ID CVE-2017-5470
Summary Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
References
Vulnerable Configurations
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • Red Hat Enterprise Linux 6.0
    cpe:2.3:o:redhat:enterprise_linux:6.0
  • Red Hat Enterprise Linux (RHEL) 7.0 (7)
    cpe:2.3:o:redhat:enterprise_linux:7.0
  • Red Hat Enterprise Linux Desktop 6.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • Red Hat Enterprise Linux Server 6.0
    cpe:2.3:o:redhat:enterprise_linux_server:6.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • Red Hat Enterprise Linux Advanced mission critical Update Support (AUS) 7.3
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3
  • Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 7.4
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.3
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.4
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.5
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5
  • Red Hat Enterprise Linux Workstation 6.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • Mozilla Firefox
    cpe:2.3:a:mozilla:firefox
  • Mozilla Firefox 0.1
    cpe:2.3:a:mozilla:firefox:0.1
  • Mozilla Firefox 0.2
    cpe:2.3:a:mozilla:firefox:0.2
  • Mozilla Firefox 0.3
    cpe:2.3:a:mozilla:firefox:0.3
  • Mozilla Firefox 0.4
    cpe:2.3:a:mozilla:firefox:0.4
  • Mozilla Firefox 0.5
    cpe:2.3:a:mozilla:firefox:0.5
  • Mozilla Firefox 0.6
    cpe:2.3:a:mozilla:firefox:0.6
  • Mozilla Firefox 0.6.1
    cpe:2.3:a:mozilla:firefox:0.6.1
  • Mozilla Firefox 0.7
    cpe:2.3:a:mozilla:firefox:0.7
  • Mozilla Firefox 0.7.1
    cpe:2.3:a:mozilla:firefox:0.7.1
  • Mozilla Firefox 0.8
    cpe:2.3:a:mozilla:firefox:0.8
  • Mozilla Firefox 0.9
    cpe:2.3:a:mozilla:firefox:0.9
  • Mozilla Firefox 0.9 rc
    cpe:2.3:a:mozilla:firefox:0.9:rc
  • Mozilla Firefox 0.9.1
    cpe:2.3:a:mozilla:firefox:0.9.1
  • Mozilla Firefox 0.9.2
    cpe:2.3:a:mozilla:firefox:0.9.2
  • Mozilla Firefox 0.9.3
    cpe:2.3:a:mozilla:firefox:0.9.3
  • Mozilla Firefox 0.10
    cpe:2.3:a:mozilla:firefox:0.10
  • Mozilla Firefox 0.10.1
    cpe:2.3:a:mozilla:firefox:0.10.1
  • Mozilla Firefox 1.0
    cpe:2.3:a:mozilla:firefox:1.0
  • Mozilla Firefox 1.0 Preview Release
    cpe:2.3:a:mozilla:firefox:1.0:preview_release
  • Mozilla Firefox 1.0.1
    cpe:2.3:a:mozilla:firefox:1.0.1
  • Mozilla Firefox 1.0.2
    cpe:2.3:a:mozilla:firefox:1.0.2
  • Mozilla Firefox 1.0.3
    cpe:2.3:a:mozilla:firefox:1.0.3
  • Mozilla Firefox 1.0.4
    cpe:2.3:a:mozilla:firefox:1.0.4
  • Mozilla Firefox 1.0.5
    cpe:2.3:a:mozilla:firefox:1.0.5
  • Mozilla Firefox 1.0.6
    cpe:2.3:a:mozilla:firefox:1.0.6
  • Mozilla Firefox 1.0.7
    cpe:2.3:a:mozilla:firefox:1.0.7
  • Mozilla Firefox 1.0.8
    cpe:2.3:a:mozilla:firefox:1.0.8
  • Mozilla Firefox 1.4.1
    cpe:2.3:a:mozilla:firefox:1.4.1
  • Mozilla Firefox 1.5
    cpe:2.3:a:mozilla:firefox:1.5
  • Mozilla Firefox 1.5 Beta 1
    cpe:2.3:a:mozilla:firefox:1.5:beta1
  • Mozilla Firefox 1.5 Beta 2
    cpe:2.3:a:mozilla:firefox:1.5:beta2
  • Mozilla Firefox 1.5.0.1
    cpe:2.3:a:mozilla:firefox:1.5.0.1
  • Mozilla Firefox 1.5.0.2
    cpe:2.3:a:mozilla:firefox:1.5.0.2
  • Mozilla Firefox 1.5.0.3
    cpe:2.3:a:mozilla:firefox:1.5.0.3
  • Mozilla Firefox 1.5.0.4
    cpe:2.3:a:mozilla:firefox:1.5.0.4
  • Mozilla Firefox 1.5.0.5
    cpe:2.3:a:mozilla:firefox:1.5.0.5
  • Mozilla Firefox 1.5.0.6
    cpe:2.3:a:mozilla:firefox:1.5.0.6
  • Mozilla Firefox 1.5.0.7
    cpe:2.3:a:mozilla:firefox:1.5.0.7
  • Mozilla Firefox 1.5.0.8
    cpe:2.3:a:mozilla:firefox:1.5.0.8
  • Mozilla Firefox 1.5.0.9
    cpe:2.3:a:mozilla:firefox:1.5.0.9
  • Mozilla Firefox 1.5.0.10
    cpe:2.3:a:mozilla:firefox:1.5.0.10
  • Mozilla Firefox 1.5.0.11
    cpe:2.3:a:mozilla:firefox:1.5.0.11
  • Mozilla Firefox 1.5.0.12
    cpe:2.3:a:mozilla:firefox:1.5.0.12
  • Mozilla Firefox 1.5.1
    cpe:2.3:a:mozilla:firefox:1.5.1
  • Mozilla Firefox 1.5.2
    cpe:2.3:a:mozilla:firefox:1.5.2
  • Mozilla Firefox 1.5.3
    cpe:2.3:a:mozilla:firefox:1.5.3
  • Mozilla Firefox 1.5.4
    cpe:2.3:a:mozilla:firefox:1.5.4
  • Mozilla Firefox 1.5.5
    cpe:2.3:a:mozilla:firefox:1.5.5
  • Mozilla Firefox 1.5.6
    cpe:2.3:a:mozilla:firefox:1.5.6
  • Mozilla Firefox 1.5.7
    cpe:2.3:a:mozilla:firefox:1.5.7
  • Mozilla Firefox 1.5.8
    cpe:2.3:a:mozilla:firefox:1.5.8
  • Mozilla Firefox 1.8
    cpe:2.3:a:mozilla:firefox:1.8
  • Mozilla Firefox 2.0
    cpe:2.3:a:mozilla:firefox:2.0
  • Mozilla Firefox 2.0.0.1
    cpe:2.3:a:mozilla:firefox:2.0.0.1
  • Mozilla Firefox 2.0.0.2
    cpe:2.3:a:mozilla:firefox:2.0.0.2
  • Mozilla Firefox 2.0.0.3
    cpe:2.3:a:mozilla:firefox:2.0.0.3
  • Mozilla Firefox 2.0.0.4
    cpe:2.3:a:mozilla:firefox:2.0.0.4
  • Mozilla Firefox 2.0.0.5
    cpe:2.3:a:mozilla:firefox:2.0.0.5
  • Mozilla Firefox 2.0.0.6
    cpe:2.3:a:mozilla:firefox:2.0.0.6
  • Mozilla Firefox 2.0.0.7
    cpe:2.3:a:mozilla:firefox:2.0.0.7
  • Mozilla Firefox 2.0.0.8
    cpe:2.3:a:mozilla:firefox:2.0.0.8
  • Mozilla Firefox 2.0.0.9
    cpe:2.3:a:mozilla:firefox:2.0.0.9
  • Mozilla Firefox 2.0.0.10
    cpe:2.3:a:mozilla:firefox:2.0.0.10
  • Mozilla Firefox 2.0.0.11
    cpe:2.3:a:mozilla:firefox:2.0.0.11
  • Mozilla Firefox 2.0.0.12
    cpe:2.3:a:mozilla:firefox:2.0.0.12
  • Mozilla Firefox 2.0.0.13
    cpe:2.3:a:mozilla:firefox:2.0.0.13
  • Mozilla Firefox 2.0.0.14
    cpe:2.3:a:mozilla:firefox:2.0.0.14
  • Mozilla Firefox 2.0.0.15
    cpe:2.3:a:mozilla:firefox:2.0.0.15
  • Mozilla Firefox 2.0.0.16
    cpe:2.3:a:mozilla:firefox:2.0.0.16
  • Mozilla Firefox 2.0.0.17
    cpe:2.3:a:mozilla:firefox:2.0.0.17
  • Mozilla Firefox 2.0.0.18
    cpe:2.3:a:mozilla:firefox:2.0.0.18
  • Mozilla Firefox 2.0.0.19
    cpe:2.3:a:mozilla:firefox:2.0.0.19
  • Mozilla Firefox 2.0.0.20
    cpe:2.3:a:mozilla:firefox:2.0.0.20
  • Mozilla Firefox 3.0
    cpe:2.3:a:mozilla:firefox:3.0
  • Mozilla Firefox 3.0.1
    cpe:2.3:a:mozilla:firefox:3.0.1
  • Mozilla Firefox 3.0.2
    cpe:2.3:a:mozilla:firefox:3.0.2
  • Mozilla Firefox 3.0.3
    cpe:2.3:a:mozilla:firefox:3.0.3
  • Mozilla Firefox 3.0.4
    cpe:2.3:a:mozilla:firefox:3.0.4
  • Mozilla Firefox 3.0.5
    cpe:2.3:a:mozilla:firefox:3.0.5
  • Mozilla Firefox 3.0.6
    cpe:2.3:a:mozilla:firefox:3.0.6
  • Mozilla Firefox 3.0.7
    cpe:2.3:a:mozilla:firefox:3.0.7
  • Mozilla Firefox 3.0.8
    cpe:2.3:a:mozilla:firefox:3.0.8
  • Mozilla Firefox 3.0.9
    cpe:2.3:a:mozilla:firefox:3.0.9
  • Mozilla Firefox 3.0.10
    cpe:2.3:a:mozilla:firefox:3.0.10
  • Mozilla Firefox 3.0.11
    cpe:2.3:a:mozilla:firefox:3.0.11
  • Mozilla Firefox 3.0.12
    cpe:2.3:a:mozilla:firefox:3.0.12
  • Mozilla Firefox 3.0.13
    cpe:2.3:a:mozilla:firefox:3.0.13
  • Mozilla Firefox 3.0.14
    cpe:2.3:a:mozilla:firefox:3.0.14
  • Mozilla Firefox 3.0.15
    cpe:2.3:a:mozilla:firefox:3.0.15
  • Mozilla Firefox 3.0.16
    cpe:2.3:a:mozilla:firefox:3.0.16
  • Mozilla Firefox 3.0.17
    cpe:2.3:a:mozilla:firefox:3.0.17
  • Mozilla Firefox 3.0.18
    cpe:2.3:a:mozilla:firefox:3.0.18
  • Mozilla Firefox 3.0.19
    cpe:2.3:a:mozilla:firefox:3.0.19
  • Mozilla Firefox 3.5
    cpe:2.3:a:mozilla:firefox:3.5
  • Mozilla Firefox 3.5.1
    cpe:2.3:a:mozilla:firefox:3.5.1
  • Mozilla Firefox 3.5.2
    cpe:2.3:a:mozilla:firefox:3.5.2
  • Mozilla Firefox 3.5.3
    cpe:2.3:a:mozilla:firefox:3.5.3
  • Mozilla Firefox 3.5.4
    cpe:2.3:a:mozilla:firefox:3.5.4
  • Mozilla Firefox 3.5.5
    cpe:2.3:a:mozilla:firefox:3.5.5
  • Mozilla Firefox 3.5.6
    cpe:2.3:a:mozilla:firefox:3.5.6
  • Mozilla Firefox 3.5.7
    cpe:2.3:a:mozilla:firefox:3.5.7
  • Mozilla Firefox 3.5.8
    cpe:2.3:a:mozilla:firefox:3.5.8
  • Mozilla Firefox 3.5.9
    cpe:2.3:a:mozilla:firefox:3.5.9
  • Mozilla Firefox 3.5.10
    cpe:2.3:a:mozilla:firefox:3.5.10
  • Mozilla Firefox 3.5.11
    cpe:2.3:a:mozilla:firefox:3.5.11
  • Mozilla Firefox 3.5.12
    cpe:2.3:a:mozilla:firefox:3.5.12
  • Mozilla Firefox 3.5.13
    cpe:2.3:a:mozilla:firefox:3.5.13
  • Mozilla Firefox 3.5.14
    cpe:2.3:a:mozilla:firefox:3.5.14
  • Mozilla Firefox 3.5.15
    cpe:2.3:a:mozilla:firefox:3.5.15
  • Mozilla Firefox 3.5.16
    cpe:2.3:a:mozilla:firefox:3.5.16
  • Mozilla Firefox 3.5.17
    cpe:2.3:a:mozilla:firefox:3.5.17
  • Mozilla Firefox 3.5.18
    cpe:2.3:a:mozilla:firefox:3.5.18
  • Mozilla Firefox 3.5.19
    cpe:2.3:a:mozilla:firefox:3.5.19
  • Mozilla Firefox 3.6
    cpe:2.3:a:mozilla:firefox:3.6
  • Mozilla Firefox 3.6.2
    cpe:2.3:a:mozilla:firefox:3.6.2
  • Mozilla Firefox 3.6.3
    cpe:2.3:a:mozilla:firefox:3.6.3
  • Mozilla Firefox 3.6.4
    cpe:2.3:a:mozilla:firefox:3.6.4
  • Mozilla Firefox 3.6.6
    cpe:2.3:a:mozilla:firefox:3.6.6
  • Mozilla Firefox 3.6.7
    cpe:2.3:a:mozilla:firefox:3.6.7
  • Mozilla Firefox 3.6.8
    cpe:2.3:a:mozilla:firefox:3.6.8
  • Mozilla Firefox 3.6.9
    cpe:2.3:a:mozilla:firefox:3.6.9
  • Mozilla Firefox 3.6.10
    cpe:2.3:a:mozilla:firefox:3.6.10
  • Mozilla Firefox 3.6.11
    cpe:2.3:a:mozilla:firefox:3.6.11
  • Mozilla Firefox 3.6.12
    cpe:2.3:a:mozilla:firefox:3.6.12
  • Mozilla Firefox 3.6.13
    cpe:2.3:a:mozilla:firefox:3.6.13
  • Mozilla Firefox 3.6.14
    cpe:2.3:a:mozilla:firefox:3.6.14
  • Mozilla Firefox 3.6.15
    cpe:2.3:a:mozilla:firefox:3.6.15
  • Mozilla Firefox 3.6.16
    cpe:2.3:a:mozilla:firefox:3.6.16
  • Mozilla Firefox 3.6.17
    cpe:2.3:a:mozilla:firefox:3.6.17
  • Mozilla Firefox 3.6.18
    cpe:2.3:a:mozilla:firefox:3.6.18
  • Mozilla Firefox 3.6.19
    cpe:2.3:a:mozilla:firefox:3.6.19
  • Mozilla Firefox 3.6.20
    cpe:2.3:a:mozilla:firefox:3.6.20
  • Mozilla Firefox 3.6.21
    cpe:2.3:a:mozilla:firefox:3.6.21
  • Mozilla Firefox 3.6.22
    cpe:2.3:a:mozilla:firefox:3.6.22
  • Mozilla Firefox 3.6.23
    cpe:2.3:a:mozilla:firefox:3.6.23
  • Mozilla Firefox 3.6.24
    cpe:2.3:a:mozilla:firefox:3.6.24
  • Mozilla Firefox 3.6.25
    cpe:2.3:a:mozilla:firefox:3.6.25
  • Mozilla Firefox 3.6.26
    cpe:2.3:a:mozilla:firefox:3.6.26
  • Mozilla Firefox 3.6.27
    cpe:2.3:a:mozilla:firefox:3.6.27
  • Mozilla Firefox 3.6.28
    cpe:2.3:a:mozilla:firefox:3.6.28
  • Mozilla Firefox 4.0
    cpe:2.3:a:mozilla:firefox:4.0
  • Mozilla Firefox 4.0 beta1
    cpe:2.3:a:mozilla:firefox:4.0:beta1
  • Mozilla Firefox 4.0 beta10
    cpe:2.3:a:mozilla:firefox:4.0:beta10
  • Mozilla Firefox 4.0 beta11
    cpe:2.3:a:mozilla:firefox:4.0:beta11
  • Mozilla Firefox 4.0 beta12
    cpe:2.3:a:mozilla:firefox:4.0:beta12
  • Mozilla Firefox 4.0 beta2
    cpe:2.3:a:mozilla:firefox:4.0:beta2
  • Mozilla Firefox 4.0 beta3
    cpe:2.3:a:mozilla:firefox:4.0:beta3
  • Mozilla Firefox 4.0 beta4
    cpe:2.3:a:mozilla:firefox:4.0:beta4
  • Mozilla Firefox 4.0 beta5
    cpe:2.3:a:mozilla:firefox:4.0:beta5
  • Mozilla Firefox 4.0 beta6
    cpe:2.3:a:mozilla:firefox:4.0:beta6
  • Mozilla Firefox 4.0 beta7
    cpe:2.3:a:mozilla:firefox:4.0:beta7
  • Mozilla Firefox 4.0 beta8
    cpe:2.3:a:mozilla:firefox:4.0:beta8
  • Mozilla Firefox 4.0 beta9
    cpe:2.3:a:mozilla:firefox:4.0:beta9
  • Mozilla Firefox 4.0.1
    cpe:2.3:a:mozilla:firefox:4.0.1
  • Mozilla Firefox 5.0
    cpe:2.3:a:mozilla:firefox:5.0
  • Mozilla Firefox 5.0.1
    cpe:2.3:a:mozilla:firefox:5.0.1
  • Mozilla Firefox 6.0
    cpe:2.3:a:mozilla:firefox:6.0
  • Mozilla Firefox 6.0.1
    cpe:2.3:a:mozilla:firefox:6.0.1
  • Mozilla Firefox 6.0.2
    cpe:2.3:a:mozilla:firefox:6.0.2
  • Mozilla Firefox 7.0
    cpe:2.3:a:mozilla:firefox:7.0
  • Mozilla Firefox 7.0.1
    cpe:2.3:a:mozilla:firefox:7.0.1
  • Mozilla Firefox 8.0
    cpe:2.3:a:mozilla:firefox:8.0
  • Mozilla Firefox 8.0.1
    cpe:2.3:a:mozilla:firefox:8.0.1
  • Mozilla Firefox 9.0
    cpe:2.3:a:mozilla:firefox:9.0
  • Mozilla Firefox 9.0.1
    cpe:2.3:a:mozilla:firefox:9.0.1
  • Mozilla Firefox 10.0
    cpe:2.3:a:mozilla:firefox:10.0
  • Mozilla Firefox 10.0.1
    cpe:2.3:a:mozilla:firefox:10.0.1
  • Mozilla Firefox 10.0.2
    cpe:2.3:a:mozilla:firefox:10.0.2
  • Mozilla Firefox 10.0.3
    cpe:2.3:a:mozilla:firefox:10.0.3
  • Mozilla Firefox 10.0.4
    cpe:2.3:a:mozilla:firefox:10.0.4
  • Mozilla Firefox 10.0.5
    cpe:2.3:a:mozilla:firefox:10.0.5
  • Mozilla Firefox 10.0.6
    cpe:2.3:a:mozilla:firefox:10.0.6
  • Mozilla Firefox 10.0.7
    cpe:2.3:a:mozilla:firefox:10.0.7
  • Mozilla Firefox 10.0.8
    cpe:2.3:a:mozilla:firefox:10.0.8
  • Mozilla Firefox 10.0.9
    cpe:2.3:a:mozilla:firefox:10.0.9
  • Mozilla Firefox 10.0.10
    cpe:2.3:a:mozilla:firefox:10.0.10
  • Mozilla Firefox 10.0.11
    cpe:2.3:a:mozilla:firefox:10.0.11
  • Mozilla Firefox 10.0.12
    cpe:2.3:a:mozilla:firefox:10.0.12
  • Mozilla Firefox 11.0
    cpe:2.3:a:mozilla:firefox:11.0
  • Mozilla Firefox 12.0
    cpe:2.3:a:mozilla:firefox:12.0
  • Mozilla Firefox 12.0 beta6
    cpe:2.3:a:mozilla:firefox:12.0:beta6
  • Mozilla Firefox 13.0
    cpe:2.3:a:mozilla:firefox:13.0
  • Mozilla Firefox 13.0.1
    cpe:2.3:a:mozilla:firefox:13.0.1
  • Mozilla Firefox 14.0
    cpe:2.3:a:mozilla:firefox:14.0
  • Mozilla Firefox 14.0.1
    cpe:2.3:a:mozilla:firefox:14.0.1
  • Mozilla Firefox 15.0
    cpe:2.3:a:mozilla:firefox:15.0
  • Mozilla Firefox 15.0.1
    cpe:2.3:a:mozilla:firefox:15.0.1
  • Mozilla Firefox 16.0
    cpe:2.3:a:mozilla:firefox:16.0
  • Mozilla Firefox 16.0.1
    cpe:2.3:a:mozilla:firefox:16.0.1
  • Mozilla Firefox 16.0.2
    cpe:2.3:a:mozilla:firefox:16.0.2
  • Mozilla Firefox 17.0
    cpe:2.3:a:mozilla:firefox:17.0
  • Mozilla Firefox 17.0.1
    cpe:2.3:a:mozilla:firefox:17.0.1
  • Mozilla Firefox 17.0.2
    cpe:2.3:a:mozilla:firefox:17.0.2
  • Mozilla Firefox 17.0.3
    cpe:2.3:a:mozilla:firefox:17.0.3
  • Mozilla Firefox 17.0.4
    cpe:2.3:a:mozilla:firefox:17.0.4
  • Mozilla Firefox 17.0.5
    cpe:2.3:a:mozilla:firefox:17.0.5
  • Mozilla Firefox 17.0.6
    cpe:2.3:a:mozilla:firefox:17.0.6
  • Mozilla Firefox 17.0.7
    cpe:2.3:a:mozilla:firefox:17.0.7
  • Mozilla Firefox 17.0.8
    cpe:2.3:a:mozilla:firefox:17.0.8
  • Mozilla Firefox 17.0.9
    cpe:2.3:a:mozilla:firefox:17.0.9
  • Mozilla Firefox 17.0.10
    cpe:2.3:a:mozilla:firefox:17.0.10
  • Mozilla Firefox 17.0.11
    cpe:2.3:a:mozilla:firefox:17.0.11
  • Mozilla Firefox 18.0
    cpe:2.3:a:mozilla:firefox:18.0
  • Mozilla Firefox 18.0.1
    cpe:2.3:a:mozilla:firefox:18.0.1
  • Mozilla Firefox 18.0.2
    cpe:2.3:a:mozilla:firefox:18.0.2
  • Mozilla Firefox 19.0
    cpe:2.3:a:mozilla:firefox:19.0
  • Mozilla Firefox 19.0.1
    cpe:2.3:a:mozilla:firefox:19.0.1
  • Mozilla Firefox 19.0.2
    cpe:2.3:a:mozilla:firefox:19.0.2
  • Mozilla Firefox 20.0
    cpe:2.3:a:mozilla:firefox:20.0
  • Mozilla Firefox 20.0.1
    cpe:2.3:a:mozilla:firefox:20.0.1
  • Mozilla Firefox 21.0
    cpe:2.3:a:mozilla:firefox:21.0
  • Mozilla Firefox 22.0
    cpe:2.3:a:mozilla:firefox:22.0
  • Mozilla Firefox 23.0
    cpe:2.3:a:mozilla:firefox:23.0
  • Mozilla Firefox 23.0.1
    cpe:2.3:a:mozilla:firefox:23.0.1
  • Mozilla Firefox 24.0
    cpe:2.3:a:mozilla:firefox:24.0
  • Mozilla Firefox 24.1
    cpe:2.3:a:mozilla:firefox:24.1
  • Mozilla Firefox 24.1.1
    cpe:2.3:a:mozilla:firefox:24.1.1
  • Mozilla Firefox 25.0
    cpe:2.3:a:mozilla:firefox:25.0
  • Mozilla Firefox 25.0.1
    cpe:2.3:a:mozilla:firefox:25.0.1
  • Mozilla Firefox 26.0
    cpe:2.3:a:mozilla:firefox:26.0
  • Mozilla Firefox 27.0
    cpe:2.3:a:mozilla:firefox:27.0
  • Mozilla Firefox 27.0.1
    cpe:2.3:a:mozilla:firefox:27.0.1
  • Mozilla Firefox 28.0
    cpe:2.3:a:mozilla:firefox:28.0
  • Mozilla Firefox 29.0
    cpe:2.3:a:mozilla:firefox:29.0
  • Mozilla Firefox 29.0.1
    cpe:2.3:a:mozilla:firefox:29.0.1
  • Mozilla Firefox 30.0
    cpe:2.3:a:mozilla:firefox:30.0
  • Mozilla Firefox 31.0
    cpe:2.3:a:mozilla:firefox:31.0
  • Mozilla Firefox 31.1.0
    cpe:2.3:a:mozilla:firefox:31.1.0
  • Mozilla Firefox 32.0
    cpe:2.3:a:mozilla:firefox:32.0
  • Mozilla Firefox 33.0
    cpe:2.3:a:mozilla:firefox:33.0
  • Mozilla Firefox 34.0
    cpe:2.3:a:mozilla:firefox:34.0
  • Mozilla Firefox 34.0.5
    cpe:2.3:a:mozilla:firefox:34.0.5
  • Mozilla Firefox 35.0
    cpe:2.3:a:mozilla:firefox:35.0
  • Mozilla Firefox 35.0.1
    cpe:2.3:a:mozilla:firefox:35.0.1
  • Mozilla Firefox 36.0
    cpe:2.3:a:mozilla:firefox:36.0
  • Mozilla Firefox 36.0.1
    cpe:2.3:a:mozilla:firefox:36.0.1
  • Mozilla Firefox 36.0.3
    cpe:2.3:a:mozilla:firefox:36.0.3
  • Mozilla Firefox 36.0.4
    cpe:2.3:a:mozilla:firefox:36.0.4
  • Mozilla Firefox 37.0
    cpe:2.3:a:mozilla:firefox:37.0
  • Mozilla Firefox 37.0.1
    cpe:2.3:a:mozilla:firefox:37.0.1
  • Mozilla Firefox 37.0.2
    cpe:2.3:a:mozilla:firefox:37.0.2
  • Mozilla Firefox 38.0
    cpe:2.3:a:mozilla:firefox:38.0
  • Mozilla Firefox 40.0.3
    cpe:2.3:a:mozilla:firefox:40.0.3
  • Mozilla Firefox 41.0
    cpe:2.3:a:mozilla:firefox:41.0
  • Mozilla Firefox 41.0.1
    cpe:2.3:a:mozilla:firefox:41.0.1
  • Mozilla Firefox 41.0.2
    cpe:2.3:a:mozilla:firefox:41.0.2
  • Mozilla Firefox 42.0
    cpe:2.3:a:mozilla:firefox:42.0
  • Mozilla Firefox 42.0 (64 bit)
    cpe:2.3:a:mozilla:firefox:42.0:-:-:-:-:-:x64
  • Mozilla Firefox 43.0
    cpe:2.3:a:mozilla:firefox:43.0
  • Mozilla Firefox 43.0.1
    cpe:2.3:a:mozilla:firefox:43.0.1
  • Mozilla Firefox 43.0.2
    cpe:2.3:a:mozilla:firefox:43.0.2
  • Mozilla Firefox 43.0.3
    cpe:2.3:a:mozilla:firefox:43.0.3
  • Mozilla Firefox 43.0.4
    cpe:2.3:a:mozilla:firefox:43.0.4
  • Mozilla Firefox 44.0.1
    cpe:2.3:a:mozilla:firefox:44.0.1
  • Mozilla Firefox 44.0.2
    cpe:2.3:a:mozilla:firefox:44.0.2
  • Mozilla Firefox 45.0.1
    cpe:2.3:a:mozilla:firefox:45.0.1
  • Mozilla Firefox 45.0.2
    cpe:2.3:a:mozilla:firefox:45.0.2
  • Mozilla Firefox 46.0.1
    cpe:2.3:a:mozilla:firefox:46.0.1
  • Mozilla Firefox 47.0.1
    cpe:2.3:a:mozilla:firefox:47.0.1
  • Mozilla Firefox 48.0.2
    cpe:2.3:a:mozilla:firefox:48.0.2
  • Mozilla Firefox 49.0
    cpe:2.3:a:mozilla:firefox:49.0
  • Mozilla Firefox 49.0.1
    cpe:2.3:a:mozilla:firefox:49.0.1
  • Mozilla Firefox 49.0.2
    cpe:2.3:a:mozilla:firefox:49.0.2
  • Mozilla Firefox 50.0
    cpe:2.3:a:mozilla:firefox:50.0
  • Mozilla Firefox 50.0.1
    cpe:2.3:a:mozilla:firefox:50.0.1
  • Mozilla Firefox 50.0.2
    cpe:2.3:a:mozilla:firefox:50.0.2
  • Mozilla Firefox 51.0
    cpe:2.3:a:mozilla:firefox:51.0
  • Mozilla Firefox 51.0.1
    cpe:2.3:a:mozilla:firefox:51.0.1
  • Mozilla Firefox 52.0
    cpe:2.3:a:mozilla:firefox:52.0
  • Mozilla Firefox 52.0.1
    cpe:2.3:a:mozilla:firefox:52.0.1
  • Mozilla Firefox 52.0.2
    cpe:2.3:a:mozilla:firefox:52.0.2
  • Mozilla Firefox 52.1.0
    cpe:2.3:a:mozilla:firefox:52.1.0
  • Mozilla Firefox 52.1.1
    cpe:2.3:a:mozilla:firefox:52.1.1
  • Mozilla Firefox 52.1.2
    cpe:2.3:a:mozilla:firefox:52.1.2
  • Mozilla Firefox 52.2.0
    cpe:2.3:a:mozilla:firefox:52.2.0
  • Mozilla Firefox 52.2.1
    cpe:2.3:a:mozilla:firefox:52.2.1
  • Mozilla Firefox 52.3.0
    cpe:2.3:a:mozilla:firefox:52.3.0
  • Mozilla Firefox 52.4.0
    cpe:2.3:a:mozilla:firefox:52.4.0
  • Mozilla Firefox 52.4.1
    cpe:2.3:a:mozilla:firefox:52.4.1
  • Mozilla Firefox 52.5.0
    cpe:2.3:a:mozilla:firefox:52.5.0
  • Mozilla Firefox 52.5.2
    cpe:2.3:a:mozilla:firefox:52.5.2
  • Mozilla Firefox 52.5.3
    cpe:2.3:a:mozilla:firefox:52.5.3
  • Mozilla Firefox 52.6.0
    cpe:2.3:a:mozilla:firefox:52.6.0
  • Mozilla Firefox 52.7.0
    cpe:2.3:a:mozilla:firefox:52.7.0
  • Mozilla Firefox 52.7.1
    cpe:2.3:a:mozilla:firefox:52.7.1
  • Mozilla Firefox 52.7.2
    cpe:2.3:a:mozilla:firefox:52.7.2
  • Mozilla Firefox 52.7.3
    cpe:2.3:a:mozilla:firefox:52.7.3
  • Mozilla Firefox 52.7.4
    cpe:2.3:a:mozilla:firefox:52.7.4
  • Mozilla Firefox 52.8.0
    cpe:2.3:a:mozilla:firefox:52.8.0
  • Mozilla Firefox 52.8.1
    cpe:2.3:a:mozilla:firefox:52.8.1
  • Mozilla Firefox 53.0
    cpe:2.3:a:mozilla:firefox:53.0
  • Mozilla Firefox 53.0.2
    cpe:2.3:a:mozilla:firefox:53.0.2
  • Mozilla Firefox 53.0.3
    cpe:2.3:a:mozilla:firefox:53.0.3
  • Mozilla Firefox Extended Support Release (ESR) 10.0
    cpe:2.3:a:mozilla:firefox_esr:10.0
  • Mozilla Firefox Extended Support Release (ESR) 10.1
    cpe:2.3:a:mozilla:firefox_esr:10.0.1
  • Mozilla Firefox Extended Support Release (ESR) 10.0.2
    cpe:2.3:a:mozilla:firefox_esr:10.0.2
  • Mozilla Firefox Extended Support Release (ESR) 10.0.3
    cpe:2.3:a:mozilla:firefox_esr:10.0.3
  • Mozilla Firefox Extended Support Release (ESR) 10.0.4
    cpe:2.3:a:mozilla:firefox_esr:10.0.4
  • Mozilla Firefox Extended Support Release (ESR) 10.0.5
    cpe:2.3:a:mozilla:firefox_esr:10.0.5
  • Mozilla Firefox Extended Support Release (ESR) 10.0.6
    cpe:2.3:a:mozilla:firefox_esr:10.0.6
  • Mozilla Firefox Extended Support Release (ESR) 10.0.7
    cpe:2.3:a:mozilla:firefox_esr:10.0.7
  • Mozilla Firefox Extended Support Release (ESR) 10.0.8
    cpe:2.3:a:mozilla:firefox_esr:10.0.8
  • Mozilla Firefox Extended Support Release (ESR) 10.0.9
    cpe:2.3:a:mozilla:firefox_esr:10.0.9
  • Mozilla Firefox Extended Support Release (ESR) 10.0.10
    cpe:2.3:a:mozilla:firefox_esr:10.0.10
  • Mozilla Firefox Extended Support Release (ESR) 10.0.11
    cpe:2.3:a:mozilla:firefox_esr:10.0.11
  • Mozilla Firefox Extended Support Release (ESR) 10.0.12
    cpe:2.3:a:mozilla:firefox_esr:10.0.12
  • Mozilla Firefox Extended Support Release (ESR) 17.0
    cpe:2.3:a:mozilla:firefox_esr:17.0
  • Mozilla Firefox Extended Support Release (ESR) 17.0.1
    cpe:2.3:a:mozilla:firefox_esr:17.0.1
  • Mozilla Firefox Extended Support Release (ESR) 17.0.2
    cpe:2.3:a:mozilla:firefox_esr:17.0.2
  • Mozilla Firefox Extended Support Release (ESR) 17.0.3
    cpe:2.3:a:mozilla:firefox_esr:17.0.3
  • Mozilla Firefox Extended Support Release (ESR) 17.0.4
    cpe:2.3:a:mozilla:firefox_esr:17.0.4
  • Mozilla Firefox Extended Support Release (ESR) 17.0.5
    cpe:2.3:a:mozilla:firefox_esr:17.0.5
  • Mozilla Firefox Extended Support Release (ESR) 17.0.6
    cpe:2.3:a:mozilla:firefox_esr:17.0.6
  • Mozilla Firefox Extended Support Release (ESR) 17.0.7
    cpe:2.3:a:mozilla:firefox_esr:17.0.7
  • Mozilla Firefox Extended Support Release (ESR) 17.0.8
    cpe:2.3:a:mozilla:firefox_esr:17.0.8
  • Mozilla Firefox Extended Support Release (ESR) 17.0.9
    cpe:2.3:a:mozilla:firefox_esr:17.0.9
  • Mozilla Firefox Extended Support Release (ESR) 17.0.10
    cpe:2.3:a:mozilla:firefox_esr:17.0.10
  • Mozilla Firefox Extended Support Release (ESR) 17.0.11
    cpe:2.3:a:mozilla:firefox_esr:17.0.11
  • Mozilla Firefox Extended Support Release (ESR) 24.0
    cpe:2.3:a:mozilla:firefox_esr:24.0
  • Mozilla Firefox Extended Support Release (ESR) 24.0.1
    cpe:2.3:a:mozilla:firefox_esr:24.0.1
  • Mozilla Firefox Extended Support Release (ESR) 24.0.2
    cpe:2.3:a:mozilla:firefox_esr:24.0.2
  • Mozilla Firefox Extended Support Release (ESR) 24.1.0
    cpe:2.3:a:mozilla:firefox_esr:24.1.0
  • Mozilla Firefox Extended Support Release (ESR) 24.1.1
    cpe:2.3:a:mozilla:firefox_esr:24.1.1
  • Mozilla Firefox Extended Support Release (ESR) 24.2
    cpe:2.3:a:mozilla:firefox_esr:24.2
  • Mozilla Firefox Extended Support Release (ESR) 24.3
    cpe:2.3:a:mozilla:firefox_esr:24.3
  • Mozilla Firefox Extended Support Release (ESR) 24.4
    cpe:2.3:a:mozilla:firefox_esr:24.4
  • Mozilla Firefox Extended Support Release (ESR) 24.5
    cpe:2.3:a:mozilla:firefox_esr:24.5
  • Mozilla Firefox Extended Support Release (ESR) 24.6
    cpe:2.3:a:mozilla:firefox_esr:24.6
  • Mozilla Firefox Extended Support Release (ESR) 24.7
    cpe:2.3:a:mozilla:firefox_esr:24.7
  • Mozilla Firefox Extended Support Release (ESR) 24.8
    cpe:2.3:a:mozilla:firefox_esr:24.8
  • Mozilla Firefox Extended Support Release (ESR) 31.0
    cpe:2.3:a:mozilla:firefox_esr:31.0
  • Mozilla Firefox Extended Support Release (ESR) 31.1
    cpe:2.3:a:mozilla:firefox_esr:31.1
  • Mozilla Firefox Extended Support Release (ESR) 31.1.0
    cpe:2.3:a:mozilla:firefox_esr:31.1.0
  • Mozilla Firefox Extended Support Release (ESR) 31.1.1
    cpe:2.3:a:mozilla:firefox_esr:31.1.1
  • Mozilla Firefox Extended Support Release (ESR) 31.2
    cpe:2.3:a:mozilla:firefox_esr:31.2
  • Mozilla Firefox Extended Support Release (ESR) 31.3
    cpe:2.3:a:mozilla:firefox_esr:31.3
  • Mozilla Firefox Extended Support Release (ESR) 31.3.0
    cpe:2.3:a:mozilla:firefox_esr:31.3.0
  • Mozilla Firefox Extended Support Release (ESR) 31.4
    cpe:2.3:a:mozilla:firefox_esr:31.4
  • Mozilla Firefox Extended Support Release (ESR) 31.5
    cpe:2.3:a:mozilla:firefox_esr:31.5
  • Mozilla Firefox Extended Support Release (ESR) 31.5.1
    cpe:2.3:a:mozilla:firefox_esr:31.5.1
  • Mozilla Firefox Extended Support Release (ESR) 31.5.2
    cpe:2.3:a:mozilla:firefox_esr:31.5.2
  • Mozilla Firefox Extended Support Release (ESR) 31.5.3
    cpe:2.3:a:mozilla:firefox_esr:31.5.3
  • Mozilla Firefox Extended Support Release (ESR) 31.6
    cpe:2.3:a:mozilla:firefox_esr:31.6
  • Mozilla Firefox Extended Support Release (ESR) 31.8
    cpe:2.3:a:mozilla:firefox_esr:31.8
  • Mozilla Firefox ESR 38.0
    cpe:2.3:a:mozilla:firefox_esr:38.0
  • Mozilla Firefox ESR 38.0 (64 bit)
    cpe:2.3:a:mozilla:firefox_esr:38.0:-:-:-:-:-:x64
  • Mozilla Firefox ESR 38.0.1
    cpe:2.3:a:mozilla:firefox_esr:38.0.1
  • Mozilla Firefox ESR 38.0.1 (64 bit)
    cpe:2.3:a:mozilla:firefox_esr:38.0.1:-:-:-:-:-:x64
  • Mozilla Firefox ESR 38.0.5
    cpe:2.3:a:mozilla:firefox_esr:38.0.5
  • Mozilla Firefox ESR 38.0.5 (64 bit)
    cpe:2.3:a:mozilla:firefox_esr:38.0.5:-:-:-:-:-:x64
  • Mozilla Firefox ESR 38.1.0
    cpe:2.3:a:mozilla:firefox_esr:38.1.0
  • Mozilla Firefox ESR 38.1.0 (64 bit)
    cpe:2.3:a:mozilla:firefox_esr:38.1.0:-:-:-:-:-:x64
  • Mozilla Firefox ESR 38.1.1
    cpe:2.3:a:mozilla:firefox_esr:38.1.1
  • Mozilla Firefox ESR 38.1.1 (64 bit)
    cpe:2.3:a:mozilla:firefox_esr:38.1.1:-:-:-:-:-:x64
  • Mozilla Firefox ESR 38.2.0
    cpe:2.3:a:mozilla:firefox_esr:38.2.0
  • Mozilla Firefox ESR 38.2.0 (64 bit)
    cpe:2.3:a:mozilla:firefox_esr:38.2.0:-:-:-:-:-:x64
  • Mozilla Firefox ESR 38.2.1
    cpe:2.3:a:mozilla:firefox_esr:38.2.1
  • Mozilla Firefox ESR 38.2.1 (64 bit)
    cpe:2.3:a:mozilla:firefox_esr:38.2.1:-:-:-:-:-:x64
  • Mozilla Firefox Extended Support Release (ESR) 38.3.0
    cpe:2.3:a:mozilla:firefox_esr:38.3.0
  • Mozilla Firefox ESR 38.3.0 (64 bit)
    cpe:2.3:a:mozilla:firefox_esr:38.3.0:-:-:-:-:-:x64
  • Mozilla Firefox ESR 38.4.0
    cpe:2.3:a:mozilla:firefox_esr:38.4.0
  • Mozilla Firefox ESR 38.4.0 (64 bit)
    cpe:2.3:a:mozilla:firefox_esr:38.4.0:-:-:-:-:-:x64
  • Mozilla Firefox ESR 38.5.0
    cpe:2.3:a:mozilla:firefox_esr:38.5.0
  • Mozilla Firefox ESR 38.5.1
    cpe:2.3:a:mozilla:firefox_esr:38.5.1
  • Mozilla Firefox ESR 38.5.2
    cpe:2.3:a:mozilla:firefox_esr:38.5.2
  • Mozilla Firefox Extended Support Release (ESR) 38.6.0
    cpe:2.3:a:mozilla:firefox_esr:38.6.0
  • Mozilla Firefox Extended Support Release (ESR) 38.6.1
    cpe:2.3:a:mozilla:firefox_esr:38.6.1
  • Mozilla Firefox Extended Support Release (ESR) 38.7.0
    cpe:2.3:a:mozilla:firefox_esr:38.7.0
  • Mozilla Firefox Extended Support Release (ESR) 38.7.1
    cpe:2.3:a:mozilla:firefox_esr:38.7.1
  • Mozilla Firefox ESR 38.8.0
    cpe:2.3:a:mozilla:firefox_esr:38.8.0
  • Mozilla Firefox Extended Support Release (ESR) 45.0.2
    cpe:2.3:a:mozilla:firefox_esr:45.0.2
  • Mozilla Firefox Extended Support Release (ESR) 45.1.0
    cpe:2.3:a:mozilla:firefox_esr:45.1.0
  • Mozilla Firefox Extended Support Release (ESR) 45.1.1
    cpe:2.3:a:mozilla:firefox_esr:45.1.1
  • Mozilla Firefox Extended Support Release (ESR) 45.2.0
    cpe:2.3:a:mozilla:firefox_esr:45.2.0
  • Mozilla Firefox Extended Support Release (ESR) 45.3.0
    cpe:2.3:a:mozilla:firefox_esr:45.3.0
  • Mozilla Firefox ESR 45.4.0
    cpe:2.3:a:mozilla:firefox_esr:45.4.0
  • Mozilla Firefox ESR 45.5.0
    cpe:2.3:a:mozilla:firefox_esr:45.5.0
  • Mozilla Thunderbird
    cpe:2.3:a:mozilla:thunderbird
  • Mozilla Thunderbird 0.1
    cpe:2.3:a:mozilla:thunderbird:0.1
  • Mozilla Thunderbird 0.2
    cpe:2.3:a:mozilla:thunderbird:0.2
  • Mozilla Thunderbird 0.3
    cpe:2.3:a:mozilla:thunderbird:0.3
  • Mozilla Thunderbird 0.4
    cpe:2.3:a:mozilla:thunderbird:0.4
  • Mozilla Thunderbird 0.5
    cpe:2.3:a:mozilla:thunderbird:0.5
  • Mozilla Thunderbird 0.6
    cpe:2.3:a:mozilla:thunderbird:0.6
  • Mozilla Thunderbird 0.7
    cpe:2.3:a:mozilla:thunderbird:0.7
  • Mozilla Thunderbird 0.7.1
    cpe:2.3:a:mozilla:thunderbird:0.7.1
  • Mozilla Thunderbird 0.7.2
    cpe:2.3:a:mozilla:thunderbird:0.7.2
  • Mozilla Thunderbird 0.7.3
    cpe:2.3:a:mozilla:thunderbird:0.7.3
  • Mozilla Thunderbird 0.8
    cpe:2.3:a:mozilla:thunderbird:0.8
  • Mozilla Thunderbird 0.9
    cpe:2.3:a:mozilla:thunderbird:0.9
  • Mozilla Thunderbird 1.0
    cpe:2.3:a:mozilla:thunderbird:1.0
  • Mozilla Thunderbird 1.0.1
    cpe:2.3:a:mozilla:thunderbird:1.0.1
  • Mozilla Thunderbird 1.0.2
    cpe:2.3:a:mozilla:thunderbird:1.0.2
  • Mozilla Thunderbird 1.0.3
    cpe:2.3:a:mozilla:thunderbird:1.0.3
  • Mozilla Thunderbird 1.0.4
    cpe:2.3:a:mozilla:thunderbird:1.0.4
  • Mozilla Thunderbird 1.0.5
    cpe:2.3:a:mozilla:thunderbird:1.0.5
  • Mozilla Thunderbird 1.0.5 Beta
    cpe:2.3:a:mozilla:thunderbird:1.0.5:beta
  • Mozilla Thunderbird 1.0.6
    cpe:2.3:a:mozilla:thunderbird:1.0.6
  • Mozilla Thunderbird 1.0.7
    cpe:2.3:a:mozilla:thunderbird:1.0.7
  • Mozilla Thunderbird 1.0.8
    cpe:2.3:a:mozilla:thunderbird:1.0.8
  • Mozilla Thunderbird 1.5
    cpe:2.3:a:mozilla:thunderbird:1.5
  • Mozilla Thunderbird 1.5 Beta 2
    cpe:2.3:a:mozilla:thunderbird:1.5:beta2
  • Mozilla Thunderbird 1.5.0.1
    cpe:2.3:a:mozilla:thunderbird:1.5.0.1
  • Mozilla Thunderbird 1.5.0.2
    cpe:2.3:a:mozilla:thunderbird:1.5.0.2
  • Mozilla Thunderbird 1.5.0.3
    cpe:2.3:a:mozilla:thunderbird:1.5.0.3
  • Mozilla Thunderbird 1.5.0.4
    cpe:2.3:a:mozilla:thunderbird:1.5.0.4
  • Mozilla Thunderbird 1.5.0.5
    cpe:2.3:a:mozilla:thunderbird:1.5.0.5
  • Mozilla Thunderbird 1.5.0.6
    cpe:2.3:a:mozilla:thunderbird:1.5.0.6
  • Mozilla Thunderbird 1.5.0.7
    cpe:2.3:a:mozilla:thunderbird:1.5.0.7
  • Mozilla Thunderbird 1.5.0.8
    cpe:2.3:a:mozilla:thunderbird:1.5.0.8
  • Mozilla Thunderbird 1.5.0.9
    cpe:2.3:a:mozilla:thunderbird:1.5.0.9
  • Mozilla Thunderbird 1.5.0.10
    cpe:2.3:a:mozilla:thunderbird:1.5.0.10
  • Mozilla Thunderbird 1.5.0.11
    cpe:2.3:a:mozilla:thunderbird:1.5.0.11
  • Mozilla Thunderbird 1.5.0.12
    cpe:2.3:a:mozilla:thunderbird:1.5.0.12
  • Mozilla Thunderbird 1.5.0.13
    cpe:2.3:a:mozilla:thunderbird:1.5.0.13
  • Mozilla Thunderbird 1.5.0.14
    cpe:2.3:a:mozilla:thunderbird:1.5.0.14
  • Mozilla Thunderbird 1.5.1
    cpe:2.3:a:mozilla:thunderbird:1.5.1
  • Mozilla Thunderbird 1.5.2
    cpe:2.3:a:mozilla:thunderbird:1.5.2
  • Mozilla Mozilla Mail 1.7.1
    cpe:2.3:a:mozilla:thunderbird:1.7.1
  • Mozilla Mozilla Mail 1.7.3
    cpe:2.3:a:mozilla:thunderbird:1.7.3
  • Mozilla Thunderbird 2.0
    cpe:2.3:a:mozilla:thunderbird:2.0
  • Mozilla Thunderbird 2.0.0.0
    cpe:2.3:a:mozilla:thunderbird:2.0.0.0
  • Mozilla Thunderbird 2.0.0.1
    cpe:2.3:a:mozilla:thunderbird:2.0.0.1
  • Mozilla Thunderbird 2.0.0.2
    cpe:2.3:a:mozilla:thunderbird:2.0.0.2
  • Mozilla Thunderbird 2.0.0.3
    cpe:2.3:a:mozilla:thunderbird:2.0.0.3
  • Mozilla Thunderbird 2.0.0.4
    cpe:2.3:a:mozilla:thunderbird:2.0.0.4
  • Mozilla Thunderbird 2.0.0.5
    cpe:2.3:a:mozilla:thunderbird:2.0.0.5
  • Mozilla Thunderbird 2.0.0.6
    cpe:2.3:a:mozilla:thunderbird:2.0.0.6
  • Mozilla Thunderbird 2.0.0.7
    cpe:2.3:a:mozilla:thunderbird:2.0.0.7
  • Mozilla Thunderbird 2.0.0.8
    cpe:2.3:a:mozilla:thunderbird:2.0.0.8
  • Mozilla Thunderbird 2.0.0.9
    cpe:2.3:a:mozilla:thunderbird:2.0.0.9
  • Mozilla Thunderbird 2.0.0.11
    cpe:2.3:a:mozilla:thunderbird:2.0.0.11
  • Mozilla Thunderbird 2.0.0.12
    cpe:2.3:a:mozilla:thunderbird:2.0.0.12
  • Mozilla Thunderbird 2.0.0.13
    cpe:2.3:a:mozilla:thunderbird:2.0.0.13
  • Mozilla Thunderbird 2.0.0.14
    cpe:2.3:a:mozilla:thunderbird:2.0.0.14
  • Mozilla Thunderbird 2.0.0.15
    cpe:2.3:a:mozilla:thunderbird:2.0.0.15
  • Mozilla Thunderbird 2.0.0.16
    cpe:2.3:a:mozilla:thunderbird:2.0.0.16
  • Mozilla Thunderbird 2.0.0.17
    cpe:2.3:a:mozilla:thunderbird:2.0.0.17
  • Mozilla Thunderbird 2.0.0.18
    cpe:2.3:a:mozilla:thunderbird:2.0.0.18
  • Mozilla Thunderbird 2.0.0.19
    cpe:2.3:a:mozilla:thunderbird:2.0.0.19
  • Mozilla Thunderbird 2.0.0.20
    cpe:2.3:a:mozilla:thunderbird:2.0.0.20
  • Mozilla Thunderbird 2.0.0.21
    cpe:2.3:a:mozilla:thunderbird:2.0.0.21
  • Mozilla Thunderbird 2.0.0.22
    cpe:2.3:a:mozilla:thunderbird:2.0.0.22
  • Mozilla Thunderbird 2.0.0.23
    cpe:2.3:a:mozilla:thunderbird:2.0.0.23
  • Mozilla Thunderbird 2.0.0.14
    cpe:2.3:a:mozilla:thunderbird:2.0.14
  • Mozilla Thunderbird 3.0
    cpe:2.3:a:mozilla:thunderbird:3.0
  • Mozilla Thunderbird 3.0.1
    cpe:2.3:a:mozilla:thunderbird:3.0.1
  • Mozilla Thunderbird 3.0.2
    cpe:2.3:a:mozilla:thunderbird:3.0.2
  • Mozilla Thunderbird 3.0.3
    cpe:2.3:a:mozilla:thunderbird:3.0.3
  • Mozilla Thunderbird 3.0.4
    cpe:2.3:a:mozilla:thunderbird:3.0.4
  • Mozilla Thunderbird 3.0.5
    cpe:2.3:a:mozilla:thunderbird:3.0.5
  • Mozilla Thunderbird 3.0.6
    cpe:2.3:a:mozilla:thunderbird:3.0.6
  • Mozilla Thunderbird 3.0.7
    cpe:2.3:a:mozilla:thunderbird:3.0.7
  • Mozilla Thunderbird 3.0.8
    cpe:2.3:a:mozilla:thunderbird:3.0.8
  • Mozilla Thunderbird 3.0.9
    cpe:2.3:a:mozilla:thunderbird:3.0.9
  • Mozilla Thunderbird 3.0.10
    cpe:2.3:a:mozilla:thunderbird:3.0.10
  • Mozilla Thunderbird 3.0.11
    cpe:2.3:a:mozilla:thunderbird:3.0.11
  • Mozilla Thunderbird 3.1
    cpe:2.3:a:mozilla:thunderbird:3.1
  • Mozilla Thunderbird 3.1.1
    cpe:2.3:a:mozilla:thunderbird:3.1.1
  • Mozilla Thunderbird 3.1.2
    cpe:2.3:a:mozilla:thunderbird:3.1.2
  • Mozilla Thunderbird 3.1.3
    cpe:2.3:a:mozilla:thunderbird:3.1.3
  • Mozilla Thunderbird 3.1.4
    cpe:2.3:a:mozilla:thunderbird:3.1.4
  • Mozilla Thunderbird 3.1.5
    cpe:2.3:a:mozilla:thunderbird:3.1.5
  • Mozilla Thunderbird 3.1.6
    cpe:2.3:a:mozilla:thunderbird:3.1.6
  • Mozilla Thunderbird 3.1.7
    cpe:2.3:a:mozilla:thunderbird:3.1.7
  • Mozilla Thunderbird 3.1.8
    cpe:2.3:a:mozilla:thunderbird:3.1.8
  • Mozilla Thunderbird 3.1.9
    cpe:2.3:a:mozilla:thunderbird:3.1.9
  • Mozilla Thunderbird 3.1.10
    cpe:2.3:a:mozilla:thunderbird:3.1.10
  • Mozilla Thunderbird 3.1.11
    cpe:2.3:a:mozilla:thunderbird:3.1.11
  • Mozilla Thunderbird 3.1.12
    cpe:2.3:a:mozilla:thunderbird:3.1.12
  • Mozilla Thunderbird 3.1.13
    cpe:2.3:a:mozilla:thunderbird:3.1.13
  • Mozilla Thunderbird 3.1.14
    cpe:2.3:a:mozilla:thunderbird:3.1.14
  • Mozilla Thunderbird 3.1.15
    cpe:2.3:a:mozilla:thunderbird:3.1.15
  • Mozilla Thunderbird 3.1.16
    cpe:2.3:a:mozilla:thunderbird:3.1.16
  • Mozilla Thunderbird 3.1.17
    cpe:2.3:a:mozilla:thunderbird:3.1.17
  • Mozilla Thunderbird 3.1.18
    cpe:2.3:a:mozilla:thunderbird:3.1.18
  • Mozilla Thunderbird 3.1.19
    cpe:2.3:a:mozilla:thunderbird:3.1.19
  • Mozilla Thunderbird 5.0
    cpe:2.3:a:mozilla:thunderbird:5.0
  • Mozilla Thunderbird 6.0
    cpe:2.3:a:mozilla:thunderbird:6.0
  • Mozilla Thunderbird 6.0.1
    cpe:2.3:a:mozilla:thunderbird:6.0.1
  • Mozilla Thunderbird 6.0.2
    cpe:2.3:a:mozilla:thunderbird:6.0.2
  • Mozilla Thunderbird 7.0
    cpe:2.3:a:mozilla:thunderbird:7.0
  • Mozilla Thunderbird 7.0.1
    cpe:2.3:a:mozilla:thunderbird:7.0.1
  • Mozilla Thunderbird 8.0
    cpe:2.3:a:mozilla:thunderbird:8.0
  • Mozilla Thunderbird 9.0
    cpe:2.3:a:mozilla:thunderbird:9.0
  • Mozilla Thunderbird 9.0.1
    cpe:2.3:a:mozilla:thunderbird:9.0.1
  • Mozilla Thunderbird 10.0
    cpe:2.3:a:mozilla:thunderbird:10.0
  • Mozilla Thunderbird 10.0.1
    cpe:2.3:a:mozilla:thunderbird:10.0.1
  • Mozilla Thunderbird 10.0.2
    cpe:2.3:a:mozilla:thunderbird:10.0.2
  • Mozilla Thunderbird 10.0.3
    cpe:2.3:a:mozilla:thunderbird:10.0.3
  • Mozilla Thunderbird 10.0.4
    cpe:2.3:a:mozilla:thunderbird:10.0.4
  • Mozilla Thunderbird 11.0
    cpe:2.3:a:mozilla:thunderbird:11.0
  • Mozilla Thunderbird 11.0.1
    cpe:2.3:a:mozilla:thunderbird:11.0.1
  • Mozilla Thunderbird 12.0
    cpe:2.3:a:mozilla:thunderbird:12.0
  • Mozilla Thunderbird 12.0.1
    cpe:2.3:a:mozilla:thunderbird:12.0.1
  • Mozilla Thunderbird 13.0
    cpe:2.3:a:mozilla:thunderbird:13.0
  • Mozilla Thunderbird 13.0.1
    cpe:2.3:a:mozilla:thunderbird:13.0.1
  • Mozilla Thunderbird 14.0
    cpe:2.3:a:mozilla:thunderbird:14.0
  • Mozilla Thunderbird 15.0
    cpe:2.3:a:mozilla:thunderbird:15.0
  • Mozilla Thunderbird 15.0.1
    cpe:2.3:a:mozilla:thunderbird:15.0.1
  • Mozilla Thunderbird 16.0
    cpe:2.3:a:mozilla:thunderbird:16.0
  • Mozilla Thunderbird 16.0.1
    cpe:2.3:a:mozilla:thunderbird:16.0.1
  • Mozilla Thunderbird 16.0.2
    cpe:2.3:a:mozilla:thunderbird:16.0.2
  • Mozilla Thunderbird 17.0
    cpe:2.3:a:mozilla:thunderbird:17.0
  • Mozilla Thunderbird 17.0.1
    cpe:2.3:a:mozilla:thunderbird:17.0.1
  • Mozilla Thunderbird 17.0.2
    cpe:2.3:a:mozilla:thunderbird:17.0.2
  • Mozilla Thunderbird 17.0.3
    cpe:2.3:a:mozilla:thunderbird:17.0.3
  • Mozilla Thunderbird 17.0.4
    cpe:2.3:a:mozilla:thunderbird:17.0.4
  • Mozilla Thunderbird 17.0.5
    cpe:2.3:a:mozilla:thunderbird:17.0.5
  • Mozilla Thunderbird 17.0.6
    cpe:2.3:a:mozilla:thunderbird:17.0.6
  • Mozilla Thunderbird 17.0.7
    cpe:2.3:a:mozilla:thunderbird:17.0.7
  • Mozilla Thunderbird 17.0.8
    cpe:2.3:a:mozilla:thunderbird:17.0.8
  • Mozilla Thunderbird 17.0.9
    cpe:2.3:a:mozilla:thunderbird:17.0.9
  • Mozilla Thunderbird 17.0.10
    cpe:2.3:a:mozilla:thunderbird:17.0.10
  • Mozilla Thunderbird 24.0
    cpe:2.3:a:mozilla:thunderbird:24.0
  • Mozilla Thunderbird 24.0.1
    cpe:2.3:a:mozilla:thunderbird:24.0.1
  • Mozilla Thunderbird 24.1
    cpe:2.3:a:mozilla:thunderbird:24.1
  • Mozilla Thunderbird 24.1.0
    cpe:2.3:a:mozilla:thunderbird:24.1.0
  • Mozilla Thunderbird 24.1.1
    cpe:2.3:a:mozilla:thunderbird:24.1.1
  • Mozilla Thunderbird 24.2
    cpe:2.3:a:mozilla:thunderbird:24.2
  • Mozilla Thunderbird 24.2.0
    cpe:2.3:a:mozilla:thunderbird:24.2.0
  • Mozilla Thunderbird 24.3
    cpe:2.3:a:mozilla:thunderbird:24.3
  • Mozilla Thunderbird 24.3.0
    cpe:2.3:a:mozilla:thunderbird:24.3.0
  • Mozilla Thunderbird 24.4
    cpe:2.3:a:mozilla:thunderbird:24.4
  • Mozilla Thunderbird 24.4.0
    cpe:2.3:a:mozilla:thunderbird:24.4.0
  • Mozilla Thunderbird 24.5
    cpe:2.3:a:mozilla:thunderbird:24.5
  • Mozilla Thunderbird 24.5.0
    cpe:2.3:a:mozilla:thunderbird:24.5.0
  • Mozilla Thunderbird 24.6
    cpe:2.3:a:mozilla:thunderbird:24.6
  • Mozilla Thunderbird 24.6.0
    cpe:2.3:a:mozilla:thunderbird:24.6.0
  • Mozilla Thunderbird 24.7
    cpe:2.3:a:mozilla:thunderbird:24.7
  • Mozilla Thunderbird 24.7.0
    cpe:2.3:a:mozilla:thunderbird:24.7.0
  • Mozilla Thunderbird 24.8
    cpe:2.3:a:mozilla:thunderbird:24.8
  • Mozilla Thunderbird 31.0
    cpe:2.3:a:mozilla:thunderbird:31.0
  • Mozilla Thunderbird 31.1.0
    cpe:2.3:a:mozilla:thunderbird:31.1.0
  • Mozilla Thunderbird 31.1.2
    cpe:2.3:a:mozilla:thunderbird:31.1.2
  • Mozilla Thunderbird 31.2
    cpe:2.3:a:mozilla:thunderbird:31.2
  • Mozilla Thunderbird 31.2.0
    cpe:2.3:a:mozilla:thunderbird:31.2.0
  • Mozilla Thunderbird 31.3
    cpe:2.3:a:mozilla:thunderbird:31.3
  • Mozilla Thunderbird 31.4
    cpe:2.3:a:mozilla:thunderbird:31.4
  • Mozilla Thunderbird 31.4.0
    cpe:2.3:a:mozilla:thunderbird:31.4.0
  • Mozilla Thunderbird 31.5
    cpe:2.3:a:mozilla:thunderbird:31.5
  • Mozilla Thunderbird 31.5.0
    cpe:2.3:a:mozilla:thunderbird:31.5.0
  • Mozilla Thunderbird 31.6
    cpe:2.3:a:mozilla:thunderbird:31.6
  • Mozilla Thunderbird 31.6.0
    cpe:2.3:a:mozilla:thunderbird:31.6.0
  • Mozilla Thunderbird 31.7.0
    cpe:2.3:a:mozilla:thunderbird:31.7.0
  • Mozilla Thunderbird 31.8
    cpe:2.3:a:mozilla:thunderbird:31.8
  • Mozilla Thunderbird 31.8.0
    cpe:2.3:a:mozilla:thunderbird:31.8.0
  • Mozilla Thunderbird 32.0
    cpe:2.3:a:mozilla:thunderbird:32.0
  • Mozilla Thunderbird 38.0
    cpe:2.3:a:mozilla:thunderbird:38.0
  • Mozilla Thunderbird 38.0.1
    cpe:2.3:a:mozilla:thunderbird:38.0.1
  • Mozilla Thunderbird 38.1
    cpe:2.3:a:mozilla:thunderbird:38.1
  • Mozilla Thunderbird 38.1.0
    cpe:2.3:a:mozilla:thunderbird:38.1.0
  • Mozilla Thunderbird 38.2.0
    cpe:2.3:a:mozilla:thunderbird:38.2.0
  • Mozilla Thunderbird 38.3.0
    cpe:2.3:a:mozilla:thunderbird:38.3.0
  • Mozilla Thunderbird 38.4.0
    cpe:2.3:a:mozilla:thunderbird:38.4.0
  • Mozilla Thunderbird 38.5.0
    cpe:2.3:a:mozilla:thunderbird:38.5.0
  • Mozilla Thunderbird 38.5.1
    cpe:2.3:a:mozilla:thunderbird:38.5.1
  • Mozilla Thunderbird 38.6.0
    cpe:2.3:a:mozilla:thunderbird:38.6.0
  • Mozilla Thunderbird 38.7.0
    cpe:2.3:a:mozilla:thunderbird:38.7.0
  • Mozilla Thunderbird 38.7.1
    cpe:2.3:a:mozilla:thunderbird:38.7.1
  • Mozilla Thunderbird 38.7.2
    cpe:2.3:a:mozilla:thunderbird:38.7.2
  • Mozilla Thunderbird 38.8.0
    cpe:2.3:a:mozilla:thunderbird:38.8.0
  • Mozilla Thunderbird 45.0
    cpe:2.3:a:mozilla:thunderbird:45.0
  • Mozilla Thunderbird 45.1.0
    cpe:2.3:a:mozilla:thunderbird:45.1.0
  • Mozilla Thunderbird 45.1.1
    cpe:2.3:a:mozilla:thunderbird:45.1.1
  • Mozilla Thunderbird 45.2.0
    cpe:2.3:a:mozilla:thunderbird:45.2.0
  • Mozilla Thunderbird 45.3.0
    cpe:2.3:a:mozilla:thunderbird:45.3.0
  • Mozilla Thunderbird 45.4.0
    cpe:2.3:a:mozilla:thunderbird:45.4.0
  • Mozilla Thunderbird 45.5.0
    cpe:2.3:a:mozilla:thunderbird:45.5.0
  • Mozilla Thunderbird 45.5.1
    cpe:2.3:a:mozilla:thunderbird:45.5.1
  • Mozilla Thunderbird 45.6.0
    cpe:2.3:a:mozilla:thunderbird:45.6.0
  • Mozilla Thunderbird 45.7.0
    cpe:2.3:a:mozilla:thunderbird:45.7.0
  • Mozilla Thunderbird 45.7.1
    cpe:2.3:a:mozilla:thunderbird:45.7.1
  • Mozilla Thunderbird 45.8.0
    cpe:2.3:a:mozilla:thunderbird:45.8.0
  • Mozilla Thunderbird 52.0
    cpe:2.3:a:mozilla:thunderbird:52.0
  • Mozilla Thunderbird 52.0.1
    cpe:2.3:a:mozilla:thunderbird:52.0.1
  • Mozilla Thunderbird 52.1.0
    cpe:2.3:a:mozilla:thunderbird:52.1.0
  • Mozilla Thunderbird 52.1.1
    cpe:2.3:a:mozilla:thunderbird:52.1.1
CVSS
Base: 7.5
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1669-1.NASL
    description The Mozilla Firefox was updated to the new ESR 52.2 release, which fixes the following issues (bsc#1043960) : - MFSA 2017-16/CVE-2017-7758 Out-of-bounds read in Opus encoder - MFSA 2017-16/CVE-2017-7749 Use-after-free during docshell reloading - MFSA 2017-16/CVE-2017-7751 Use-after-free with content viewer listeners - MFSA 2017-16/CVE-2017-5472 Use-after-free using destroyed node when regenerating trees - MFSA 2017-16/CVE-2017-5470 Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 - MFSA 2017-16/CVE-2017-7752 Use-after-free with IME input - MFSA 2017-16/CVE-2017-7750 Use-after-free with track elements - MFSA 2017-16/CVE-2017-7768 32 byte arbitrary file read through Mozilla Maintenance Service - MFSA 2017-16/CVE-2017-7778 Vulnerabilities in the Graphite 2 library - MFSA 2017-16/CVE-2017-7754 Out-of-bounds read in WebGL with ImageInfo object - MFSA 2017-16/CVE-2017-7755 Privilege escalation through Firefox Installer with same directory DLL files - MFSA 2017-16/CVE-2017-7756 Use-after-free and use-after-scope logging XHR header errors - MFSA 2017-16/CVE-2017-7757 Use-after-free in IndexedDB - MFSA 2017-16/CVE-2017-7761 File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application - MFSA 2017-16/CVE-2017-7763 Mac fonts render some unicode characters as spaces - MFSA 2017-16/CVE-2017-7765 Mark of the Web bypass when saving executable files - MFSA 2017-16/CVE-2017-7764 (bmo#1364283, bmo#http://www.unicode.org/reports/tr31/tr31-26 .html#Aspirational_Use_Scripts) Domain spoofing with combination of Canadian Syllabics and other unicode blocks - update to Firefox ESR 52.1 (bsc#1035082) - MFSA 2017-12/CVE-2016-10196 Vulnerabilities in Libevent library - MFSA 2017-12/CVE-2017-5443 Out-of-bounds write during BinHex decoding - MFSA 2017-12/CVE-2017-5429 Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - MFSA 2017-12/CVE-2017-5464 Memory corruption with accessibility and DOM manipulation - MFSA 2017-12/CVE-2017-5465 Out-of-bounds read in ConvolvePixel - MFSA 2017-12/CVE-2017-5466 Origin confusion when reloading isolated data:text/html URL - MFSA 2017-12/CVE-2017-5467 Memory corruption when drawing Skia content - MFSA 2017-12/CVE-2017-5460 Use-after-free in frame selection - MFSA 2017-12/CVE-2017-5461 Out-of-bounds write in Base64 encoding in NSS - MFSA 2017-12/CVE-2017-5448 Out-of-bounds write in ClearKeyDecryptor - MFSA 2017-12/CVE-2017-5449 Crash during bidirectional unicode manipulation with animation - MFSA 2017-12/CVE-2017-5446 Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - MFSA 2017-12/CVE-2017-5447 Out-of-bounds read during glyph processing - MFSA 2017-12/CVE-2017-5444 Buffer overflow while parsing application/http-index-format content - MFSA 2017-12/CVE-2017-5445 Uninitialized values used while parsing application/http- index-format content - MFSA 2017-12/CVE-2017-5442 Use-after-free during style changes - MFSA 2017-12/CVE-2017-5469 Potential Buffer overflow in flex-generated code - MFSA 2017-12/CVE-2017-5440 Use-after-free in txExecutionState destructor during XSLT processing - MFSA 2017-12/CVE-2017-5441 Use-after-free with selection during scroll events - MFSA 2017-12/CVE-2017-5439 Use-after-free in nsTArray Length() during XSLT processing - MFSA 2017-12/CVE-2017-5438 Use-after-free in nsAutoPtr during XSLT processing - MFSA 2017-12/CVE-2017-5436 Out-of-bounds write with malicious font in Graphite 2 - MFSA 2017-12/CVE-2017-5435 Use-after-free during transaction processing in the editor - MFSA 2017-12/CVE-2017-5434 Use-after-free during focus handling - MFSA 2017-12/CVE-2017-5433 Use-after-free in SMIL animation functions - MFSA 2017-12/CVE-2017-5432 Use-after-free in text input selection - MFSA 2017-12/CVE-2017-5430 Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 - MFSA 2017-12/CVE-2017-5459 Buffer overflow in WebGL - MFSA 2017-12/CVE-2017-5462 DRBG flaw in NSS - MFSA 2017-12/CVE-2017-5455 Sandbox escape through internal feed reader APIs - MFSA 2017-12/CVE-2017-5454 Sandbox escape allowing file system read access through file picker - MFSA 2017-12/CVE-2017-5456 Sandbox escape allowing local file system access - MFSA 2017-12/CVE-2017-5451 Addressbar spoofing with onblur event Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 101055
    published 2017-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101055
    title SUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE (SUSE-SU-2017:1669-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-712.NASL
    description This update for Mozilla Firefox, Thunderbird, and NSS fixes the following issues : Mozilla Firefox was updated to 52.2esr (boo#1043960) MFSA 2017-16 : - CVE-2017-5472 (bmo#1365602) Use-after-free using destroyed node when regenerating trees - CVE-2017-7749 (bmo#1355039) Use-after-free during docshell reloading - CVE-2017-7750 (bmo#1356558) Use-after-free with track elements - CVE-2017-7751 (bmo#1363396) Use-after-free with content viewer listeners - CVE-2017-7752 (bmo#1359547) Use-after-free with IME input - CVE-2017-7754 (bmo#1357090) Out-of-bounds read in WebGL with ImageInfo object - CVE-2017-7755 (bmo#1361326) Privilege escalation through Firefox Installer with same directory DLL files (Windows only) - CVE-2017-7756 (bmo#1366595) Use-after-free and use-after-scope logging XHR header errors - CVE-2017-7757 (bmo#1356824) Use-after-free in IndexedDB - CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777 Vulnerabilities in the Graphite 2 library - CVE-2017-7758 (bmo#1368490) Out-of-bounds read in Opus encoder - CVE-2017-7760 (bmo#1348645) File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service (Windows only) - CVE-2017-7761 (bmo#1215648) File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application (Windows only) - CVE-2017-7764 (bmo#1364283) Domain spoofing with combination of Canadian Syllabics and other unicode blocks - CVE-2017-7765 (bmo#1273265) Mark of the Web bypass when saving executable files (Windows only) - CVE-2017-7766 (bmo#1342742) File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service (Windows only) - CVE-2017-7767 (bmo#1336964) Privilege escalation and arbitrary file overwrites through Mozilla Windows Updater and Mozilla Maintenance Service (Windows only) - CVE-2017-7768 (bmo#1336979) 32 byte arbitrary file read through Mozilla Maintenance Service (Windows only) - CVE-2017-5470 Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 - remove -fno-inline-small-functions and explicitely optimize with -O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105) Mozilla NSS was updated to NSS 3.28.5 - Implemented domain name constraints for CA: TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1. (bmo#1350859) - March 2017 batch of root CA changes (bmo#1350859) (version 2.14) CA certificates removed: O = Japanese Government, OU = ApplicationCA CN = WellsSecure Public Root Certificate Authority CN = TURKTRUST Elektronik Sertifika Hizmet H6 CN = Microsec e-Szigno Root CA certificates added: CN = D-TRUST Root CA 3 2013 CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 java-1_8_0-openjdk was rebuild against NSS 3.28.5 to satisfy a runtime dependency.
    last seen 2019-02-21
    modified 2018-09-04
    plugin id 100885
    published 2017-06-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100885
    title openSUSE Security Update : Mozilla based packages (openSUSE-2017-712)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2235-1.NASL
    description This update for MozillaFirefox and mozilla-nss fixes the following issues: Security issues fixed : - Fixes in Firefox ESR 52.2 (bsc#1043960,MFSA 2017-16) - CVE-2017-7758: Out-of-bounds read in Opus encoder - CVE-2017-7749: Use-after-free during docshell reloading - CVE-2017-7751: Use-after-free with content viewer listeners - CVE-2017-5472: Use-after-free using destroyed node when regenerating trees - CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 - CVE-2017-7752: Use-after-free with IME input - CVE-2017-7750: Use-after-free with track elements - CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service - CVE-2017-7778: Vulnerabilities in the Graphite 2 library - CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object - CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files - CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors - CVE-2017-7757: Use-after-free in IndexedDB - CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application - CVE-2017-7763: Mac fonts render some unicode characters as spaces - CVE-2017-7765: Mark of the Web bypass when saving executable files - CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks - update to Firefox ESR 52.1 (bsc#1035082,MFSA 2017-12) - CVE-2016-10196: Vulnerabilities in Libevent library - CVE-2017-5443: Out-of-bounds write during BinHex decoding - CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - CVE-2017-5464: Memory corruption with accessibility and DOM manipulation - CVE-2017-5465: Out-of-bounds read in ConvolvePixel - CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL - CVE-2017-5467: Memory corruption when drawing Skia content - CVE-2017-5460: Use-after-free in frame selection - CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS - CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor - CVE-2017-5449: Crash during bidirectional unicode manipulation with animation - CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - CVE-2017-5447: Out-of-bounds read during glyph processing - CVE-2017-5444: Buffer overflow while parsing application/http-index-format content - CVE-2017-5445: Uninitialized values used while parsing application/http- index-format content - CVE-2017-5442: Use-after-free during style changes - CVE-2017-5469: Potential Buffer overflow in flex-generated code - CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing - CVE-2017-5441: Use-after-free with selection during scroll events - CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing - CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing - CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 - CVE-2017-5435: Use-after-free during transaction processing in the editor - CVE-2017-5434: Use-after-free during focus handling - CVE-2017-5433: Use-after-free in SMIL animation functions - CVE-2017-5432: Use-after-free in text input selection - CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 - CVE-2017-5459: Buffer overflow in WebGL - CVE-2017-5462: DRBG flaw in NSS - CVE-2017-5455: Sandbox escape through internal feed reader APIs - CVE-2017-5454: Sandbox escape allowing file system read access through file picker - CVE-2017-5456: Sandbox escape allowing local file system access - CVE-2017-5451: Addressbar spoofing with onblur event - General - CVE-2015-5276: Fix for C++11 std::random_device short reads (bsc#945842) Bugfixes : - workaround for Firefox hangs (bsc#1031485, bsc#1025108) - Update to gcc-5-branch head. - Includes fixes for (bsc#966220), (bsc#962765), (bsc#964468), (bsc#939460), (bsc#930496), (bsc#930392) and (bsc#955382). - Add fix to revert accidential libffi ABI breakage on AARCH64. (bsc#968771) - Build s390[x] with --with-tune=z9-109 --with-arch=z900 on SLE11 again. (bsc#954002) - Fix libffi include install. (bsc#935510) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 102694
    published 2017-08-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102694
    title SUSE SLES11 Security Update : MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss (SUSE-SU-2017:2235-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201802-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201802-03 (Mozilla Firefox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the referenced CVE identifiers for details. Impact : A remote attacker could entice a user to view a specially crafted web page, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-02
    plugin id 106884
    published 2018-02-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106884
    title GLSA-201802-03 : Mozilla Firefox: Multiple vulnerabilities
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_52_2ESR.NASL
    description The version of Mozilla Firefox ESR installed on the remote Windows host is prior to 52.2. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code by convincing a user to visit a specially crafted website. (CVE-2017-5470) - A use-after-free error exists in the EndUpdate() function in nsCSSFrameConstructor.cpp that is triggered when reconstructing trees during regeneration of CSS layouts. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5472) - A use-after-free error exists in the Reload() function in nsDocShell.cpp that is triggered when using an incorrect URL during the reload of a docshell. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7749) - A use-after-free error exists in the Hide() function in nsDocumentViewer.cpp that is triggered when handling track elements. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7750) - A use-after-free error exists in the nsDocumentViewer class in nsDocumentViewer.cpp that is triggered when handling content viewer listeners. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7751) - A use-after-free error exists that is triggered when handling events while specific user interaction occurs with the input method editor (IME). An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7752) - An out-of-bounds read error exists in the IsComplete() function in WebGLTexture.cpp that is triggered when handling textures. An unauthenticated, remote attacker can exploit this to disclose memory contents. (CVE-2017-7754) - A privilege escalation vulnerability exists due to improper loading of dynamic-link library (DLL) files. A local attacker can exploit this, via a specially crafted DLL file in the installation path, to inject and execute arbitrary code. (CVE-2017-7755) - A use-after-free error exists in the SetRequestHead() function in XMLHttpRequestMainThread.cpp that is triggered when logging XML HTTP Requests (XHR). An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7756) - A use-after-free error exists in ActorsParent.cpp due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7757) - An out-of-bounds read error exists in the AppendAudioSegment() function in TrackEncoder.cpp that is triggered when the number of channels in an audio stream changes while the Opus encoder is in use. An unauthenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-7758) - A flaw exists in the NS_main() function in updater.cpp due to improper validation of input when handling callback file path parameters. A local attacker can exploit this to manipulate files in the installation directory. (CVE-2017-7760) - A flaw exists in the Maintenance Service helper.exe application that is triggered as permissions for a temporary directory are set to writable by non-privileged users. A local attacker can exploit this to delete arbitrary files on the system. (CVE-2017-7761) - A flaw exists in the isLabelSafe() function in nsIDNService.cpp that is triggered when handling characters from different unicode blocks. An unauthenticated, remote attacker can exploit this, via a specially crafted IDN domain, to spoof a valid URL and conduct phishing attacks. (CVE-2017-7764) - A flaw exists that is triggered due to improper parsing of long filenames when handling downloaded files. An unauthenticated, remote attacker can exploit this to cause a file to be downloaded without the 'mark-of-the-web' applied, resulting in security warnings for executables not being displayed. (CVE-2017-7765) - A flaw exists in the Mozilla Maintenance Service that is triggered when handling paths for the 'patch', 'install', and 'working' directories. A local attacker can exploit this to execute arbitrary code with elevated privileges. (CVE-2017-7766) - A flaw exists in the Mozilla Maintenance Service that is triggered when being invoked using the Mozilla Windows Updater. A local attacker can exploit this to overwrite arbitrary files with random data. (CVE-2017-7767) - A flaw exists in the IsStatusApplying() function in workmonitor.cpp that is triggered when logging the update status. A local attacker can exploit this to read 32 bytes of arbitrary files. (CVE-2017-7768) - Multiple integer overflow conditions exist in the Graphite component in the decompress() function in Decompressor.cpp due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7772, CVE-2017-7773, CVE-2017-7778) - An out-of-bounds read error exists in the Graphite component in the readGraphite() function in Silf.cpp. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or disclose memory contents. (CVE-2017-7774) - An assertion flaw exists in the Graphite component when handling zero value sizes. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-7775) - An out-of-bounds read error exists in the Graphite component in getClassGlyph() function in Silf.cpp due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-7776) - A flaw exists in the Graphite component in the read_glyph() function in GlyphCache.cpp related to use of uninitialized memory. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2017-7777)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 100809
    published 2017-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100809
    title Mozilla Firefox ESR < 52.2 Multiple Vulnerabilities
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_54_0.NASL
    description The version of Mozilla Firefox installed on the remote Windows host is prior to 54. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code by convincing a user to visit a specially crafted website. (CVE-2017-5470, CVE-2017-5471) - A use-after-free error exists in the EndUpdate() function in nsCSSFrameConstructor.cpp that is triggered when reconstructing trees during regeneration of CSS layouts. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5472) - A use-after-free error exists in the Reload() function in nsDocShell.cpp that is triggered when using an incorrect URL during the reload of a docshell. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7749) - A use-after-free error exists in the Hide() function in nsDocumentViewer.cpp that is triggered when handling track elements. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7750) - A use-after-free error exists in the nsDocumentViewer class in nsDocumentViewer.cpp that is triggered when handling content viewer listeners. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7751) - A use-after-free error exists that is triggered when handling events while specific user interaction occurs with the input method editor (IME). An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7752) - An out-of-bounds read error exists in the IsComplete() function in WebGLTexture.cpp that is triggered when handling textures. An unauthenticated, remote attacker can exploit this to disclose memory contents. (CVE-2017-7754) - A privilege escalation vulnerability exists due to improper loading of dynamic-link library (DLL) files. A local attacker can exploit this, via a specially crafted DLL file in the installation path, to inject and execute arbitrary code. (CVE-2017-7755) - A use-after-free error exists in the SetRequestHead() function in XMLHttpRequestMainThread.cpp that is triggered when logging XML HTTP Requests (XHR). An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7756) - A use-after-free error exists in ActorsParent.cpp due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7757) - An out-of-bounds read error exists in the AppendAudioSegment() function in TrackEncoder.cpp that is triggered when the number of channels in an audio stream changes while the Opus encoder is in use. An unauthenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-7758) - A flaw exists in the NS_main() function in updater.cpp due to improper validation of input when handling callback file path parameters. A local attacker can exploit this to manipulate files in the installation directory. (CVE-2017-7760) - A flaw exists in the Maintenance Service helper.exe application that is triggered as permissions for a temporary directory are set to writable by non-privileged users. A local attacker can exploit this to delete arbitrary files on the system. (CVE-2017-7761) - A flaw exists that is triggered when displaying URLs including authentication sections in reader mode. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to spoof domains in the address bar. (CVE-2017-7762) - A flaw exists in the isLabelSafe() function in nsIDNService.cpp that is triggered when handling characters from different unicode blocks. An unauthenticated, remote attacker can exploit this, via a specially crafted IDN domain, to spoof a valid URL and conduct phishing attacks. (CVE-2017-7764) - A flaw exists that is triggered due to improper parsing of long filenames when handling downloaded files. An unauthenticated, remote attacker can exploit this to cause a file to be downloaded without the 'mark-of-the-web' applied, resulting in security warnings for executables not being displayed. (CVE-2017-7765) - A flaw exists in the Mozilla Maintenance Service that is triggered when handling paths for the 'patch', 'install', and 'working' directories. A local attacker can exploit this to execute arbitrary code with elevated privileges. (CVE-2017-7766) - A flaw exists in the Mozilla Maintenance Service that is triggered when being invoked using the Mozilla Windows Updater. A local attacker can exploit this to overwrite arbitrary files with random data. (CVE-2017-7767) - A flaw exists in the IsStatusApplying() function in workmonitor.cpp that is triggered when logging the update status. A local attacker can exploit this to read 32 bytes of arbitrary files. (CVE-2017-7768) - Multiple integer overflow conditions exist in the Graphite component in the decompress() function in Decompressor.cpp due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7772, CVE-2017-7778) - An out-of-bounds read error exists in the Graphite component in the readGraphite() function in Silf.cpp. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or disclose memory contents. (CVE-2017-7774) - An assertion flaw exists in the Graphite component when handling zero value sizes. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-7775) - An out-of-bounds read error exists in the Graphite component in getClassGlyph() function in Silf.cpp due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-7776) - A flaw exists in the Graphite component in the read_glyph() function in GlyphCache.cpp related to use of uninitialized memory. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2017-7777)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 100810
    published 2017-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100810
    title Mozilla Firefox < 54 Multiple Vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_6CEC1B0ADA15467D86911DEA392D4C8D.NASL
    description Mozilla Foundation reports : Please reference CVE/URL list for details
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 100775
    published 2017-06-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100775
    title FreeBSD : mozilla -- multiple vulnerabilities (6cec1b0a-da15-467d-8691-1dea392d4c8d)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_54_0.NASL
    description The version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 54. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code by convincing a user to visit a specially crafted website. (CVE-2017-5470, CVE-2017-5471) - A use-after-free error exists in the EndUpdate() function in nsCSSFrameConstructor.cpp that is triggered when reconstructing trees during regeneration of CSS layouts. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5472) - A use-after-free error exists in the Reload() function in nsDocShell.cpp that is triggered when using an incorrect URL during the reload of a docshell. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7749) - A use-after-free error exists in the Hide() function in nsDocumentViewer.cpp that is triggered when handling track elements. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7750) - A use-after-free error exists in the nsDocumentViewer class in nsDocumentViewer.cpp that is triggered when handling content viewer listeners. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7751) - A use-after-free error exists that is triggered when handling events while specific user interaction occurs with the input method editor (IME). An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7752) - An out-of-bounds read error exists in the IsComplete() function in WebGLTexture.cpp that is triggered when handling textures. An unauthenticated, remote attacker can exploit this to disclose memory contents. (CVE-2017-7754) - A privilege escalation vulnerability exists due to improper loading of dynamic-link library (DLL) files. A local attacker can exploit this, via a specially crafted DLL file in the installation path, to inject and execute arbitrary code. (CVE-2017-7755) - A use-after-free error exists in the SetRequestHead() function in XMLHttpRequestMainThread.cpp that is triggered when logging XML HTTP Requests (XHR). An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7756) - A use-after-free error exists in ActorsParent.cpp due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7757) - An out-of-bounds read error exists in the AppendAudioSegment() function in TrackEncoder.cpp that is triggered when the number of channels in an audio stream changes while the Opus encoder is in use. An unauthenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-7758) - A flaw exists in the NS_main() function in updater.cpp due to improper validation of input when handling callback file path parameters. A local attacker can exploit this to manipulate files in the installation directory. (CVE-2017-7760) - A flaw exists in the Maintenance Service helper.exe application that is triggered as permissions for a temporary directory are set to writable by non-privileged users. A local attacker can exploit this to delete arbitrary files on the system. (CVE-2017-7761) - A flaw exists that is triggered when displaying URLs including authentication sections in reader mode. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to spoof domains in the address bar. (CVE-2017-7762) - A flaw exists in the ReadCMAP() function in gfxMacPlatformFontList.mm that is triggered when handling tibetan characters in combination with macOS fonts. An unauthenticated, remote attacker can exploit this, via a specially crafted IDN domain, to spoof a valid URL. (CVE-2017-7763) - A flaw exists in the isLabelSafe() function in nsIDNService.cpp that is triggered when handling characters from different unicode blocks. An unauthenticated, remote attacker can exploit this, via a specially crafted IDN domain, to spoof a valid URL and conduct phishing attacks. (CVE-2017-7764) - Multiple integer overflow conditions exist in the Graphite component in the decompress() function in Decompressor.cpp due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7772, CVE-2017-7778) - An out-of-bounds read error exists in the Graphite component in the readGraphite() function in Silf.cpp. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or disclose memory contents. (CVE-2017-7774) - An assertion flaw exists in the Graphite component when handling zero value sizes. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-7775) - An out-of-bounds read error exists in the Graphite component in getClassGlyph() function in Silf.cpp due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-7776) - A flaw exists in the Graphite component in the read_glyph() function in GlyphCache.cpp related to use of uninitialized memory. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2017-7777)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 100808
    published 2017-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100808
    title Mozilla Firefox < 54 Multiple Vulnerabilities (macOS)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_52_2_ESR.NASL
    description The version of Mozilla Firefox ESR installed on the remote macOS or Mac OS X host is prior to 52.2. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code by convincing a user to visit a specially crafted website. (CVE-2017-5470) - A use-after-free error exists in the EndUpdate() function in nsCSSFrameConstructor.cpp that is triggered when reconstructing trees during regeneration of CSS layouts. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5472) - A use-after-free error exists in the Reload() function in nsDocShell.cpp that is triggered when using an incorrect URL during the reload of a docshell. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7749) - A use-after-free error exists in the Hide() function in nsDocumentViewer.cpp that is triggered when handling track elements. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7750) - A use-after-free error exists in the nsDocumentViewer class in nsDocumentViewer.cpp that is triggered when handling content viewer listeners. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7751) - A use-after-free error exists that is triggered when handling events while specific user interaction occurs with the input method editor (IME). An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7752) - An out-of-bounds read error exists in the IsComplete() function in WebGLTexture.cpp that is triggered when handling textures. An unauthenticated, remote attacker can exploit this to disclose memory contents. (CVE-2017-7754) - A privilege escalation vulnerability exists due to improper loading of dynamic-link library (DLL) files. A local attacker can exploit this, via a specially crafted DLL file in the installation path, to inject and execute arbitrary code. (CVE-2017-7755) - A use-after-free error exists in the SetRequestHead() function in XMLHttpRequestMainThread.cpp that is triggered when logging XML HTTP Requests (XHR). An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7756) - A use-after-free error exists in ActorsParent.cpp due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7757) - An out-of-bounds read error exists in the AppendAudioSegment() function in TrackEncoder.cpp that is triggered when the number of channels in an audio stream changes while the Opus encoder is in use. An unauthenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-7758) - A flaw exists in the NS_main() function in updater.cpp due to improper validation of input when handling callback file path parameters. A local attacker can exploit this to manipulate files in the installation directory. (CVE-2017-7760) - A flaw exists in the Maintenance Service helper.exe application that is triggered as permissions for a temporary directory are set to writable by non-privileged users. A local attacker can exploit this to delete arbitrary files on the system. (CVE-2017-7761) - A flaw exists in the ReadCMAP() function in gfxMacPlatformFontList.mm that is triggered when handling tibetan characters in combination with macOS fonts. An unauthenticated, remote attacker can exploit this, via a specially crafted IDN domain, to spoof a valid URL. (CVE-2017-7763) - A flaw exists in the isLabelSafe() function in nsIDNService.cpp that is triggered when handling characters from different unicode blocks. An unauthenticated, remote attacker can exploit this, via a specially crafted IDN domain, to spoof a valid URL and conduct phishing attacks. (CVE-2017-7764) - Multiple integer overflow conditions exist in the Graphite component in the decompress() function in Decompressor.cpp due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7772, CVE-2017-7773, CVE-2017-7778) - An out-of-bounds read error exists in the Graphite component in the readGraphite() function in Silf.cpp. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or disclose memory contents. (CVE-2017-7774) - An assertion flaw exists in the Graphite component when handling zero value sizes. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-7775) - An out-of-bounds read error exists in the Graphite component in getClassGlyph() function in Silf.cpp due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-7776) - A flaw exists in the Graphite component in the read_glyph() function in GlyphCache.cpp related to use of uninitialized memory. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2017-7777)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 100807
    published 2017-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100807
    title Mozilla Firefox ESR < 52.2 Multiple Vulnerabilities (macOS)
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZLSA-2017-1561.NASL
    description An update for thunderbird is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.2.0. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Nicolas Trippar (Zimperium zLabs), Tyson Smith, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, AndrA(c) Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane, Samuel Erb, Holger Fuhrmannek, Abhishek Arya, and F. Alonso (revskills) as the original reporters. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 101485
    published 2017-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101485
    title Virtuozzo 6 : thunderbird (VZLSA-2017-1561)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1007.NASL
    description Multiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or spoofing. For Debian 7 'Wheezy', these problems have been fixed in version 1:52.2.1-1~deb7u1. We recommend that you upgrade your icedove packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 101208
    published 2017-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101208
    title Debian DLA-1007-1 : icedove/thunderbird security update
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-1440.NASL
    description An update for firefox is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.2.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7750, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Nicolas Trippar of Zimperium zLabs, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, Andre Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane, Samuel Erb, Holger Fuhrmannek, Tyson Smith, Abhishek Arya, and F. Alonso (revskills) as the original reporters.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 100815
    published 2017-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100815
    title CentOS 6 / 7 : firefox (CESA-2017:1440)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170614_FIREFOX_ON_SL6_X.NASL
    description This update upgrades Firefox to version 52.2.0 ESR. Security Fix(es) : - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7750, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 100802
    published 2017-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100802
    title Scientific Linux Security Update : firefox on SL6.x, SL7.x i386/x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-991.NASL
    description Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or domain spoofing. Debian follows the extended support releases (ESR) of Firefox. Support for the 45.x series has ended, so starting with this update we're now following the 52.x releases. For Debian 7 'Wheezy', these problems have been fixed in version 52.2.0esr-1~deb7u1. We recommend that you upgrade your firefox-esr packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 100851
    published 2017-06-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100851
    title Debian DLA-991-1 : firefox-esr security update
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170621_THUNDERBIRD_ON_SL6_X.NASL
    description This update upgrades Thunderbird to version 52.2.0. Security Fix(es) : - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 100984
    published 2017-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100984
    title Scientific Linux Security Update : thunderbird on SL6.x, SL7.x i386/x86_64
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1127.NASL
    description According to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7750, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 101855
    published 2017-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101855
    title EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1127)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1440.NASL
    description An update for firefox is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.2.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7750, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Nicolas Trippar of Zimperium zLabs, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, Andre Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane, Samuel Erb, Holger Fuhrmannek, Tyson Smith, Abhishek Arya, and F. Alonso (revskills) as the original reporters.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 100801
    published 2017-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100801
    title RHEL 6 / 7 : firefox (RHSA-2017:1440)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-1440.NASL
    description From Red Hat Security Advisory 2017:1440 : An update for firefox is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.2.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7750, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Nicolas Trippar of Zimperium zLabs, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, Andre Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane, Samuel Erb, Holger Fuhrmannek, Tyson Smith, Abhishek Arya, and F. Alonso (revskills) as the original reporters.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 100800
    published 2017-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100800
    title Oracle Linux 6 / 7 : firefox (ELSA-2017-1440)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3321-1.NASL
    description Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information or execute arbitrary code. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754, CVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764) Multiple security issues were discovered in the Graphite 2 library used by Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, or execute arbitrary code. (CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 101261
    published 2017-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101261
    title Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : thunderbird vulnerabilities (USN-3321-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_THUNDERBIRD_52_2.NASL
    description The version of Mozilla Thunderbird installed on the remote Windows host is prior to 52.2. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code by convincing a user to visit a specially crafted website. (CVE-2017-5470) - A use-after-free error exists in the EndUpdate() function in nsCSSFrameConstructor.cpp that is triggered when reconstructing trees during regeneration of CSS layouts. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5472) - A use-after-free error exists in the Reload() function in nsDocShell.cpp that is triggered when using an incorrect URL during the reload of a docshell. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7749) - A use-after-free error exists in the Hide() function in nsDocumentViewer.cpp that is triggered when handling track elements. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7750) - A use-after-free error exists in the nsDocumentViewer class in nsDocumentViewer.cpp that is triggered when handling content viewer listeners. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7751) - A use-after-free error exists that is triggered when handling events while specific user interaction occurs with the input method editor (IME). An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7752) - An out-of-bounds read error exists in the IsComplete() function in WebGLTexture.cpp that is triggered when handling textures. An unauthenticated, remote attacker can exploit this to disclose memory contents. (CVE-2017-7754) - A use-after-free error exists in the SetRequestHead() function in XMLHttpRequestMainThread.cpp that is triggered when logging XML HTTP Requests (XHR). An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7756) - A use-after-free error exists in ActorsParent.cpp due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7757) - An out-of-bounds read error exists in the AppendAudioSegment() function in TrackEncoder.cpp that is triggered when the number of channels in an audio stream changes while the Opus encoder is in use. An unauthenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-7758) - A flaw exists in the ReadCMAP() function in gfxMacPlatformFontList.mm that is triggered when handling tibetan characters in combination with macOS fonts. An unauthenticated, remote attacker can exploit this, via a specially crafted IDN domain, to spoof a valid URL. (CVE-2017-7763) - A flaw exists in the isLabelSafe() function in nsIDNService.cpp that is triggered when handling characters from different unicode blocks. An unauthenticated, remote attacker can exploit this, via a specially crafted IDN domain, to spoof a valid URL and conduct phishing attacks. (CVE-2017-7764) - An out-of-bounds read error exists in the Graphite component in the readPass() function in Pass.cpp. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the disclosure of memory contents. (CVE-2017-7771) - Multiple integer overflow conditions exist in the Graphite component in the decompress() function in Decompressor.cpp due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7772, CVE-2017-7773, CVE-2017-7778) - An out-of-bounds read error exists in the Graphite component in the readGraphite() function in Silf.cpp. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or disclose memory contents. (CVE-2017-7774) - An assertion flaw exists in the Graphite component when handling zero value sizes. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-7775) - An out-of-bounds read error exists in the Graphite component in getClassGlyph() function in Silf.cpp due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-7776) - A flaw exists in the Graphite component in the read_glyph() function in GlyphCache.cpp related to use of uninitialized memory. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2017-7777)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 101771
    published 2017-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101771
    title Mozilla Thunderbird < 52.2 Multiple Vulnerabilities (macOS)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-1561.NASL
    description From Red Hat Security Advisory 2017:1561 : An update for thunderbird is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.2.0. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Nicolas Trippar (Zimperium zLabs), Tyson Smith, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, Andre Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane, Samuel Erb, Holger Fuhrmannek, Abhishek Arya, and F. Alonso (revskills) as the original reporters.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 100978
    published 2017-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100978
    title Oracle Linux 6 / 7 : thunderbird (ELSA-2017-1561)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3881.NASL
    description Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or domain spoofing. Debian follows the extended support releases (ESR) of Firefox. Support for the 45.x series has ended, so starting with this update we're now following the 52.x releases.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 100797
    published 2017-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100797
    title Debian DSA-3881-1 : firefox-esr - security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3918.NASL
    description Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. Debian follows the extended support releases (ESR) of Thunderbird. Support for the 45.x series has ended, so starting with this update we're now following the 52.x releases.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 101983
    published 2017-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101983
    title Debian DSA-3918-1 : icedove - security update
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_52_2.NASL
    description The version of Mozilla Thunderbird installed on the remote Windows host is prior to 52.2 It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code by convincing a user to visit a specially crafted website. (CVE-2017-5470) - A use-after-free error exists in the EndUpdate() function in nsCSSFrameConstructor.cpp that is triggered when reconstructing trees during regeneration of CSS layouts. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-5472) - A use-after-free error exists in the Reload() function in nsDocShell.cpp that is triggered when using an incorrect URL during the reload of a docshell. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7749) - A use-after-free error exists in the Hide() function in nsDocumentViewer.cpp that is triggered when handling track elements. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7750) - A use-after-free error exists in the nsDocumentViewer class in nsDocumentViewer.cpp that is triggered when handling content viewer listeners. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7751) - A use-after-free error exists that is triggered when handling events while specific user interaction occurs with the input method editor (IME). An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7752) - An out-of-bounds read error exists in the IsComplete() function in WebGLTexture.cpp that is triggered when handling textures. An unauthenticated, remote attacker can exploit this to disclose memory contents. (CVE-2017-7754) - A privilege escalation vulnerability exists due to improper loading of dynamic-link library (DLL) files. A local attacker can exploit this, via a specially crafted DLL file in the installation path, to inject and execute arbitrary code. (CVE-2017-7755) - A use-after-free error exists in the SetRequestHead() function in XMLHttpRequestMainThread.cpp that is triggered when logging XML HTTP Requests (XHR). An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7756) - A use-after-free error exists in ActorsParent.cpp due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7757) - An out-of-bounds read error exists in the AppendAudioSegment() function in TrackEncoder.cpp that is triggered when the number of channels in an audio stream changes while the Opus encoder is in use. An unauthenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-7758) - A flaw exists in the isLabelSafe() function in nsIDNService.cpp that is triggered when handling characters from different unicode blocks. An unauthenticated, remote attacker can exploit this, via a specially crafted IDN domain, to spoof a valid URL and conduct phishing attacks. (CVE-2017-7764) - A flaw exists that is triggered due to improper parsing of long filenames when handling downloaded files. An unauthenticated, remote attacker can exploit this to cause a file to be downloaded without the 'mark-of-the-web' applied, resulting in security warnings for executables not being displayed. (CVE-2017-7765) - An out-of-bounds read error exists in the Graphite component in the readPass() function in Pass.cpp. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the disclosure of memory contents. (CVE-2017-7771) - Multiple integer overflow conditions exist in the Graphite component in the decompress() function in Decompressor.cpp due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7772, CVE-2017-7773, CVE-2017-7778) - An out-of-bounds read error exists in the Graphite component in the readGraphite() function in Silf.cpp. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or disclose memory contents. (CVE-2017-7774) - An assertion flaw exists in the Graphite component when handling zero value sizes. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-7775) - An out-of-bounds read error exists in the Graphite component in getClassGlyph() function in Silf.cpp due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-7776) - A flaw exists in the Graphite component in the read_glyph() function in GlyphCache.cpp related to use of uninitialized memory. An unauthenticated, remote attacker can exploit this to have an unspecified impact. (CVE-2017-7777)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 101772
    published 2017-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101772
    title Mozilla Thunderbird < 52.2 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1561.NASL
    description An update for thunderbird is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.2.0. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Nicolas Trippar (Zimperium zLabs), Tyson Smith, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, Andre Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane, Samuel Erb, Holger Fuhrmannek, Abhishek Arya, and F. Alonso (revskills) as the original reporters.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 100950
    published 2017-06-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100950
    title RHEL 6 / 7 : thunderbird (RHSA-2017:1561)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-1561.NASL
    description An update for thunderbird is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.2.0. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Nicolas Trippar (Zimperium zLabs), Tyson Smith, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, Andre Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane, Samuel Erb, Holger Fuhrmannek, Abhishek Arya, and F. Alonso (revskills) as the original reporters.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 100965
    published 2017-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100965
    title CentOS 6 / 7 : thunderbird (CESA-2017:1561)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1126.NASL
    description According to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7750, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 101854
    published 2017-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101854
    title EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1126)
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZLSA-2017-1440.NASL
    description An update for firefox is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.2.0 ESR. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7750, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Nicolas Trippar of Zimperium zLabs, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, AndrA(c) Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane, Samuel Erb, Holger Fuhrmannek, Tyson Smith, Abhishek Arya, and F. Alonso (revskills) as the original reporters. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 101480
    published 2017-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101480
    title Virtuozzo 7 : firefox (VZLSA-2017-1440)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3315-1.NASL
    description Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, spoof the addressbar contents, or execute arbitrary code. (CVE-2017-5470, CVE-2017-5471, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754, CVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7762, CVE-2017-7764) Multiple security issues were discovered in the Graphite 2 library used by Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, or execute arbitrary code. (CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 100835
    published 2017-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100835
    title Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : firefox vulnerabilities (USN-3315-1)
redhat via4
advisories
  • rhsa
    id RHSA-2017:1440
  • rhsa
    id RHSA-2017:1561
rpms
  • firefox-0:52.2.0-1.el7_3
  • firefox-0:52.2.0-1.el6_9
  • thunderbird-0:52.2.0-1.el7_3
  • thunderbird-0:52.2.0-1.el6_9
refmap via4
bid 99041
confirm
debian
  • DSA-3881
  • DSA-3918
sectrack 1038689
Last major update 11-06-2018 - 17:29
Published 11-06-2018 - 17:29
Last modified 03-08-2018 - 10:16
Back to Top