.0.10
    cpe:2.3:a:mozilla:thunderbird:17.0.10
  • Mozilla Thunderbird 24.0
    cpe:2.3:a:mozilla:thunderbird:24.0
  • Mozilla Thunderbird 24.0.1
    cpe:2.3:a:mozilla:thunderbird:24.0.1
  • Mozilla Thunderbird 24.1
    cpe:2.3:a:mozilla:thunderbird:24.1
  • Mozilla Thunderbird 24.1.0
    cpe:2.3:a:mozilla:thunderbird:24.1.0
  • Mozilla Thunderbird 24.1.1
    cpe:2.3:a:mozilla:thunderbird:24.1.1
  • Mozilla Thunderbird 24.2
    cpe:2.3:a:mozilla:thunderbird:24.2
  • Mozilla Thunderbird 24.2.0
    cpe:2.3:a:mozilla:thunderbird:24.2.0
  • Mozilla Thunderbird 24.3
    cpe:2.3:a:mozilla:thunderbird:24.3
  • Mozilla Thunderbird 24.3.0
    cpe:2.3:a:mozilla:thunderbird:24.3.0
  • Mozilla Thunderbird 24.4
    cpe:2.3:a:mozilla:thunderbird:24.4
  • Mozilla Thunderbird 24.4.0
    cpe:2.3:a:mozilla:thunderbird:24.4.0
  • Mozilla Thunderbird 24.5
    cpe:2.3:a:mozilla:thunderbird:24.5
  • Mozilla Thunderbird 24.5.0
    cpe:2.3:a:mozilla:thunderbird:24.5.0
  • Mozilla Thunderbird 24.6
    cpe:2.3:a:mozilla:thunderbird:24.6
  • Mozilla Thunderbird 24.6.0
    cpe:2.3:a:mozilla:thunderbird:24.6.0
  • Mozilla Thunderbird 24.7
    cpe:2.3:a:mozilla:thunderbird:24.7
  • Mozilla Thunderbird 24.7.0
    cpe:2.3:a:mozilla:thunderbird:24.7.0
  • Mozilla Thunderbird 24.8
    cpe:2.3:a:mozilla:thunderbird:24.8
  • Mozilla Thunderbird 31.0
    cpe:2.3:a:mozilla:thunderbird:31.0
  • Mozilla Thunderbird 31.1.0
    cpe:2.3:a:mozilla:thunderbird:31.1.0
  • Mozilla Thunderbird 31.1.2
    cpe:2.3:a:mozilla:thunderbird:31.1.2
  • Mozilla Thunderbird 31.2
    cpe:2.3:a:mozilla:thunderbird:31.2
  • Mozilla Thunderbird 31.2.0
    cpe:2.3:a:mozilla:thunderbird:31.2.0
  • Mozilla Thunderbird 31.3
    cpe:2.3:a:mozilla:thunderbird:31.3
  • Mozilla Thunderbird 31.4
    cpe:2.3:a:mozilla:thunderbird:31.4
  • Mozilla Thunderbird 31.4.0
    cpe:2.3:a:mozilla:thunderbird:31.4.0
  • Mozilla Thunderbird 31.5
    cpe:2.3:a:mozilla:thunderbird:31.5
  • Mozilla Thunderbird 31.5.0
    cpe:2.3:a:mozilla:thunderbird:31.5.0
  • Mozilla Thunderbird 31.6
    cpe:2.3:a:mozilla:thunderbird:31.6
  • Mozilla Thunderbird 31.6.0
    cpe:2.3:a:mozilla:thunderbird:31.6.0
  • Mozilla Thunderbird 31.7.0
    cpe:2.3:a:mozilla:thunderbird:31.7.0
  • Mozilla Thunderbird 31.8
    cpe:2.3:a:mozilla:thunderbird:31.8
  • Mozilla Thunderbird 31.8.0
    cpe:2.3:a:mozilla:thunderbird:31.8.0
  • Mozilla Thunderbird 32.0
    cpe:2.3:a:mozilla:thunderbird:32.0
  • Mozilla Thunderbird 38.0
    cpe:2.3:a:mozilla:thunderbird:38.0
  • Mozilla Thunderbird 38.0.1
    cpe:2.3:a:mozilla:thunderbird:38.0.1
  • Mozilla Thunderbird 38.1
    cpe:2.3:a:mozilla:thunderbird:38.1
  • Mozilla Thunderbird 38.1.0
    cpe:2.3:a:mozilla:thunderbird:38.1.0
  • Mozilla Thunderbird 38.2.0
    cpe:2.3:a:mozilla:thunderbird:38.2.0
  • Mozilla Thunderbird 38.3.0
    cpe:2.3:a:mozilla:thunderbird:38.3.0
  • Mozilla Thunderbird 38.4.0
    cpe:2.3:a:mozilla:thunderbird:38.4.0
  • Mozilla Thunderbird 38.5.0
    cpe:2.3:a:mozilla:thunderbird:38.5.0
  • Mozilla Thunderbird 38.5.1
    cpe:2.3:a:mozilla:thunderbird:38.5.1
  • Mozilla Thunderbird 38.6.0
    cpe:2.3:a:mozilla:thunderbird:38.6.0
  • Mozilla Thunderbird 38.7.0
    cpe:2.3:a:mozilla:thunderbird:38.7.0
  • Mozilla Thunderbird 38.7.1
    cpe:2.3:a:mozilla:thunderbird:38.7.1
  • Mozilla Thunderbird 38.7.2
    cpe:2.3:a:mozilla:thunderbird:38.7.2
  • Mozilla Thunderbird 38.8.0
    cpe:2.3:a:mozilla:thunderbird:38.8.0
  • Mozilla Thunderbird 45.0
    cpe:2.3:a:mozilla:thunderbird:45.0
  • Mozilla Thunderbird 45.1.0
    cpe:2.3:a:mozilla:thunderbird:45.1.0
  • Mozilla Thunderbird 45.1.1
    cpe:2.3:a:mozilla:thunderbird:45.1.1
  • Mozilla Thunderbird 45.2.0
    cpe:2.3:a:mozilla:thunderbird:45.2.0
  • Mozilla Thunderbird 45.3.0
    cpe:2.3:a:mozilla:thunderbird:45.3.0
  • Mozilla Thunderbird 45.4.0
    cpe:2.3:a:mozilla:thunderbird:45.4.0
  • Mozilla Thunderbird 45.5.0
    cpe:2.3:a:mozilla:thunderbird:45.5.0
  • Mozilla Thunderbird 45.5.1
    cpe:2.3:a:mozilla:thunderbird:45.5.1
  • Mozilla Thunderbird 45.6.0
    cpe:2.3:a:mozilla:thunderbird:45.6.0
  • Mozilla Firefox
    cpe:2.3:a:mozilla:firefox
  • Mozilla Firefox 0.1
    cpe:2.3:a:mozilla:firefox:0.1
  • Mozilla Firefox 0.2
    cpe:2.3:a:mozilla:firefox:0.2
  • Mozilla Firefox 0.3
    cpe:2.3:a:mozilla:firefox:0.3
  • Mozilla Firefox 0.4
    cpe:2.3:a:mozilla:firefox:0.4
  • Mozilla Firefox 0.5
    cpe:2.3:a:mozilla:firefox:0.5
  • Mozilla Firefox 0.6
    cpe:2.3:a:mozilla:firefox:0.6
  • Mozilla Firefox 0.6.1
    cpe:2.3:a:mozilla:firefox:0.6.1
  • Mozilla Firefox 0.7
    cpe:2.3:a:mozilla:firefox:0.7
  • Mozilla Firefox 0.7.1
    cpe:2.3:a:mozilla:firefox:0.7.1
  • Mozilla Firefox 0.8
    cpe:2.3:a:mozilla:firefox:0.8
  • Mozilla Firefox 0.9
    cpe:2.3:a:mozilla:firefox:0.9
  • Mozilla Firefox 0.9 rc
    cpe:2.3:a:mozilla:firefox:0.9:rc
  • Mozilla Firefox 0.9.1
    cpe:2.3:a:mozilla:firefox:0.9.1
  • Mozilla Firefox 0.9.2
    cpe:2.3:a:mozilla:firefox:0.9.2
  • Mozilla Firefox 0.9.3
    cpe:2.3:a:mozilla:firefox:0.9.3
  • Mozilla Firefox 0.10
    cpe:2.3:a:mozilla:firefox:0.10
  • Mozilla Firefox 0.10.1
    cpe:2.3:a:mozilla:firefox:0.10.1
  • Mozilla Firefox 1.0
    cpe:2.3:a:mozilla:firefox:1.0
  • Mozilla Firefox 1.0 Preview Release
    cpe:2.3:a:mozilla:firefox:1.0:preview_release
  • Mozilla Firefox 1.0.1
    cpe:2.3:a:mozilla:firefox:1.0.1
  • Mozilla Firefox 1.0.2
    cpe:2.3:a:mozilla:firefox:1.0.2
  • Mozilla Firefox 1.0.3
    cpe:2.3:a:mozilla:firefox:1.0.3
  • Mozilla Firefox 1.0.4
    cpe:2.3:a:mozilla:firefox:1.0.4
  • Mozilla Firefox 1.0.5
    cpe:2.3:a:mozilla:firefox:1.0.5
  • Mozilla Firefox 1.0.6
    cpe:2.3:a:mozilla:firefox:1.0.6
  • Mozilla Firefox 1.0.7
    cpe:2.3:a:mozilla:firefox:1.0.7
  • Mozilla Firefox 1.0.8
    cpe:2.3:a:mozilla:firefox:1.0.8
  • Mozilla Firefox 1.4.1
    cpe:2.3:a:mozilla:firefox:1.4.1
  • Mozilla Firefox 1.5
    cpe:2.3:a:mozilla:firefox:1.5
  • Mozilla Firefox 1.5 Beta 1
    cpe:2.3:a:mozilla:firefox:1.5:beta1
  • Mozilla Firefox 1.5 Beta 2
    cpe:2.3:a:mozilla:firefox:1.5:beta2
  • Mozilla Firefox 1.5.0.1
    cpe:2.3:a:mozilla:firefox:1.5.0.1
  • Mozilla Firefox 1.5.0.2
    cpe:2.3:a:mozilla:firefox:1.5.0.2
  • Mozilla Firefox 1.5.0.3
    cpe:2.3:a:mozilla:firefox:1.5.0.3
  • Mozilla Firefox 1.5.0.4
    cpe:2.3:a:mozilla:firefox:1.5.0.4
  • Mozilla Firefox 1.5.0.5
    cpe:2.3:a:mozilla:firefox:1.5.0.5
  • Mozilla Firefox 1.5.0.6
    cpe:2.3:a:mozilla:firefox:1.5.0.6
  • Mozilla Firefox 1.5.0.7
    cpe:2.3:a:mozilla:firefox:1.5.0.7
  • Mozilla Firefox 1.5.0.8
    cpe:2.3:a:mozilla:firefox:1.5.0.8
  • Mozilla Firefox 1.5.0.9
    cpe:2.3:a:mozilla:firefox:1.5.0.9
  • Mozilla Firefox 1.5.0.10
    cpe:2.3:a:mozilla:firefox:1.5.0.10
  • Mozilla Firefox 1.5.0.11
    cpe:2.3:a:mozilla:firefox:1.5.0.11
  • Mozilla Firefox 1.5.0.12
    cpe:2.3:a:mozilla:firefox:1.5.0.12
  • Mozilla Firefox 1.5.1
    cpe:2.3:a:mozilla:firefox:1.5.1
  • Mozilla Firefox 1.5.2
    cpe:2.3:a:mozilla:firefox:1.5.2
  • Mozilla Firefox 1.5.3
    cpe:2.3:a:mozilla:firefox:1.5.3
  • Mozilla Firefox 1.5.4
    cpe:2.3:a:mozilla:firefox:1.5.4
  • Mozilla Firefox 1.5.5
    cpe:2.3:a:mozilla:firefox:1.5.5
  • Mozilla Firefox 1.5.6
    cpe:2.3:a:mozilla:firefox:1.5.6
  • Mozilla Firefox 1.5.7
    cpe:2.3:a:mozilla:firefox:1.5.7
  • Mozilla Firefox 1.5.8
    cpe:2.3:a:mozilla:firefox:1.5.8
  • Mozilla Firefox 1.8
    cpe:2.3:a:mozilla:firefox:1.8
  • Mozilla Firefox 2.0
    cpe:2.3:a:mozilla:firefox:2.0
  • Mozilla Firefox 2.0.0.1
    cpe:2.3:a:mozilla:firefox:2.0.0.1
  • Mozilla Firefox 2.0.0.2
    cpe:2.3:a:mozilla:firefox:2.0.0.2
  • Mozilla Firefox 2.0.0.3
    cpe:2.3:a:mozilla:firefox:2.0.0.3
  • Mozilla Firefox 2.0.0.4
    cpe:2.3:a:mozilla:firefox:2.0.0.4
  • Mozilla Firefox 2.0.0.5
    cpe:2.3:a:mozilla:firefox:2.0.0.5
  • Mozilla Firefox 2.0.0.6
    cpe:2.3:a:mozilla:firefox:2.0.0.6
  • Mozilla Firefox 2.0.0.7
    cpe:2.3:a:mozilla:firefox:2.0.0.7
  • Mozilla Firefox 2.0.0.8
    cpe:2.3:a:mozilla:firefox:2.0.0.8
  • Mozilla Firefox 2.0.0.9
    cpe:2.3:a:mozilla:firefox:2.0.0.9
  • Mozilla Firefox 2.0.0.10
    cpe:2.3:a:mozilla:firefox:2.0.0.10
  • Mozilla Firefox 2.0.0.11
    cpe:2.3:a:mozilla:firefox:2.0.0.11
  • Mozilla Firefox 2.0.0.12
    cpe:2.3:a:mozilla:firefox:2.0.0.12
  • Mozilla Firefox 2.0.0.13
    cpe:2.3:a:mozilla:firefox:2.0.0.13
  • Mozilla Firefox 2.0.0.14
    cpe:2.3:a:mozilla:firefox:2.0.0.14
  • Mozilla Firefox 2.0.0.15
    cpe:2.3:a:mozilla:firefox:2.0.0.15
  • Mozilla Firefox 2.0.0.16
    cpe:2.3:a:mozilla:firefox:2.0.0.16
  • Mozilla Firefox 2.0.0.17
    cpe:2.3:a:mozilla:firefox:2.0.0.17
  • Mozilla Firefox 2.0.0.18
    cpe:2.3:a:mozilla:firefox:2.0.0.18
  • Mozilla Firefox 2.0.0.19
    cpe:2.3:a:mozilla:firefox:2.0.0.19
  • Mozilla Firefox 2.0.0.20
    cpe:2.3:a:mozilla:firefox:2.0.0.20
  • Mozilla Firefox 3.0
    cpe:2.3:a:mozilla:firefox:3.0
  • Mozilla Firefox 3.0.1
    cpe:2.3:a:mozilla:firefox:3.0.1
  • Mozilla Firefox 3.0.2
    cpe:2.3:a:mozilla:firefox:3.0.2
  • Mozilla Firefox 3.0.3
    cpe:2.3:a:mozilla:firefox:3.0.3
  • Mozilla Firefox 3.0.4
    cpe:2.3:a:mozilla:firefox:3.0.4
  • Mozilla Firefox 3.0.5
    cpe:2.3:a:mozilla:firefox:3.0.5
  • Mozilla Firefox 3.0.6
    cpe:2.3:a:mozilla:firefox:3.0.6
  • Mozilla Firefox 3.0.7
    cpe:2.3:a:mozilla:firefox:3.0.7
  • Mozilla Firefox 3.0.8
    cpe:2.3:a:mozilla:firefox:3.0.8
  • Mozilla Firefox 3.0.9
    cpe:2.3:a:mozilla:firefox:3.0.9
  • Mozilla Firefox 3.0.10
    cpe:2.3:a:mozilla:firefox:3.0.10
  • Mozilla Firefox 3.0.11
    cpe:2.3:a:mozilla:firefox:3.0.11
  • Mozilla Firefox 3.0.12
    cpe:2.3:a:mozilla:firefox:3.0.12
  • Mozilla Firefox 3.0.13
    cpe:2.3:a:mozilla:firefox:3.0.13
  • Mozilla Firefox 3.0.14
    cpe:2.3:a:mozilla:firefox:3.0.14
  • Mozilla Firefox 3.0.15
    cpe:2.3:a:mozilla:firefox:3.0.15
  • Mozilla Firefox 3.0.16
    cpe:2.3:a:mozilla:firefox:3.0.16
  • Mozilla Firefox 3.0.17
    cpe:2.3:a:mozilla:firefox:3.0.17
  • Mozilla Firefox 3.0.18
    cpe:2.3:a:mozilla:firefox:3.0.18
  • Mozilla Firefox 3.0.19
    cpe:2.3:a:mozilla:firefox:3.0.19
  • Mozilla Firefox 3.5
    cpe:2.3:a:mozilla:firefox:3.5
  • Mozilla Firefox 3.5.1
    cpe:2.3:a:mozilla:firefox:3.5.1
  • Mozilla Firefox 3.5.2
    cpe:2.3:a:mozilla:firefox:3.5.2
  • Mozilla Firefox 3.5.3
    cpe:2.3:a:mozilla:firefox:3.5.3
  • Mozilla Firefox 3.5.4
    cpe:2.3:a:mozilla:firefox:3.5.4
  • Mozilla Firefox 3.5.5
    cpe:2.3:a:mozilla:firefox:3.5.5
  • Mozilla Firefox 3.5.6
    cpe:2.3:a:mozilla:firefox:3.5.6
  • Mozilla Firefox 3.5.7
    cpe:2.3:a:mozilla:firefox:3.5.7
  • Mozilla Firefox 3.5.8
    cpe:2.3:a:mozilla:firefox:3.5.8
  • Mozilla Firefox 3.5.9
    cpe:2.3:a:mozilla:firefox:3.5.9
  • Mozilla Firefox 3.5.10
    cpe:2.3:a:mozilla:firefox:3.5.10
  • Mozilla Firefox 3.5.11
    cpe:2.3:a:mozilla:firefox:3.5.11
  • Mozilla Firefox 3.5.12
    cpe:2.3:a:mozilla:firefox:3.5.12
  • Mozilla Firefox 3.5.13
    cpe:2.3:a:mozilla:firefox:3.5.13
  • Mozilla Firefox 3.5.14
    cpe:2.3:a:mozilla:firefox:3.5.14
  • Mozilla Firefox 3.5.15
    cpe:2.3:a:mozilla:firefox:3.5.15
  • Mozilla Firefox 3.5.16
    cpe:2.3:a:mozilla:firefox:3.5.16
  • Mozilla Firefox 3.5.17
    cpe:2.3:a:mozilla:firefox:3.5.17
  • Mozilla Firefox 3.5.18
    cpe:2.3:a:mozilla:firefox:3.5.18
  • Mozilla Firefox 3.5.19
    cpe:2.3:a:mozilla:firefox:3.5.19
  • Mozilla Firefox 3.6
    cpe:2.3:a:mozilla:firefox:3.6
  • Mozilla Firefox 3.6.2
    cpe:2.3:a:mozilla:firefox:3.6.2
  • Mozilla Firefox 3.6.3
    cpe:2.3:a:mozilla:firefox:3.6.3
  • Mozilla Firefox 3.6.4
    cpe:2.3:a:mozilla:firefox:3.6.4
  • Mozilla Firefox 3.6.6
    cpe:2.3:a:mozilla:firefox:3.6.6
  • Mozilla Firefox 3.6.7
    cpe:2.3:a:mozilla:firefox:3.6.7
  • Mozilla Firefox 3.6.8
    cpe:2.3:a:mozilla:firefox:3.6.8
  • Mozilla Firefox 3.6.9
    cpe:2.3:a:mozilla:firefox:3.6.9
  • Mozilla Firefox 3.6.10
    cpe:2.3:a:mozilla:firefox:3.6.10
  • Mozilla Firefox 3.6.11
    cpe:2.3:a:mozilla:firefox:3.6.11
  • Mozilla Firefox 3.6.12
    cpe:2.3:a:mozilla:firefox:3.6.12
  • Mozilla Firefox 3.6.13
    cpe:2.3:a:mozilla:firefox:3.6.13
  • Mozilla Firefox 3.6.14
    cpe:2.3:a:mozilla:firefox:3.6.14
  • Mozilla Firefox 3.6.15
    cpe:2.3:a:mozilla:firefox:3.6.15
  • Mozilla Firefox 3.6.16
    cpe:2.3:a:mozilla:firefox:3.6.16
  • Mozilla Firefox 3.6.17
    cpe:2.3:a:mozilla:firefox:3.6.17
  • Mozilla Firefox 3.6.18
    cpe:2.3:a:mozilla:firefox:3.6.18
  • Mozilla Firefox 3.6.19
    cpe:2.3:a:mozilla:firefox:3.6.19
  • Mozilla Firefox 3.6.20
    cpe:2.3:a:mozilla:firefox:3.6.20
  • Mozilla Firefox 3.6.21
    cpe:2.3:a:mozilla:firefox:3.6.21
  • Mozilla Firefox 3.6.22
    cpe:2.3:a:mozilla:firefox:3.6.22
  • Mozilla Firefox 3.6.23
    cpe:2.3:a:mozilla:firefox:3.6.23
  • Mozilla Firefox 3.6.24
    cpe:2.3:a:mozilla:firefox:3.6.24
  • Mozilla Firefox 3.6.25
    cpe:2.3:a:mozilla:firefox:3.6.25
  • Mozilla Firefox 3.6.26
    cpe:2.3:a:mozilla:firefox:3.6.26
  • Mozilla Firefox 3.6.27
    cpe:2.3:a:mozilla:firefox:3.6.27
  • Mozilla Firefox 3.6.28
    cpe:2.3:a:mozilla:firefox:3.6.28
  • Mozilla Firefox 4.0
    cpe:2.3:a:mozilla:firefox:4.0
  • Mozilla Firefox 4.0 beta1
    cpe:2.3:a:mozilla:firefox:4.0:beta1
  • Mozilla Firefox 4.0 beta10
    cpe:2.3:a:mozilla:firefox:4.0:beta10
  • Mozilla Firefox 4.0 beta11
    cpe:2.3:a:mozilla:firefox:4.0:beta11
  • Mozilla Firefox 4.0 beta12
    cpe:2.3:a:mozilla:firefox:4.0:beta12
  • Mozilla Firefox 4.0 beta2
    cpe:2.3:a:mozilla:firefox:4.0:beta2
  • Mozilla Firefox 4.0 beta3
    cpe:2.3:a:mozilla:firefox:4.0:beta3
  • Mozilla Firefox 4.0 beta4
    cpe:2.3:a:mozilla:firefox:4.0:beta4
  • Mozilla Firefox 4.0 beta5
    cpe:2.3:a:mozilla:firefox:4.0:beta5
  • Mozilla Firefox 4.0 beta6
    cpe:2.3:a:mozilla:firefox:4.0:beta6
  • Mozilla Firefox 4.0 beta7
    cpe:2.3:a:mozilla:firefox:4.0:beta7
  • Mozilla Firefox 4.0 beta8
    cpe:2.3:a:mozilla:firefox:4.0:beta8
  • Mozilla Firefox 4.0 beta9
    cpe:2.3:a:mozilla:firefox:4.0:beta9
  • Mozilla Firefox 4.0.1
    cpe:2.3:a:mozilla:firefox:4.0.1
  • Mozilla Firefox 5.0
    cpe:2.3:a:mozilla:firefox:5.0
  • Mozilla Firefox 5.0.1
    cpe:2.3:a:mozilla:firefox:5.0.1
  • Mozilla Firefox 6.0
    cpe:2.3:a:mozilla:firefox:6.0
  • Mozilla Firefox 6.0.1
    cpe:2.3:a:mozilla:firefox:6.0.1
  • Mozilla Firefox 6.0.2
    cpe:2.3:a:mozilla:firefox:6.0.2
  • Mozilla Firefox 7.0
    cpe:2.3:a:mozilla:firefox:7.0
  • Mozilla Firefox 7.0.1
    cpe:2.3:a:mozilla:firefox:7.0.1
  • Mozilla Firefox 8.0
    cpe:2.3:a:mozilla:firefox:8.0
  • Mozilla Firefox 8.0.1
    cpe:2.3:a:mozilla:firefox:8.0.1
  • Mozilla Firefox 9.0
    cpe:2.3:a:mozilla:firefox:9.0
  • Mozilla Firefox 9.0.1
    cpe:2.3:a:mozilla:firefox:9.0.1
  • Mozilla Firefox 10.0
    cpe:2.3:a:mozilla:firefox:10.0
  • Mozilla Firefox 10.0.1
    cpe:2.3:a:mozilla:firefox:10.0.1
  • Mozilla Firefox 10.0.2
    cpe:2.3:a:mozilla:firefox:10.0.2
  • Mozilla Firefox 10.0.3
    cpe:2.3:a:mozilla:firefox:10.0.3
  • Mozilla Firefox 10.0.4
    cpe:2.3:a:mozilla:firefox:10.0.4
  • Mozilla Firefox 10.0.5
    cpe:2.3:a:mozilla:firefox:10.0.5
  • Mozilla Firefox 10.0.6
    cpe:2.3:a:mozilla:firefox:10.0.6
  • Mozilla Firefox 10.0.7
    cpe:2.3:a:mozilla:firefox:10.0.7
  • Mozilla Firefox 10.0.8
    cpe:2.3:a:mozilla:firefox:10.0.8
  • Mozilla Firefox 10.0.9
    cpe:2.3:a:mozilla:firefox:10.0.9
  • Mozilla Firefox 10.0.10
    cpe:2.3:a:mozilla:firefox:10.0.10
  • Mozilla Firefox 10.0.11
    cpe:2.3:a:mozilla:firefox:10.0.11
  • Mozilla Firefox 10.0.12
    cpe:2.3:a:mozilla:firefox:10.0.12
  • Mozilla Firefox 11.0
    cpe:2.3:a:mozilla:firefox:11.0
  • Mozilla Firefox 12.0
    cpe:2.3:a:mozilla:firefox:12.0
  • Mozilla Firefox 12.0 beta6
    cpe:2.3:a:mozilla:firefox:12.0:beta6
  • Mozilla Firefox 13.0
    cpe:2.3:a:mozilla:firefox:13.0
  • Mozilla Firefox 13.0.1
    cpe:2.3:a:mozilla:firefox:13.0.1
  • Mozilla Firefox 14.0
    cpe:2.3:a:mozilla:firefox:14.0
  • Mozilla Firefox 14.0.1
    cpe:2.3:a:mozilla:firefox:14.0.1
  • Mozilla Firefox 15.0
    cpe:2.3:a:mozilla:firefox:15.0
  • Mozilla Firefox 15.0.1
    cpe:2.3:a:mozilla:firefox:15.0.1
  • Mozilla Firefox 16.0
    cpe:2.3:a:mozilla:firefox:16.0
  • Mozilla Firefox 16.0.1
    cpe:2.3:a:mozilla:firefox:16.0.1
  • Mozilla Firefox 16.0.2
    cpe:2.3:a:mozilla:firefox:16.0.2
  • Mozilla Firefox 17.0
    cpe:2.3:a:mozilla:firefox:17.0
  • Mozilla Firefox 17.0.1
    cpe:2.3:a:mozilla:firefox:17.0.1
  • Mozilla Firefox 17.0.2
    cpe:2.3:a:mozilla:firefox:17.0.2
  • Mozilla Firefox 17.0.3
    cpe:2.3:a:mozilla:firefox:17.0.3
  • Mozilla Firefox 17.0.4
    cpe:2.3:a:mozilla:firefox:17.0.4
  • Mozilla Firefox 17.0.5
    cpe:2.3:a:mozilla:firefox:17.0.5
  • Mozilla Firefox 17.0.6
    cpe:2.3:a:mozilla:firefox:17.0.6
  • Mozilla Firefox 17.0.7
    cpe:2.3:a:mozilla:firefox:17.0.7
  • Mozilla Firefox 17.0.8
    cpe:2.3:a:mozilla:firefox:17.0.8
  • Mozilla Firefox 17.0.9
    cpe:2.3:a:mozilla:firefox:17.0.9
  • Mozilla Firefox 17.0.10
    cpe:2.3:a:mozilla:firefox:17.0.10
  • Mozilla Firefox 17.0.11
    cpe:2.3:a:mozilla:firefox:17.0.11
  • Mozilla Firefox 18.0
    cpe:2.3:a:mozilla:firefox:18.0
  • Mozilla Firefox 18.0.1
    cpe:2.3:a:mozilla:firefox:18.0.1
  • Mozilla Firefox 18.0.2
    cpe:2.3:a:mozilla:firefox:18.0.2
  • Mozilla Firefox 19.0
    cpe:2.3:a:mozilla:firefox:19.0
  • Mozilla Firefox 19.0.1
    cpe:2.3:a:mozilla:firefox:19.0.1
  • Mozilla Firefox 19.0.2
    cpe:2.3:a:mozilla:firefox:19.0.2
  • Mozilla Firefox 20.0
    cpe:2.3:a:mozilla:firefox:20.0
  • Mozilla Firefox 20.0.1
    cpe:2.3:a:mozilla:firefox:20.0.1
  • Mozilla Firefox 21.0
    cpe:2.3:a:mozilla:firefox:21.0
  • Mozilla Firefox 22.0
    cpe:2.3:a:mozilla:firefox:22.0
  • Mozilla Firefox 23.0
    cpe:2.3:a:mozilla:firefox:23.0
  • Mozilla Firefox 23.0.1
    cpe:2.3:a:mozilla:firefox:23.0.1
  • Mozilla Firefox 24.0
    cpe:2.3:a:mozilla:firefox:24.0
  • Mozilla Firefox 24.1
    cpe:2.3:a:mozilla:firefox:24.1
  • Mozilla Firefox 24.1.1
    cpe:2.3:a:mozilla:firefox:24.1.1
  • Mozilla Firefox 25.0
    cpe:2.3:a:mozilla:firefox:25.0
  • Mozilla Firefox 25.0.1
    cpe:2.3:a:mozilla:firefox:25.0.1
  • Mozilla Firefox 26.0
    cpe:2.3:a:mozilla:firefox:26.0
  • Mozilla Firefox 27.0
    cpe:2.3:a:mozilla:firefox:27.0
  • Mozilla Firefox 27.0.1
    cpe:2.3:a:mozilla:firefox:27.0.1
  • Mozilla Firefox 28.0
    cpe:2.3:a:mozilla:firefox:28.0
  • Mozilla Firefox 29.0
    cpe:2.3:a:mozilla:firefox:29.0
  • Mozilla Firefox 29.0.1
    cpe:2.3:a:mozilla:firefox:29.0.1
  • Mozilla Firefox 30.0
    cpe:2.3:a:mozilla:firefox:30.0
  • Mozilla Firefox 31.0
    cpe:2.3:a:mozilla:firefox:31.0
  • Mozilla Firefox 31.1.0
    cpe:2.3:a:mozilla:firefox:31.1.0
  • Mozilla Firefox 32.0
    cpe:2.3:a:mozilla:firefox:32.0
  • Mozilla Firefox 33.0
    cpe:2.3:a:mozilla:firefox:33.0
  • Mozilla Firefox 34.0
    cpe:2.3:a:mozilla:firefox:34.0
  • Mozilla Firefox 34.0.5
    cpe:2.3:a:mozilla:firefox:34.0.5
  • Mozilla Firefox 35.0
    cpe:2.3:a:mozilla:firefox:35.0
  • Mozilla Firefox 35.0.1
    cpe:2.3:a:mozilla:firefox:35.0.1
  • Mozilla Firefox 36.0
    cpe:2.3:a:mozilla:firefox:36.0
  • Mozilla Firefox 36.0.1
    cpe:2.3:a:mozilla:firefox:36.0.1
  • Mozilla Firefox 36.0.3
    cpe:2.3:a:mozilla:firefox:36.0.3
  • Mozilla Firefox 36.0.4
    cpe:2.3:a:mozilla:firefox:36.0.4
  • Mozilla Firefox 37.0
    cpe:2.3:a:mozilla:firefox:37.0
  • Mozilla Firefox 37.0.1
    cpe:2.3:a:mozilla:firefox:37.0.1
  • Mozilla Firefox 37.0.2
    cpe:2.3:a:mozilla:firefox:37.0.2
  • Mozilla Firefox 38.0
    cpe:2.3:a:mozilla:firefox:38.0
  • Mozilla Firefox 40.0.3
    cpe:2.3:a:mozilla:firefox:40.0.3
  • Mozilla Firefox 41.0
    cpe:2.3:a:mozilla:firefox:41.0
  • Mozilla Firefox 41.0.1
    cpe:2.3:a:mozilla:firefox:41.0.1
  • Mozilla Firefox 41.0.2
    cpe:2.3:a:mozilla:firefox:41.0.2
  • Mozilla Firefox 42.0
    cpe:2.3:a:mozilla:firefox:42.0
  • Mozilla Firefox 42.0 (64 bit)
    cpe:2.3:a:mozilla:firefox:42.0:-:-:-:-:-:x64
  • Mozilla Firefox 43.0
    cpe:2.3:a:mozilla:firefox:43.0
  • Mozilla Firefox 43.0.1
    cpe:2.3:a:mozilla:firefox:43.0.1
  • Mozilla Firefox 43.0.2
    cpe:2.3:a:mozilla:firefox:43.0.2
  • Mozilla Firefox 43.0.3
    cpe:2.3:a:mozilla:firefox:43.0.3
  • Mozilla Firefox 43.0.4
    cpe:2.3:a:mozilla:firefox:43.0.4
  • Mozilla Firefox 44.0.1
    cpe:2.3:a:mozilla:firefox:44.0.1
  • Mozilla Firefox 44.0.2
    cpe:2.3:a:mozilla:firefox:44.0.2
  • Mozilla Firefox 45.0.1
    cpe:2.3:a:mozilla:firefox:45.0.1
  • Mozilla Firefox 45.0.2
    cpe:2.3:a:mozilla:firefox:45.0.2
  • Mozilla Firefox 46.0.1
    cpe:2.3:a:mozilla:firefox:46.0.1
  • Mozilla Firefox 47.0.1
    cpe:2.3:a:mozilla:firefox:47.0.1
  • Mozilla Firefox 48.0.2
    cpe:2.3:a:mozilla:firefox:48.0.2
  • Mozilla Firefox 49.0
    cpe:2.3:a:mozilla:firefox:49.0
  • Mozilla Firefox 49.0.1
    cpe:2.3:a:mozilla:firefox:49.0.1
  • Mozilla Firefox 49.0.2
    cpe:2.3:a:mozilla:firefox:49.0.2
  • Mozilla Firefox 50.0
    cpe:2.3:a:mozilla:firefox:50.0
  • Mozilla Firefox 50.0.1
    cpe:2.3:a:mozilla:firefox:50.0.1
  • Mozilla Firefox 50.0.2
    cpe:2.3:a:mozilla:firefox:50.0.2
  • Mozilla Firefox Extended Support Release (ESR) 10.0
    cpe:2.3:a:mozilla:firefox_esr:10.0
  • Mozilla Firefox Extended Support Release (ESR) 10.1
    cpe:2.3:a:mozilla:firefox_esr:10.0.1
  • Mozilla Firefox Extended Support Release (ESR) 10.0.2
    cpe:2.3:a:mozilla:firefox_esr:10.0.2
  • Mozilla Firefox Extended Support Release (ESR) 10.0.3
    cpe:2.3:a:mozilla:firefox_esr:10.0.3
  • Mozilla Firefox Extended Support Release (ESR) 10.0.4
    cpe:2.3:a:mozilla:firefox_esr:10.0.4
  • Mozilla Firefox Extended Support Release (ESR) 10.0.5
    cpe:2.3:a:mozilla:firefox_esr:10.0.5
  • Mozilla Firefox Extended Support Release (ESR) 10.0.6
    cpe:2.3:a:mozilla:firefox_esr:10.0.6
  • Mozilla Firefox Extended Support Release (ESR) 10.0.7
    cpe:2.3:a:mozilla:firefox_esr:10.0.7
  • Mozilla Firefox Extended Support Release (ESR) 10.0.8
    cpe:2.3:a:mozilla:firefox_esr:10.0.8
  • Mozilla Firefox Extended Support Release (ESR) 10.0.9
    cpe:2.3:a:mozilla:firefox_esr:10.0.9
  • Mozilla Firefox Extended Support Release (ESR) 10.0.10
    cpe:2.3:a:mozilla:firefox_esr:10.0.10
  • Mozilla Firefox Extended Support Release (ESR) 10.0.11
    cpe:2.3:a:mozilla:firefox_esr:10.0.11
  • Mozilla Firefox Extended Support Release (ESR) 10.0.12
    cpe:2.3:a:mozilla:firefox_esr:10.0.12
  • Mozilla Firefox Extended Support Release (ESR) 17.0
    cpe:2.3:a:mozilla:firefox_esr:17.0
  • Mozilla Firefox Extended Support Release (ESR) 17.0.1
    cpe:2.3:a:mozilla:firefox_esr:17.0.1
  • Mozilla Firefox Extended Support Release (ESR) 17.0.2
    cpe:2.3:a:mozilla:firefox_esr:17.0.2
  • Mozilla Firefox Extended Support Release (ESR) 17.0.3
    cpe:2.3:a:mozilla:firefox_esr:17.0.3
  • Mozilla Firefox Extended Support Release (ESR) 17.0.4
    cpe:2.3:a:mozilla:firefox_esr:17.0.4
  • Mozilla Firefox Extended Support Release (ESR) 17.0.5
    cpe:2.3:a:mozilla:firefox_esr:17.0.5
  • Mozilla Firefox Extended Support Release (ESR) 17.0.6
    cpe:2.3:a:mozilla:firefox_esr:17.0.6
  • Mozilla Firefox Extended Support Release (ESR) 17.0.7
    cpe:2.3:a:mozilla:firefox_esr:17.0.7
  • Mozilla Firefox Extended Support Release (ESR) 17.0.8
    cpe:2.3:a:mozilla:firefox_esr:17.0.8
  • Mozilla Firefox Extended Support Release (ESR) 17.0.9
    cpe:2.3:a:mozilla:firefox_esr:17.0.9
  • Mozilla Firefox Extended Support Release (ESR) 17.0.10
    cpe:2.3:a:mozilla:firefox_esr:17.0.10
  • Mozilla Firefox Extended Support Release (ESR) 17.0.11
    cpe:2.3:a:mozilla:firefox_esr:17.0.11
  • Mozilla Firefox Extended Support Release (ESR) 24.0
    cpe:2.3:a:mozilla:firefox_esr:24.0
  • Mozilla Firefox Extended Support Release (ESR) 24.0.1
    cpe:2.3:a:mozilla:firefox_esr:24.0.1
  • Mozilla Firefox Extended Support Release (ESR) 24.0.2
    cpe:2.3:a:mozilla:firefox_esr:24.0.2
  • Mozilla Firefox Extended Support Release (ESR) 24.1.0
    cpe:2.3:a:mozilla:firefox_esr:24.1.0
  • Mozilla Firefox Extended Support Release (ESR) 24.1.1
    cpe:2.3:a:mozilla:firefox_esr:24.1.1
  • Mozilla Firefox Extended Support Release (ESR) 24.2
    cpe:2.3:a:mozilla:firefox_esr:24.2
  • Mozilla Firefox Extended Support Release (ESR) 24.3
    cpe:2.3:a:mozilla:firefox_esr:24.3
  • Mozilla Firefox Extended Support Release (ESR) 24.4
    cpe:2.3:a:mozilla:firefox_esr:24.4
  • Mozilla Firefox Extended Support Release (ESR) 24.5
    cpe:2.3:a:mozilla:firefox_esr:24.5
  • Mozilla Firefox Extended Support Release (ESR) 24.6
    cpe:2.3:a:mozilla:firefox_esr:24.6
  • Mozilla Firefox Extended Support Release (ESR) 24.7
    cpe:2.3:a:mozilla:firefox_esr:24.7
  • Mozilla Firefox Extended Support Release (ESR) 24.8
    cpe:2.3:a:mozilla:firefox_esr:24.8
  • Mozilla Firefox Extended Support Release (ESR) 31.0
    cpe:2.3:a:mozilla:firefox_esr:31.0
  • Mozilla Firefox Extended Support Release (ESR) 31.1
    cpe:2.3:a:mozilla:firefox_esr:31.1
  • Mozilla Firefox Extended Support Release (ESR) 31.1.0
    cpe:2.3:a:mozilla:firefox_esr:31.1.0
  • Mozilla Firefox Extended Support Release (ESR) 31.1.1
    cpe:2.3:a:mozilla:firefox_esr:31.1.1
  • Mozilla Firefox Extended Support Release (ESR) 31.2
    cpe:2.3:a:mozilla:firefox_esr:31.2
  • Mozilla Firefox Extended Support Release (ESR) 31.3
    cpe:2.3:a:mozilla:firefox_esr:31.3
  • Mozilla Firefox Extended Support Release (ESR) 31.3.0
    cpe:2.3:a:mozilla:firefox_esr:31.3.0
  • Mozilla Firefox Extended Support Release (ESR) 31.4
    cpe:2.3:a:mozilla:firefox_esr:31.4
  • Mozilla Firefox Extended Support Release (ESR) 31.5
    cpe:2.3:a:mozilla:firefox_esr:31.5
  • Mozilla Firefox Extended Support Release (ESR) 31.5.1
    cpe:2.3:a:mozilla:firefox_esr:31.5.1
  • Mozilla Firefox Extended Support Release (ESR) 31.5.2
    cpe:2.3:a:mozilla:firefox_esr:31.5.2
  • Mozilla Firefox Extended Support Release (ESR) 31.5.3
    cpe:2.3:a:mozilla:firefox_esr:31.5.3
  • Mozilla Firefox Extended Support Release (ESR) 31.6
    cpe:2.3:a:mozilla:firefox_esr:31.6
  • Mozilla Firefox Extended Support Release (ESR) 31.8
    cpe:2.3:a:mozilla:firefox_esr:31.8
  • Mozilla Firefox ESR 38.0
    cpe:2.3:a:mozilla:firefox_esr:38.0
  • Mozilla Firefox ESR 38.0 (64 bit)
    cpe:2.3:a:mozilla:firefox_esr:38.0:-:-:-:-:-:x64
  • Mozilla Firefox ESR 38.0.1
    cpe:2.3:a:mozilla:firefox_esr:38.0.1
  • Mozilla Firefox ESR 38.0.1 (64 bit)
    cpe:2.3:a:mozilla:firefox_esr:38.0.1:-:-:-:-:-:x64
  • Mozilla Firefox ESR 38.0.5
    cpe:2.3:a:mozilla:firefox_esr:38.0.5
  • Mozilla Firefox ESR 38.0.5 (64 bit)
    cpe:2.3:a:mozilla:firefox_esr:38.0.5:-:-:-:-:-:x64
  • Mozilla Firefox ESR 38.1.0
    cpe:2.3:a:mozilla:firefox_esr:38.1.0
  • Mozilla Firefox ESR 38.1.0 (64 bit)
    cpe:2.3:a:mozilla:firefox_esr:38.1.0:-:-:-:-:-:x64
  • Mozilla Firefox ESR 38.1.1
    cpe:2.3:a:mozilla:firefox_esr:38.1.1
  • Mozilla Firefox ESR 38.1.1 (64 bit)
    cpe:2.3:a:mozilla:firefox_esr:38.1.1:-:-:-:-:-:x64
  • Mozilla Firefox ESR 38.2.0
    cpe:2.3:a:mozilla:firefox_esr:38.2.0
  • Mozilla Firefox ESR 38.2.0 (64 bit)
    cpe:2.3:a:mozilla:firefox_esr:38.2.0:-:-:-:-:-:x64
  • Mozilla Firefox ESR 38.2.1
    cpe:2.3:a:mozilla:firefox_esr:38.2.1
  • Mozilla Firefox ESR 38.2.1 (64 bit)
    cpe:2.3:a:mozilla:firefox_esr:38.2.1:-:-:-:-:-:x64
  • Mozilla Firefox Extended Support Release (ESR) 38.3.0
    cpe:2.3:a:mozilla:firefox_esr:38.3.0
  • Mozilla Firefox ESR 38.3.0 (64 bit)
    cpe:2.3:a:mozilla:firefox_esr:38.3.0:-:-:-:-:-:x64
  • Mozilla Firefox ESR 38.4.0
    cpe:2.3:a:mozilla:firefox_esr:38.4.0
  • Mozilla Firefox ESR 38.4.0 (64 bit)
    cpe:2.3:a:mozilla:firefox_esr:38.4.0:-:-:-:-:-:x64
  • Mozilla Firefox ESR 38.5.0
    cpe:2.3:a:mozilla:firefox_esr:38.5.0
  • Mozilla Firefox ESR 38.5.1
    cpe:2.3:a:mozilla:firefox_esr:38.5.1
  • Mozilla Firefox ESR 38.5.2
    cpe:2.3:a:mozilla:firefox_esr:38.5.2
  • Mozilla Firefox Extended Support Release (ESR) 38.6.0
    cpe:2.3:a:mozilla:firefox_esr:38.6.0
  • Mozilla Firefox Extended Support Release (ESR) 38.6.1
    cpe:2.3:a:mozilla:firefox_esr:38.6.1
  • Mozilla Firefox Extended Support Release (ESR) 38.7.0
    cpe:2.3:a:mozilla:firefox_esr:38.7.0
  • Mozilla Firefox Extended Support Release (ESR) 38.7.1
    cpe:2.3:a:mozilla:firefox_esr:38.7.1
  • Mozilla Firefox ESR 38.8.0
    cpe:2.3:a:mozilla:firefox_esr:38.8.0
  • Mozilla Firefox Extended Support Release (ESR) 45.0.2
    cpe:2.3:a:mozilla:firefox_esr:45.0.2
  • Mozilla Firefox Extended Support Release (ESR) 45.1.0
    cpe:2.3:a:mozilla:firefox_esr:45.1.0
  • Mozilla Firefox Extended Support Release (ESR) 45.1.1
    cpe:2.3:a:mozilla:firefox_esr:45.1.1
  • Mozilla Firefox Extended Support Release (ESR) 45.2.0
    cpe:2.3:a:mozilla:firefox_esr:45.2.0
  • Mozilla Firefox Extended Support Release (ESR) 45.3.0
    cpe:2.3:a:mozilla:firefox_esr:45.3.0
  • Mozilla Firefox ESR 45.4.0
    cpe:2.3:a:mozilla:firefox_esr:45.4.0
  • Mozilla Firefox ESR 45.5.0
    cpe:2.3:a:mozilla:firefox_esr:45.5.0
CVSS
Base: 7.5
Impact:
Exploitability:
CWE CWE-416
CAPEC
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-187.NASL
    description This update for MozillaFirefox to version 51.0.1 fixes security issues and bugs. These security issues were fixed : - CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (bmo#1325200, boo#1021814) - CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817) CVE-2017-5377: Memory corruption with transforms to create gradients in Skia (bmo#1306883, boo#1021826) - CVE-2017-5378: Pointer and frame data leakage of JavaScript objects (bmo#1312001, bmo#1330769, boo#1021818) - CVE-2017-5379: Use-after-free in Web Animations (bmo#1309198,boo#1021827) - CVE-2017-5380: Potential use-after-free during DOM manipulations (bmo#1322107, boo#1021819) - CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (bmo#1297361, boo#1021820) - CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests (bmo#1308688, boo#1021828) - CVE-2017-5396: Use-after-free with Media Decoder (bmo#1329403, boo#1021821) - CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations (bmo#1017616, boo#1021830) - CVE-2017-5382: Feed preview can expose privileged content errors and exceptions (bmo#1295322, boo#1021831) - CVE-2017-5383: Location bar spoofing with unicode characters (bmo#1323338, bmo#1324716, boo#1021822) - CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) (bmo#1255474, boo#1021832) - CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers (bmo#1295945, boo#1021833) - CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions (bmo#1319070, boo#1021823) - CVE-2017-5391: Content about: pages can load privileged about: pages (bmo#1309310, boo#1021835) - CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager (bmo#1309282, boo#1021837) - CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages (bmo#1295023, boo#1021839) - CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks (bmo#1281482, boo#1021840) - CVE-2017-5374: Memory safety bugs (boo#1021841) - CVE-2017-5373: Memory safety bugs (boo#1021824) These non-security issues in MozillaFirefox were fixed : - Added support for FLAC (Free Lossless Audio Codec) playback - Added support for WebGL 2 - Added Georgian (ka) and Kabyle (kab) locales - Support saving passwords for forms without 'submit' events - Improved video performance for users without GPU acceleration - Zoom indicator is shown in the URL bar if the zoom level is not at default level - View passwords from the prompt before saving them - Remove Belarusian (be) locale - Use Skia for content rendering (Linux) - Improve recognition of LANGUAGE env variable (boo#1017174) - Multiprocess incompatibility did not correctly register with some add-ons (bmo#1333423)
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 96940
    published 2017-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96940
    title openSUSE Security Update : MozillaFirefox (openSUSE-2017-187)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_THUNDERBIRD_45_7.NASL
    description The version of Mozilla Thunderbird installed on the remote macOS or Mac OS X host is prior to 45.7. It is, therefore, affected by multiple vulnerabilities : - Mozilla developers and community members Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Thunderbird 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5373) - JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. (CVE-2017-5375) - Use-after-free while manipulating XSL in XSLT documents. (CVE-2017-5376) - Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. (CVE-2017-5378) - A potential use-after-free found through fuzzing during DOM manipulation of SVG content. (CVE-2017-5380) - URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. (CVE-2017-5383) - The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. (CVE-2017-5390) - A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. (CVE-2017-5396) Note that Tenable Network Security has extracted the preceding description block directly from the Mozilla security advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-07-14
    plugin id 96904
    published 2017-01-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96904
    title Mozilla Thunderbird < 45.7 Multiple Vulnerabilities (macOS)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_51.NASL
    description The version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 51. It is, therefore, affected by the following vulnerabilities : - Mozilla developers and community members Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5373) - Mozilla developers and community members Gary Kwong, Olli Pettay, Tooru Fujisawa, Carsten Book, Andrew McCreight, Chris Pearce, Ronald Crane, Jan de Mooij, Julian Seward, Nicolas Pierron, Randell Jesup, Esther Monchari, Honza Bambas, and Philipp reported memory safety bugs present in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5374) - JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. (CVE-2017-5375) - Use-after-free while manipulating XSL in XSLT documents (CVE-2017-5376) - A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. (CVE-2017-5377) - Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. (CVE-2017-5378) - Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. (CVE-2017-5379) - A potential use-after-free found through fuzzing during DOM manipulation of SVG content. (CVE-2017-5380) - The 'export' function in the Certificate Viewer can force local filesystem navigation when the 'common name' in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. (CVE-2017-5381) - Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. (CVE-2017-5382) - URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. (CVE-2017-5383) - Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely. (CVE-2017-5384) - Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. (CVE-2017-5385) - WebExtension scripts can use the 'data:' protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. (CVE-2017-5386) - The existence of a specifically requested local file can be found due to the double firing of the 'onerror' when the 'source' attribute on a tag refers to a file that does not exist if the source page is loaded locally. (CVE-2017-5387) - A STUN server in conjunction with a large number of 'webkitRTCPeerConnection' objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. (CVE-2017-5388) - WebExtensions could use the 'mozAddonManager' API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. (CVE-2017-5389) - The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. (CVE-2017-5390) - Special 'about:' pages used by web content, such as RSS feeds, can load privileged 'about:' pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. (CVE-2017-5391) - The 'mozAddonManager' allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. (CVE-2017-5393) - A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. (CVE-2017-5396) Note that Tenable Network Security has extracted the preceding description block directly from the Mozilla security advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-07-14
    plugin id 96774
    published 2017-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96774
    title Mozilla Firefox < 51 Multiple Vulnerabilities (macOS)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_45_7_ESR.NASL
    description The version of Mozilla Firefox ESR installed on the remote macOS or Mac OS X host is 45.x prior to 45.7. It is, therefore, affected by the following vulnerabilities : - Mozilla developers and community members Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5373) - JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. (CVE-2017-5375) - Use-after-free while manipulating XSL in XSLT documents (CVE-2017-5376) - Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. (CVE-2017-5378) - A potential use-after-free found through fuzzing during DOM manipulation of SVG content. (CVE-2017-5380) - URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. (CVE-2017-5383) - WebExtension scripts can use the 'data:' protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. (CVE-2017-5386) - The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. (CVE-2017-5390) - A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. (CVE-2017-5396) Note that Tenable Network Security has extracted the preceding description block directly from the Mozilla security advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-07-14
    plugin id 96773
    published 2017-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96773
    title Mozilla Firefox ESR 45.x < 45.7 Multiple Vulnerabilities (macOS)
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_45_7.NASL
    description The version of Mozilla Thunderbird installed on the remote Windows host is prior to 45.7. It is, therefore, affected by multiple vulnerabilities : - Mozilla developers and community members Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Thunderbird 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5373) - JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. (CVE-2017-5375) - Use-after-free while manipulating XSL in XSLT documents. (CVE-2017-5376) - Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. (CVE-2017-5378) - A potential use-after-free found through fuzzing during DOM manipulation of SVG content. (CVE-2017-5380) - URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. (CVE-2017-5383) - The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. (CVE-2017-5390) - A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. (CVE-2017-5396) Note that Tenable Network Security has extracted the preceding description block directly from the Mozilla security advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2018-07-16
    plugin id 96905
    published 2017-01-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96905
    title Mozilla Thunderbird < 45.7 Multiple Vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-0190.NASL
    description An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 21 February 2017] This advisory has been updated to include Firefox packages for the PPC and S390 architectures that were previously omitted. For this revised update, packages for all architectures were rebuilt. The rebuilt packages do not contain any new code changes. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jann Horn, Filipe Gomes, Muneaki Nishimura, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters.
    last seen 2018-11-11
    modified 2018-11-10
    plugin id 96813
    published 2017-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96813
    title CentOS 5 / 6 / 7 : firefox (CESA-2017:0190)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-0238.NASL
    description An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.7.0. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5390, CVE-2017-5396) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jann Horn, Filipe Gomes, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 96949
    published 2017-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96949
    title RHEL 5 / 6 / 7 : thunderbird (RHSA-2017:0238)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-800.NASL
    description Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or information leaks or privilege escalation. For Debian 7 'Wheezy', these problems have been fixed in version 45.7.0esr-1~deb7u1. We recommend that you upgrade your firefox-esr packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-31
    plugin id 96815
    published 2017-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96815
    title Debian DLA-800-1 : firefox-esr security update
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-0238.NASL
    description An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.7.0. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5390, CVE-2017-5396) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jann Horn, Filipe Gomes, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters.
    last seen 2018-11-11
    modified 2018-11-10
    plugin id 96962
    published 2017-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96962
    title CentOS 5 / 6 / 7 : thunderbird (CESA-2017:0238)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-0238.NASL
    description From Red Hat Security Advisory 2017:0238 : An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.7.0. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5390, CVE-2017-5396) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jann Horn, Filipe Gomes, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 96970
    published 2017-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96970
    title Oracle Linux 6 / 7 : thunderbird (ELSA-2017-0238)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-0190.NASL
    description From Red Hat Security Advisory 2017:0190 : An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 21 February 2017] This advisory has been updated to include Firefox packages for the PPC and S390 architectures that were previously omitted. For this revised update, packages for all architectures were rebuilt. The rebuilt packages do not contain any new code changes. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jann Horn, Filipe Gomes, Muneaki Nishimura, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters.
    last seen 2018-09-06
    modified 2018-09-05
    plugin id 96789
    published 2017-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96789
    title Oracle Linux 5 / 6 / 7 : firefox (ELSA-2017-0190)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3771.NASL
    description Multiple security issues have been found in the Mozilla Firefox web browser: Memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or privilege escalation.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 96780
    published 2017-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96780
    title Debian DSA-3771-1 : firefox-esr - security update
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201702-13.NASL
    description The remote host is affected by the vulnerability described in GLSA-201702-13 (Mozilla Thunderbird: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, by enticing a user to open a specially crafted email or web page, could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 97256
    published 2017-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97256
    title GLSA-201702-13 : Mozilla Thunderbird: Multiple vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170125_FIREFOX_ON_SL5_X.NASL
    description This update upgrades Firefox to version 45.7.0 ESR. Security Fix(es) : - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 96792
    published 2017-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96792
    title Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170202_THUNDERBIRD_ON_SL5_X.NASL
    description This update upgrades Thunderbird to version 45.7.0. Security Fix(es) : - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5390, CVE-2017-5396)
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 96975
    published 2017-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96975
    title Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_45_7_ESR.NASL
    description The version of Mozilla Firefox ESR installed on the remote Windows host is prior to 45.7. It is, therefore, affected by multiple vulnerabilities : - Mozilla developers and community members Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5373) - JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. (CVE-2017-5375) - Use-after-free while manipulating XSL in XSLT documents (CVE-2017-5376) - Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. (CVE-2017-5378) - A potential use-after-free found through fuzzing during DOM manipulation of SVG content. (CVE-2017-5380) - URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. (CVE-2017-5383) - WebExtension scripts can use the 'data:' protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. (CVE-2017-5386) - The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. (CVE-2017-5390) - A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. (CVE-2017-5396) Note that Tenable Network Security has extracted the preceding description block directly from the Mozilla security advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-07-16
    plugin id 96775
    published 2017-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96775
    title Mozilla Firefox ESR < 45.7 Multiple Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-896.NASL
    description Multiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or spoofing. With version 45.8 Debian drops it's custom branding from the Icedove package and ships the mail client as Thunderbird again. Please see the link below for further information: https://wiki.debian.org/Thunderbird Transition packages for the Icedove packages are provided which automatically upgrade to the new version. Since new binary packages need to be installed, make sure to allow that in your upgrade procedure (e.g. by using 'apt-get dist-upgrade' instead of 'apt-get upgrade'). For Debian 7 'Wheezy', these problems have been fixed in version 1:45.8.0-3~deb7u1. We recommend that you upgrade your icedove packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-31
    plugin id 99442
    published 2017-04-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99442
    title Debian DLA-896-1 : icedove/thunderbird security update
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_51.NASL
    description The version of Mozilla Firefox installed on the remote Windows host is prior to 51.0. It is, therefore, affected by multiple vulnerabilities : - Mozilla developers and community members Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5373) - Mozilla developers and community members Gary Kwong, Olli Pettay, Tooru Fujisawa, Carsten Book, Andrew McCreight, Chris Pearce, Ronald Crane, Jan de Mooij, Julian Seward, Nicolas Pierron, Randell Jesup, Esther Monchari, Honza Bambas, and Philipp reported memory safety bugs present in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-5374) - JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. (CVE-2017-5375) - Use-after-free while manipulating XSL in XSLT documents (CVE-2017-5376) - A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. (CVE-2017-5377) - Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. (CVE-2017-5378) - Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. (CVE-2017-5379) - A potential use-after-free found through fuzzing during DOM manipulation of SVG content. (CVE-2017-5380) - The 'export' function in the Certificate Viewer can force local filesystem navigation when the 'common name' in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. (CVE-2017-5381) - Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. (CVE-2017-5382) - URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. (CVE-2017-5383) - Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely. (CVE-2017-5384) - Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. (CVE-2017-5385) - WebExtension scripts can use the 'data:' protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. (CVE-2017-5386) - The existence of a specifically requested local file can be found due to the double firing of the 'onerror' when the 'source' attribute on a tag refers to a file that does not exist if the source page is loaded locally. (CVE-2017-5387) - A STUN server in conjunction with a large number of 'webkitRTCPeerConnection' objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. (CVE-2017-5388) - WebExtensions could use the 'mozAddonManager' API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. (CVE-2017-5389) - The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. (CVE-2017-5390) - Special 'about:' pages used by web content, such as RSS feeds, can load privileged 'about:' pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. (CVE-2017-5391) - The 'mozAddonManager' allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. (CVE-2017-5393) - A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. (CVE-2017-5396) Note that Tenable Network Security has extracted the preceding description block directly from the Mozilla security advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-07-16
    plugin id 96776
    published 2017-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96776
    title Mozilla Firefox < 51.0 Multiple Vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201702-22.NASL
    description The remote host is affected by the vulnerability described in GLSA-201702-22 (Mozilla Firefox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, bypass access restriction, access otherwise protected information, or spoof content via multiple vectors. Workaround : There is no known workaround at this time.
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 97265
    published 2017-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97265
    title GLSA-201702-22 : Mozilla Firefox: Multiple vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3175-1.NASL
    description Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374) JIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5375) Nicolas Gregoire discovered a use-after-free when manipulating XSL in XSLT documents in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5376) Atte Kettunen discovered a memory corruption issue in Skia in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5377) Jann Horn discovered that an object's address could be discovered through hashed codes of JavaScript objects shared between pages. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5378) A use-after-free was discovered in Web Animations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5379) A use-after-free was discovered during DOM manipulation of SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5380) Jann Horn discovered that the 'export' function in the Certificate Viewer can force local filesystem navigation when the Common Name contains slashes. If a user were tricked in to exporting a specially crafted certificate, an attacker could potentially exploit this to save content with arbitrary filenames in unsafe locations. (CVE-2017-5381) Jerri Rice discovered that the Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5382) Armin Razmjou discovered that certain unicode glyphs do not trigger punycode display. An attacker could potentially exploit this to spoof the URL bar contents. (CVE-2017-5383) Paul Stone and Alex Chapman discovered that the full URL path is exposed to JavaScript functions specified by Proxy Auto-Config (PAC) files. If a user has enabled Web Proxy Auto Detect (WPAD), an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5384) Muneaki Nishimura discovered that data sent in multipart channels will ignore the Referrer-Policy response headers. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5385) Muneaki Nishimura discovered that WebExtensions can affect other extensions using the data: protocol. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to obtain sensitive information or gain additional privileges. (CVE-2017-5386) Mustafa Hasan discovered that the existence of local files can be determined using the element. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5387) Cullen Jennings discovered that WebRTC can be used to generate large amounts of UDP traffic. An attacker could potentially exploit this to conduct Distributed Denial-of-Service (DDOS) attacks. (CVE-2017-5388) Kris Maglione discovered that WebExtensions can use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to install additional addons without user permission. (CVE-2017-5389) Jerri Rice discovered insecure communication methods in the Dev Tools JSON Viewer. An attacker could potentially exploit this to gain additional privileges. (CVE-2017-5390) Jerri Rice discovered that about: pages used by content can load privileged about: pages in iframes. An attacker could potentially exploit this to gain additional privileges, in combination with a content-injection bug in one of those about: pages. (CVE-2017-5391) Stuart Colville discovered that mozAddonManager allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this, in combination with a cross-site scripting (XSS) attack on Mozilla's AMO sites, to install additional addons. (CVE-2017-5393) Filipe Gomes discovered a use-after-free in the media decoder in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5396). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-12-02
    modified 2018-12-01
    plugin id 96872
    published 2017-01-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96872
    title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox vulnerabilities (USN-3175-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-0190.NASL
    description An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 21 February 2017] This advisory has been updated to include Firefox packages for the PPC and S390 architectures that were previously omitted. For this revised update, packages for all architectures were rebuilt. The rebuilt packages do not contain any new code changes. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jann Horn, Filipe Gomes, Muneaki Nishimura, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 96791
    published 2017-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96791
    title RHEL 5 / 6 / 7 : firefox (RHSA-2017:0190)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3175-2.NASL
    description USN-3175-1 fixed vulnerabilities in Firefox. The update caused a regression on systems where the AppArmor profile for Firefox is set to enforce mode. This update fixes the problem. We apologize for the inconvenience. Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374) JIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5375) Nicolas Gregoire discovered a use-after-free when manipulating XSL in XSLT documents in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5376) Atte Kettunen discovered a memory corruption issue in Skia in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5377) Jann Horn discovered that an object's address could be discovered through hashed codes of JavaScript objects shared between pages. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5378) A use-after-free was discovered in Web Animations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5379) A use-after-free was discovered during DOM manipulation of SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5380) Jann Horn discovered that the 'export' function in the Certificate Viewer can force local filesystem navigation when the Common Name contains slashes. If a user were tricked in to exporting a specially crafted certificate, an attacker could potentially exploit this to save content with arbitrary filenames in unsafe locations. (CVE-2017-5381) Jerri Rice discovered that the Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5382) Armin Razmjou discovered that certain unicode glyphs do not trigger punycode display. An attacker could potentially exploit this to spoof the URL bar contents. (CVE-2017-5383) Paul Stone and Alex Chapman discovered that the full URL path is exposed to JavaScript functions specified by Proxy Auto-Config (PAC) files. If a user has enabled Web Proxy Auto Detect (WPAD), an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5384) Muneaki Nishimura discovered that data sent in multipart channels will ignore the Referrer-Policy response headers. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5385) Muneaki Nishimura discovered that WebExtensions can affect other extensions using the data: protocol. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to obtain sensitive information or gain additional privileges. (CVE-2017-5386) Mustafa Hasan discovered that the existence of local files can be determined using the element. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5387) Cullen Jennings discovered that WebRTC can be used to generate large amounts of UDP traffic. An attacker could potentially exploit this to conduct Distributed Denial-of-Service (DDOS) attacks. (CVE-2017-5388) Kris Maglione discovered that WebExtensions can use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to install additional addons without user permission. (CVE-2017-5389) Jerri Rice discovered insecure communication methods in the Dev Tools JSON Viewer. An attacker could potentially exploit this to gain additional privileges. (CVE-2017-5390) Jerri Rice discovered that about: pages used by content can load privileged about: pages in iframes. An attacker could potentially exploit this to gain additional privileges, in combination with a content-injection bug in one of those about: pages. (CVE-2017-5391) Stuart Colville discovered that mozAddonManager allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this, in combination with a cross-site scripting (XSS) attack on Mozilla's AMO sites, to install additional addons. (CVE-2017-5393) Filipe Gomes discovered a use-after-free in the media decoder in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5396). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-12-02
    modified 2018-12-01
    plugin id 97047
    published 2017-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97047
    title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox regression (USN-3175-2)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1011.NASL
    description According to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-9079,CVE-2016-9893,CVE-2016-9895,CVE-2016-989 7,CVE-2016-9898,CVE-2016-9899,CVE-2016-9900,CVE-2016-99 01,CVE-2016-9902,CVE-2016-9904,CVE-2016-9905,CVE-2017-5 373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-11-15
    modified 2018-11-14
    plugin id 99857
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99857
    title EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1011)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2017-026-01.NASL
    description New mozilla-thunderbird packages are available for Slackware 14.1, 14.2, and -current to fix security issues.
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 96804
    published 2017-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96804
    title Slackware 14.1 / 14.2 / current : mozilla-thunderbird (SSA:2017-026-01)
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZLSA-2017-0190.NASL
    description An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 21 February 2017] This advisory has been updated to include Firefox packages for the PPC and S390 architectures that were previously omitted. For this revised update, packages for all architectures were rebuilt. The rebuilt packages do not contain any new code changes. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jann Horn, Filipe Gomes, Muneaki Nishimura, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-11-29
    modified 2018-11-27
    plugin id 101416
    published 2017-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101416
    title Virtuozzo 6 : firefox (VZLSA-2017-0190)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-188.NASL
    description This update to Mozilla Thunderbird 45.7.0 fixes security issues and bugs. The following security issues from advisory MFSA 2017-03 were fixed (boo#1021991) In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts : - CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (boo#1021814) - CVE-2017-5376: Use-after-free in XSL (boo#1021817) - CVE-2017-5378: Pointer and frame data leakage of JavaScript objects (boo#1021818) - CVE-2017-5380: Potential use-after-free during DOM manipulations (boo#1021819) - CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (boo#1021820) - CVE-2017-5396: Use-after-free with Media Decoder (boo#1021821) - CVE-2017-5383: Location bar spoofing with unicode characters (boo#1021822) - CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7 (boo#1021824) The following non-security bugs were fixed : - Message preview pane non-functional after IMAP folder was renamed or moved - 'Move To' button on 'Search Messages' panel not working - Message sent to 'undisclosed recipients' shows no recipient (non-functional since Thunderbird version 38)
    last seen 2018-09-05
    modified 2018-09-04
    plugin id 96941
    published 2017-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96941
    title openSUSE Security Update : MozillaThunderbird (openSUSE-2017-188)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3165-1.NASL
    description Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9893, CVE-2017-5373) Andrew Krasichkov discovered that event handlers on elements were executed despite a Content Security Policy (CSP) that disallowed inline JavaScript. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-9895) A memory corruption issue was discovered in WebGL in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9897) A use-after-free was discovered when manipulating DOM subtrees in the Editor. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9898) A use-after-free was discovered when manipulating DOM events and audio elements. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9899) It was discovered that external resources that should be blocked when loading SVG images can bypass security restrictions using data: URLs. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-9900) Jann Horn discovered that JavaScript Map/Set were vulnerable to timing attacks. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to obtain sensitive information across domains. (CVE-2016-9904) A crash was discovered in EnumerateSubDocuments while adding or removing sub-documents. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-9905) JIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5375) Nicolas Gregoire discovered a use-after-free when manipulating XSL in XSLT documents in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5376) Jann Horn discovered that an object's address could be discovered through hashed codes of JavaScript objects shared between pages. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5378) A use-after-free was discovered during DOM manipulation of SVG content in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5380) Armin Razmjou discovered that certain unicode glyphs do not trigger punycode display. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to spoof the URL bar contents. (CVE-2017-5383) Jerri Rice discovered insecure communication methods in the Dev Tools JSON Viewer. An attacker could potentially exploit this to gain additional privileges. (CVE-2017-5390) Filipe Gomes discovered a use-after-free in the media decoder in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5396). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-12-02
    modified 2018-12-01
    plugin id 96871
    published 2017-01-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96871
    title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : thunderbird vulnerabilities (USN-3165-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-0427-1.NASL
    description MozillaFirefox 45 ESR was updated to 45.7 to fix the following issues (bsc#1021991) : - MFSA 2017-02/CVE-2017-5378: Pointer and frame data leakage of JavaScript objects (bsc#1021818) - MFSA 2017-02/CVE-2017-5396: Use-after-free with Media Decoder (bsc#1021821) - MFSA 2017-02/CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions (bsc#1021823) - MFSA 2017-02/CVE-2017-5380: Potential use-after-free during DOM manipulations (bsc#1021819) - MFSA 2017-02/CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (bsc#1021820) - MFSA 2017-02/CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 (bsc#1021824) - MFSA 2017-02/CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (bsc#1021814) - MFSA 2017-02/CVE-2017-5376: Use-after-free in XSL (bsc#1021817) - MFSA 2017-02/CVE-2017-5383: Location bar spoofing with unicode characters (bsc#1021822) Please see https://www.mozilla.org/en-US/security/advisories/mfsa20 17-02/ for more information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-12-02
    modified 2018-11-30
    plugin id 97082
    published 2017-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97082
    title SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2017:0427-1)
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZLSA-2017-0238.NASL
    description An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.7.0. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5390, CVE-2017-5396) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jann Horn, Filipe Gomes, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-11-29
    modified 2018-11-27
    plugin id 101418
    published 2017-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101418
    title Virtuozzo 6 : thunderbird (VZLSA-2017-0238)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3832.NASL
    description Multiple security issues have been found in Thunderbird, which may may lead to the execution of arbitrary code or information leaks. With this update, the Icedove packages are de-branded back to the official Mozilla branding. With the removing of the Debian branding the packages are also renamed back to the official names used by Mozilla. The Thunderbird package is using a different default profile folder, the default profile folder is now '\$(HOME)/.thunderbird'. The users profile folder, that was used in Icedove, will get migrated to the new profile folder on the first start, that can take a little bit more time. Please read README.Debian for getting more information about the changes.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 99545
    published 2017-04-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99545
    title Debian DSA-3832-1 : icedove - security update
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1012.NASL
    description According to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-9079,CVE-2016-9893, CVE-2016-9899, CVE-2016-9895, CVE-2016-9897, CVE-2016-9898, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9904, CVE-2016-9905,CVE-2017-5373,CVE-2017-5375,CVE-2017-5376 ,CVE-2017-5378,CVE-2017-5380,CVE-2017-5383,CVE-2017-538 6,CVE-2017-5390,CVE-2017-5396) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-11-15
    modified 2018-11-14
    plugin id 99858
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99858
    title EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1012)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_E60169C4AA8646B08AE20D81F683DF09.NASL
    description Mozilla Foundation reports : Please reference CVE/URL list for details
    last seen 2018-11-24
    modified 2018-11-23
    plugin id 96743
    published 2017-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96743
    title FreeBSD : mozilla -- multiple vulnerabilities (e60169c4-aa86-46b0-8ae2-0d81f683df09)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-0426-1.NASL
    description MozillaFirefox 45 ESR was updated to 45.7 to fix the following issues (bsc#1021991) : - MFSA 2017-02/CVE-2017-5378: Pointer and frame data leakage of JavaScript objects (bsc#1021818) - MFSA 2017-02/CVE-2017-5396: Use-after-free with Media Decoder (bsc#1021821) - MFSA 2017-02/CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions (bsc#1021823) - MFSA 2017-02/CVE-2017-5380: Potential use-after-free during DOM manipulations (bsc#1021819) - MFSA 2017-02/CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (bsc#1021820) - MFSA 2017-02/CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 (bsc#1021824) - MFSA 2017-02/CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (bsc#1021814) - MFSA 2017-02/CVE-2017-5376: Use-after-free in XSL (bsc#1021817) - MFSA 2017-02/CVE-2017-5383: Location bar spoofing with unicode characters (bsc#1021822) Please see https://www.mozilla.org/en-US/security/advisories/mfsa20 17-02/ for more information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-12-02
    modified 2018-11-30
    plugin id 97081
    published 2017-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97081
    title SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2017:0426-1)
redhat via4
advisories
  • rhsa
    id RHSA-2017:0190
  • rhsa
    id RHSA-2017:0238
rpms
  • firefox-0:45.7.0-2.el5_11
  • firefox-0:45.7.0-2.el6_8
  • firefox-0:45.7.0-2.el7_3
  • thunderbird-0:45.7.0-1.el5_11
  • thunderbird-0:45.7.0-1.el6_8
  • thunderbird-0:45.7.0-1.el7_3
refmap via4
bid 95758
confirm
debian
  • DSA-3771
  • DSA-3832
gentoo
  • GLSA-201702-13
  • GLSA-201702-22
sectrack 1037693
Last major update 11-06-2018 - 17:29
Published 11-06-2018 - 17:29
Last modified 02-08-2018 - 15:37
Back to Top