ID CVE-2018-18494
Summary A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
References
Vulnerable Configurations
  • Mozilla Firefox
    cpe:2.3:a:mozilla:firefox
  • Mozilla Firefox 0.1
    cpe:2.3:a:mozilla:firefox:0.1
  • Mozilla Firefox 0.2
    cpe:2.3:a:mozilla:firefox:0.2
  • Mozilla Firefox 0.3
    cpe:2.3:a:mozilla:firefox:0.3
  • Mozilla Firefox 0.4
    cpe:2.3:a:mozilla:firefox:0.4
  • Mozilla Firefox 0.5
    cpe:2.3:a:mozilla:firefox:0.5
  • Mozilla Firefox 0.6
    cpe:2.3:a:mozilla:firefox:0.6
  • Mozilla Firefox 0.6.1
    cpe:2.3:a:mozilla:firefox:0.6.1
  • Mozilla Firefox 0.7
    cpe:2.3:a:mozilla:firefox:0.7
  • Mozilla Firefox 0.7.1
    cpe:2.3:a:mozilla:firefox:0.7.1
  • Mozilla Firefox 0.8
    cpe:2.3:a:mozilla:firefox:0.8
  • Mozilla Firefox 0.9
    cpe:2.3:a:mozilla:firefox:0.9
  • Mozilla Firefox 0.9 rc
    cpe:2.3:a:mozilla:firefox:0.9:rc
  • Mozilla Firefox 0.9.1
    cpe:2.3:a:mozilla:firefox:0.9.1
  • Mozilla Firefox 0.9.2
    cpe:2.3:a:mozilla:firefox:0.9.2
  • Mozilla Firefox 0.9.3
    cpe:2.3:a:mozilla:firefox:0.9.3
  • Mozilla Firefox 0.10
    cpe:2.3:a:mozilla:firefox:0.10
  • Mozilla Firefox 0.10.1
    cpe:2.3:a:mozilla:firefox:0.10.1
  • Mozilla Firefox 1.0
    cpe:2.3:a:mozilla:firefox:1.0
  • Mozilla Firefox 1.0 Preview Release
    cpe:2.3:a:mozilla:firefox:1.0:preview_release
  • Mozilla Firefox 1.0.1
    cpe:2.3:a:mozilla:firefox:1.0.1
  • Mozilla Firefox 1.0.2
    cpe:2.3:a:mozilla:firefox:1.0.2
  • Mozilla Firefox 1.0.3
    cpe:2.3:a:mozilla:firefox:1.0.3
  • Mozilla Firefox 1.0.4
    cpe:2.3:a:mozilla:firefox:1.0.4
  • Mozilla Firefox 1.0.5
    cpe:2.3:a:mozilla:firefox:1.0.5
  • Mozilla Firefox 1.0.6
    cpe:2.3:a:mozilla:firefox:1.0.6
  • Mozilla Firefox 1.0.7
    cpe:2.3:a:mozilla:firefox:1.0.7
  • Mozilla Firefox 1.0.8
    cpe:2.3:a:mozilla:firefox:1.0.8
  • Mozilla Firefox 1.4.1
    cpe:2.3:a:mozilla:firefox:1.4.1
  • Mozilla Firefox 1.5
    cpe:2.3:a:mozilla:firefox:1.5
  • Mozilla Firefox 1.5 Beta 1
    cpe:2.3:a:mozilla:firefox:1.5:beta1
  • Mozilla Firefox 1.5 Beta 2
    cpe:2.3:a:mozilla:firefox:1.5:beta2
  • Mozilla Firefox 1.5.0.1
    cpe:2.3:a:mozilla:firefox:1.5.0.1
  • Mozilla Firefox 1.5.0.2
    cpe:2.3:a:mozilla:firefox:1.5.0.2
  • Mozilla Firefox 1.5.0.3
    cpe:2.3:a:mozilla:firefox:1.5.0.3
  • Mozilla Firefox 1.5.0.4
    cpe:2.3:a:mozilla:firefox:1.5.0.4
  • Mozilla Firefox 1.5.0.5
    cpe:2.3:a:mozilla:firefox:1.5.0.5
  • Mozilla Firefox 1.5.0.6
    cpe:2.3:a:mozilla:firefox:1.5.0.6
  • Mozilla Firefox 1.5.0.7
    cpe:2.3:a:mozilla:firefox:1.5.0.7
  • Mozilla Firefox 1.5.0.8
    cpe:2.3:a:mozilla:firefox:1.5.0.8
  • Mozilla Firefox 1.5.0.9
    cpe:2.3:a:mozilla:firefox:1.5.0.9
  • Mozilla Firefox 1.5.0.10
    cpe:2.3:a:mozilla:firefox:1.5.0.10
  • Mozilla Firefox 1.5.0.11
    cpe:2.3:a:mozilla:firefox:1.5.0.11
  • Mozilla Firefox 1.5.0.12
    cpe:2.3:a:mozilla:firefox:1.5.0.12
  • Mozilla Firefox 1.5.1
    cpe:2.3:a:mozilla:firefox:1.5.1
  • Mozilla Firefox 1.5.2
    cpe:2.3:a:mozilla:firefox:1.5.2
  • Mozilla Firefox 1.5.3
    cpe:2.3:a:mozilla:firefox:1.5.3
  • Mozilla Firefox 1.5.4
    cpe:2.3:a:mozilla:firefox:1.5.4
  • Mozilla Firefox 1.5.5
    cpe:2.3:a:mozilla:firefox:1.5.5
  • Mozilla Firefox 1.5.6
    cpe:2.3:a:mozilla:firefox:1.5.6
  • Mozilla Firefox 1.5.7
    cpe:2.3:a:mozilla:firefox:1.5.7
  • Mozilla Firefox 1.5.8
    cpe:2.3:a:mozilla:firefox:1.5.8
  • Mozilla Firefox 1.8
    cpe:2.3:a:mozilla:firefox:1.8
  • Mozilla Firefox 2.0
    cpe:2.3:a:mozilla:firefox:2.0
  • Mozilla Firefox 2.0.0.1
    cpe:2.3:a:mozilla:firefox:2.0.0.1
  • Mozilla Firefox 2.0.0.2
    cpe:2.3:a:mozilla:firefox:2.0.0.2
  • Mozilla Firefox 2.0.0.3
    cpe:2.3:a:mozilla:firefox:2.0.0.3
  • Mozilla Firefox 2.0.0.4
    cpe:2.3:a:mozilla:firefox:2.0.0.4
  • Mozilla Firefox 2.0.0.5
    cpe:2.3:a:mozilla:firefox:2.0.0.5
  • Mozilla Firefox 2.0.0.6
    cpe:2.3:a:mozilla:firefox:2.0.0.6
  • Mozilla Firefox 2.0.0.7
    cpe:2.3:a:mozilla:firefox:2.0.0.7
  • Mozilla Firefox 2.0.0.8
    cpe:2.3:a:mozilla:firefox:2.0.0.8
  • Mozilla Firefox 2.0.0.9
    cpe:2.3:a:mozilla:firefox:2.0.0.9
  • Mozilla Firefox 2.0.0.10
    cpe:2.3:a:mozilla:firefox:2.0.0.10
  • Mozilla Firefox 2.0.0.11
    cpe:2.3:a:mozilla:firefox:2.0.0.11
  • Mozilla Firefox 2.0.0.12
    cpe:2.3:a:mozilla:firefox:2.0.0.12
  • Mozilla Firefox 2.0.0.13
    cpe:2.3:a:mozilla:firefox:2.0.0.13
  • Mozilla Firefox 2.0.0.14
    cpe:2.3:a:mozilla:firefox:2.0.0.14
  • Mozilla Firefox 2.0.0.15
    cpe:2.3:a:mozilla:firefox:2.0.0.15
  • Mozilla Firefox 2.0.0.16
    cpe:2.3:a:mozilla:firefox:2.0.0.16
  • Mozilla Firefox 2.0.0.17
    cpe:2.3:a:mozilla:firefox:2.0.0.17
  • Mozilla Firefox 2.0.0.18
    cpe:2.3:a:mozilla:firefox:2.0.0.18
  • Mozilla Firefox 2.0.0.19
    cpe:2.3:a:mozilla:firefox:2.0.0.19
  • Mozilla Firefox 2.0.0.20
    cpe:2.3:a:mozilla:firefox:2.0.0.20
  • Mozilla Firefox 3.0
    cpe:2.3:a:mozilla:firefox:3.0
  • Mozilla Firefox 3.0.1
    cpe:2.3:a:mozilla:firefox:3.0.1
  • Mozilla Firefox 3.0.2
    cpe:2.3:a:mozilla:firefox:3.0.2
  • Mozilla Firefox 3.0.3
    cpe:2.3:a:mozilla:firefox:3.0.3
  • Mozilla Firefox 3.0.4
    cpe:2.3:a:mozilla:firefox:3.0.4
  • Mozilla Firefox 3.0.5
    cpe:2.3:a:mozilla:firefox:3.0.5
  • Mozilla Firefox 3.0.6
    cpe:2.3:a:mozilla:firefox:3.0.6
  • Mozilla Firefox 3.0.7
    cpe:2.3:a:mozilla:firefox:3.0.7
  • Mozilla Firefox 3.0.8
    cpe:2.3:a:mozilla:firefox:3.0.8
  • Mozilla Firefox 3.0.9
    cpe:2.3:a:mozilla:firefox:3.0.9
  • Mozilla Firefox 3.0.10
    cpe:2.3:a:mozilla:firefox:3.0.10
  • Mozilla Firefox 3.0.11
    cpe:2.3:a:mozilla:firefox:3.0.11
  • Mozilla Firefox 3.0.12
    cpe:2.3:a:mozilla:firefox:3.0.12
  • Mozilla Firefox 3.0.13
    cpe:2.3:a:mozilla:firefox:3.0.13
  • Mozilla Firefox 3.0.14
    cpe:2.3:a:mozilla:firefox:3.0.14
  • Mozilla Firefox 3.0.15
    cpe:2.3:a:mozilla:firefox:3.0.15
  • Mozilla Firefox 3.0.16
    cpe:2.3:a:mozilla:firefox:3.0.16
  • Mozilla Firefox 3.0.17
    cpe:2.3:a:mozilla:firefox:3.0.17
  • Mozilla Firefox 3.0.18
    cpe:2.3:a:mozilla:firefox:3.0.18
  • Mozilla Firefox 3.0.19
    cpe:2.3:a:mozilla:firefox:3.0.19
  • Mozilla Firefox 3.5
    cpe:2.3:a:mozilla:firefox:3.5
  • Mozilla Firefox 3.5.1
    cpe:2.3:a:mozilla:firefox:3.5.1
  • Mozilla Firefox 3.5.2
    cpe:2.3:a:mozilla:firefox:3.5.2
  • Mozilla Firefox 3.5.3
    cpe:2.3:a:mozilla:firefox:3.5.3
  • Mozilla Firefox 3.5.4
    cpe:2.3:a:mozilla:firefox:3.5.4
  • Mozilla Firefox 3.5.5
    cpe:2.3:a:mozilla:firefox:3.5.5
  • Mozilla Firefox 3.5.6
    cpe:2.3:a:mozilla:firefox:3.5.6
  • Mozilla Firefox 3.5.7
    cpe:2.3:a:mozilla:firefox:3.5.7
  • Mozilla Firefox 3.5.8
    cpe:2.3:a:mozilla:firefox:3.5.8
  • Mozilla Firefox 3.5.9
    cpe:2.3:a:mozilla:firefox:3.5.9
  • Mozilla Firefox 3.5.10
    cpe:2.3:a:mozilla:firefox:3.5.10
  • Mozilla Firefox 3.5.11
    cpe:2.3:a:mozilla:firefox:3.5.11
  • Mozilla Firefox 3.5.12
    cpe:2.3:a:mozilla:firefox:3.5.12
  • Mozilla Firefox 3.5.13
    cpe:2.3:a:mozilla:firefox:3.5.13
  • Mozilla Firefox 3.5.14
    cpe:2.3:a:mozilla:firefox:3.5.14
  • Mozilla Firefox 3.5.15
    cpe:2.3:a:mozilla:firefox:3.5.15
  • Mozilla Firefox 3.5.16
    cpe:2.3:a:mozilla:firefox:3.5.16
  • Mozilla Firefox 3.5.17
    cpe:2.3:a:mozilla:firefox:3.5.17
  • Mozilla Firefox 3.5.18
    cpe:2.3:a:mozilla:firefox:3.5.18
  • Mozilla Firefox 3.5.19
    cpe:2.3:a:mozilla:firefox:3.5.19
  • Mozilla Firefox 3.6
    cpe:2.3:a:mozilla:firefox:3.6
  • Mozilla Firefox 3.6.2
    cpe:2.3:a:mozilla:firefox:3.6.2
  • Mozilla Firefox 3.6.3
    cpe:2.3:a:mozilla:firefox:3.6.3
  • Mozilla Firefox 3.6.4
    cpe:2.3:a:mozilla:firefox:3.6.4
  • Mozilla Firefox 3.6.6
    cpe:2.3:a:mozilla:firefox:3.6.6
  • Mozilla Firefox 3.6.7
    cpe:2.3:a:mozilla:firefox:3.6.7
  • Mozilla Firefox 3.6.8
    cpe:2.3:a:mozilla:firefox:3.6.8
  • Mozilla Firefox 3.6.9
    cpe:2.3:a:mozilla:firefox:3.6.9
  • Mozilla Firefox 3.6.10
    cpe:2.3:a:mozilla:firefox:3.6.10
  • Mozilla Firefox 3.6.11
    cpe:2.3:a:mozilla:firefox:3.6.11
  • Mozilla Firefox 3.6.12
    cpe:2.3:a:mozilla:firefox:3.6.12
  • Mozilla Firefox 3.6.13
    cpe:2.3:a:mozilla:firefox:3.6.13
  • Mozilla Firefox 3.6.14
    cpe:2.3:a:mozilla:firefox:3.6.14
  • Mozilla Firefox 3.6.15
    cpe:2.3:a:mozilla:firefox:3.6.15
  • Mozilla Firefox 3.6.16
    cpe:2.3:a:mozilla:firefox:3.6.16
  • Mozilla Firefox 3.6.17
    cpe:2.3:a:mozilla:firefox:3.6.17
  • Mozilla Firefox 3.6.18
    cpe:2.3:a:mozilla:firefox:3.6.18
  • Mozilla Firefox 3.6.19
    cpe:2.3:a:mozilla:firefox:3.6.19
  • Mozilla Firefox 3.6.20
    cpe:2.3:a:mozilla:firefox:3.6.20
  • Mozilla Firefox 3.6.21
    cpe:2.3:a:mozilla:firefox:3.6.21
  • Mozilla Firefox 3.6.22
    cpe:2.3:a:mozilla:firefox:3.6.22
  • Mozilla Firefox 3.6.23
    cpe:2.3:a:mozilla:firefox:3.6.23
  • Mozilla Firefox 3.6.24
    cpe:2.3:a:mozilla:firefox:3.6.24
  • Mozilla Firefox 3.6.25
    cpe:2.3:a:mozilla:firefox:3.6.25
  • Mozilla Firefox 3.6.26
    cpe:2.3:a:mozilla:firefox:3.6.26
  • Mozilla Firefox 3.6.27
    cpe:2.3:a:mozilla:firefox:3.6.27
  • Mozilla Firefox 3.6.28
    cpe:2.3:a:mozilla:firefox:3.6.28
  • Mozilla Firefox 4.0
    cpe:2.3:a:mozilla:firefox:4.0
  • Mozilla Firefox 4.0 beta1
    cpe:2.3:a:mozilla:firefox:4.0:beta1
  • Mozilla Firefox 4.0 beta10
    cpe:2.3:a:mozilla:firefox:4.0:beta10
  • Mozilla Firefox 4.0 beta11
    cpe:2.3:a:mozilla:firefox:4.0:beta11
  • Mozilla Firefox 4.0 beta12
    cpe:2.3:a:mozilla:firefox:4.0:beta12
  • Mozilla Firefox 4.0 beta2
    cpe:2.3:a:mozilla:firefox:4.0:beta2
  • Mozilla Firefox 4.0 beta3
    cpe:2.3:a:mozilla:firefox:4.0:beta3
  • Mozilla Firefox 4.0 beta4
    cpe:2.3:a:mozilla:firefox:4.0:beta4
  • Mozilla Firefox 4.0 beta5
    cpe:2.3:a:mozilla:firefox:4.0:beta5
  • Mozilla Firefox 4.0 beta6
    cpe:2.3:a:mozilla:firefox:4.0:beta6
  • Mozilla Firefox 4.0 beta7
    cpe:2.3:a:mozilla:firefox:4.0:beta7
  • Mozilla Firefox 4.0 beta8
    cpe:2.3:a:mozilla:firefox:4.0:beta8
  • Mozilla Firefox 4.0 beta9
    cpe:2.3:a:mozilla:firefox:4.0:beta9
  • Mozilla Firefox 4.0.1
    cpe:2.3:a:mozilla:firefox:4.0.1
  • Mozilla Firefox 5.0
    cpe:2.3:a:mozilla:firefox:5.0
  • Mozilla Firefox 5.0.1
    cpe:2.3:a:mozilla:firefox:5.0.1
  • Mozilla Firefox 6.0
    cpe:2.3:a:mozilla:firefox:6.0
  • Mozilla Firefox 6.0.1
    cpe:2.3:a:mozilla:firefox:6.0.1
  • Mozilla Firefox 6.0.2
    cpe:2.3:a:mozilla:firefox:6.0.2
  • Mozilla Firefox 7.0
    cpe:2.3:a:mozilla:firefox:7.0
  • Mozilla Firefox 7.0.1
    cpe:2.3:a:mozilla:firefox:7.0.1
  • Mozilla Firefox 8.0
    cpe:2.3:a:mozilla:firefox:8.0
  • Mozilla Firefox 8.0.1
    cpe:2.3:a:mozilla:firefox:8.0.1
  • Mozilla Firefox 9.0
    cpe:2.3:a:mozilla:firefox:9.0
  • Mozilla Firefox 9.0.1
    cpe:2.3:a:mozilla:firefox:9.0.1
  • Mozilla Firefox 10.0
    cpe:2.3:a:mozilla:firefox:10.0
  • Mozilla Firefox 10.0.1
    cpe:2.3:a:mozilla:firefox:10.0.1
  • Mozilla Firefox 10.0.2
    cpe:2.3:a:mozilla:firefox:10.0.2
  • Mozilla Firefox 10.0.3
    cpe:2.3:a:mozilla:firefox:10.0.3
  • Mozilla Firefox 10.0.4
    cpe:2.3:a:mozilla:firefox:10.0.4
  • Mozilla Firefox 10.0.5
    cpe:2.3:a:mozilla:firefox:10.0.5
  • Mozilla Firefox 10.0.6
    cpe:2.3:a:mozilla:firefox:10.0.6
  • Mozilla Firefox 10.0.7
    cpe:2.3:a:mozilla:firefox:10.0.7
  • Mozilla Firefox 10.0.8
    cpe:2.3:a:mozilla:firefox:10.0.8
  • Mozilla Firefox 10.0.9
    cpe:2.3:a:mozilla:firefox:10.0.9
  • Mozilla Firefox 10.0.10
    cpe:2.3:a:mozilla:firefox:10.0.10
  • Mozilla Firefox 10.0.11
    cpe:2.3:a:mozilla:firefox:10.0.11
  • Mozilla Firefox 10.0.12
    cpe:2.3:a:mozilla:firefox:10.0.12
  • Mozilla Firefox 11.0
    cpe:2.3:a:mozilla:firefox:11.0
  • Mozilla Firefox 12.0
    cpe:2.3:a:mozilla:firefox:12.0
  • Mozilla Firefox 12.0 beta6
    cpe:2.3:a:mozilla:firefox:12.0:beta6
  • Mozilla Firefox 13.0
    cpe:2.3:a:mozilla:firefox:13.0
  • Mozilla Firefox 13.0.1
    cpe:2.3:a:mozilla:firefox:13.0.1
  • Mozilla Firefox 14.0
    cpe:2.3:a:mozilla:firefox:14.0
  • Mozilla Firefox 14.0.1
    cpe:2.3:a:mozilla:firefox:14.0.1
  • Mozilla Firefox 15.0
    cpe:2.3:a:mozilla:firefox:15.0
  • Mozilla Firefox 15.0.1
    cpe:2.3:a:mozilla:firefox:15.0.1
  • Mozilla Firefox 16.0
    cpe:2.3:a:mozilla:firefox:16.0
  • Mozilla Firefox 16.0.1
    cpe:2.3:a:mozilla:firefox:16.0.1
  • Mozilla Firefox 16.0.2
    cpe:2.3:a:mozilla:firefox:16.0.2
  • Mozilla Firefox 17.0
    cpe:2.3:a:mozilla:firefox:17.0
  • Mozilla Firefox 17.0.1
    cpe:2.3:a:mozilla:firefox:17.0.1
  • Mozilla Firefox 17.0.2
    cpe:2.3:a:mozilla:firefox:17.0.2
  • Mozilla Firefox 17.0.3
    cpe:2.3:a:mozilla:firefox:17.0.3
  • Mozilla Firefox 17.0.4
    cpe:2.3:a:mozilla:firefox:17.0.4
  • Mozilla Firefox 17.0.5
    cpe:2.3:a:mozilla:firefox:17.0.5
  • Mozilla Firefox 17.0.6
    cpe:2.3:a:mozilla:firefox:17.0.6
  • Mozilla Firefox 17.0.7
    cpe:2.3:a:mozilla:firefox:17.0.7
  • Mozilla Firefox 17.0.8
    cpe:2.3:a:mozilla:firefox:17.0.8
  • Mozilla Firefox 17.0.9
    cpe:2.3:a:mozilla:firefox:17.0.9
  • Mozilla Firefox 17.0.10
    cpe:2.3:a:mozilla:firefox:17.0.10
  • Mozilla Firefox 17.0.11
    cpe:2.3:a:mozilla:firefox:17.0.11
  • Mozilla Firefox 18.0
    cpe:2.3:a:mozilla:firefox:18.0
  • Mozilla Firefox 18.0.1
    cpe:2.3:a:mozilla:firefox:18.0.1
  • Mozilla Firefox 18.0.2
    cpe:2.3:a:mozilla:firefox:18.0.2
  • Mozilla Firefox 19.0
    cpe:2.3:a:mozilla:firefox:19.0
  • Mozilla Firefox 19.0.1
    cpe:2.3:a:mozilla:firefox:19.0.1
  • Mozilla Firefox 19.0.2
    cpe:2.3:a:mozilla:firefox:19.0.2
  • Mozilla Firefox 20.0
    cpe:2.3:a:mozilla:firefox:20.0
  • Mozilla Firefox 20.0.1
    cpe:2.3:a:mozilla:firefox:20.0.1
  • Mozilla Firefox 21.0
    cpe:2.3:a:mozilla:firefox:21.0
  • Mozilla Firefox 22.0
    cpe:2.3:a:mozilla:firefox:22.0
  • Mozilla Firefox 23.0
    cpe:2.3:a:mozilla:firefox:23.0
  • Mozilla Firefox 23.0.1
    cpe:2.3:a:mozilla:firefox:23.0.1
  • Mozilla Firefox 24.0
    cpe:2.3:a:mozilla:firefox:24.0
  • Mozilla Firefox 24.1
    cpe:2.3:a:mozilla:firefox:24.1
  • Mozilla Firefox 24.1.0
    cpe:2.3:a:mozilla:firefox:24.1.0
  • Mozilla Firefox 24.1.1
    cpe:2.3:a:mozilla:firefox:24.1.1
  • Mozilla Firefox 24.2.0
    cpe:2.3:a:mozilla:firefox:24.2.0
  • Mozilla Firefox 24.3.0
    cpe:2.3:a:mozilla:firefox:24.3.0
  • Mozilla Firefox 24.4.0
    cpe:2.3:a:mozilla:firefox:24.4.0
  • Mozilla Firefox 24.5.0
    cpe:2.3:a:mozilla:firefox:24.5.0
  • Mozilla Firefox 24.6.0
    cpe:2.3:a:mozilla:firefox:24.6.0
  • Mozilla Firefox 24.7.0
    cpe:2.3:a:mozilla:firefox:24.7.0
  • Mozilla Firefox 24.8.0
    cpe:2.3:a:mozilla:firefox:24.8.0
  • Mozilla Firefox 24.8.1
    cpe:2.3:a:mozilla:firefox:24.8.1
  • Mozilla Firefox 25.0
    cpe:2.3:a:mozilla:firefox:25.0
  • Mozilla Firefox 25.0.1
    cpe:2.3:a:mozilla:firefox:25.0.1
  • Mozilla Firefox 26.0
    cpe:2.3:a:mozilla:firefox:26.0
  • Mozilla Firefox 27.0
    cpe:2.3:a:mozilla:firefox:27.0
  • Mozilla Firefox 27.0.1
    cpe:2.3:a:mozilla:firefox:27.0.1
  • Mozilla Firefox 28.0
    cpe:2.3:a:mozilla:firefox:28.0
  • Mozilla Firefox 29.0
    cpe:2.3:a:mozilla:firefox:29.0
  • Mozilla Firefox 29.0.1
    cpe:2.3:a:mozilla:firefox:29.0.1
  • Mozilla Firefox 30.0
    cpe:2.3:a:mozilla:firefox:30.0
  • Mozilla Firefox 31.0
    cpe:2.3:a:mozilla:firefox:31.0
  • Mozilla Firefox 31.1.0
    cpe:2.3:a:mozilla:firefox:31.1.0
  • Mozilla Firefox 31.1.1
    cpe:2.3:a:mozilla:firefox:31.1.1
  • Mozilla Firefox 31.2.0
    cpe:2.3:a:mozilla:firefox:31.2.0
  • Mozilla Firefox 31.3.0
    cpe:2.3:a:mozilla:firefox:31.3.0
  • Mozilla Firefox 31.4.0
    cpe:2.3:a:mozilla:firefox:31.4.0
  • Mozilla Firefox 31.5.0
    cpe:2.3:a:mozilla:firefox:31.5.0
  • Mozilla Firefox 31.5.2
    cpe:2.3:a:mozilla:firefox:31.5.2
  • Mozilla Firefox 31.5.3
    cpe:2.3:a:mozilla:firefox:31.5.3
  • Mozilla Firefox 31.6.0
    cpe:2.3:a:mozilla:firefox:31.6.0
  • Mozilla Firefox 31.7.0
    cpe:2.3:a:mozilla:firefox:31.7.0
  • Mozilla Firefox 31.8.0
    cpe:2.3:a:mozilla:firefox:31.8.0
  • Mozilla Firefox 32.0
    cpe:2.3:a:mozilla:firefox:32.0
  • Mozilla Firefox 32.0.1
    cpe:2.3:a:mozilla:firefox:32.0.1
  • Mozilla Firefox 32.0.2
    cpe:2.3:a:mozilla:firefox:32.0.2
  • Mozilla Firefox 32.0.3
    cpe:2.3:a:mozilla:firefox:32.0.3
  • Mozilla Firefox 33.0
    cpe:2.3:a:mozilla:firefox:33.0
  • Mozilla Firefox 33.0.1
    cpe:2.3:a:mozilla:firefox:33.0.1
  • Mozilla Firefox 33.0.2
    cpe:2.3:a:mozilla:firefox:33.0.2
  • Mozilla Firefox 33.0.3
    cpe:2.3:a:mozilla:firefox:33.0.3
  • Mozilla Firefox 33.1
    cpe:2.3:a:mozilla:firefox:33.1
  • Mozilla Firefox 33.1.1
    cpe:2.3:a:mozilla:firefox:33.1.1
  • Mozilla Firefox 34.0
    cpe:2.3:a:mozilla:firefox:34.0
  • Mozilla Firefox 34.0.5
    cpe:2.3:a:mozilla:firefox:34.0.5
  • Mozilla Firefox 35.0
    cpe:2.3:a:mozilla:firefox:35.0
  • Mozilla Firefox 35.0.1
    cpe:2.3:a:mozilla:firefox:35.0.1
  • Mozilla Firefox 36.0
    cpe:2.3:a:mozilla:firefox:36.0
  • Mozilla Firefox 36.0.1
    cpe:2.3:a:mozilla:firefox:36.0.1
  • Mozilla Firefox 36.0.3
    cpe:2.3:a:mozilla:firefox:36.0.3
  • Mozilla Firefox 36.0.4
    cpe:2.3:a:mozilla:firefox:36.0.4
  • Mozilla Firefox 37.0
    cpe:2.3:a:mozilla:firefox:37.0
  • Mozilla Firefox 37.0.1
    cpe:2.3:a:mozilla:firefox:37.0.1
  • Mozilla Firefox 37.0.2
    cpe:2.3:a:mozilla:firefox:37.0.2
  • Mozilla Firefox 38.0
    cpe:2.3:a:mozilla:firefox:38.0
  • Mozilla Firefox 38.0.1
    cpe:2.3:a:mozilla:firefox:38.0.1
  • Mozilla Firefox 38.0.5
    cpe:2.3:a:mozilla:firefox:38.0.5
  • Mozilla Firefox 38.1.0
    cpe:2.3:a:mozilla:firefox:38.1.0
  • Mozilla Firefox 38.1.1
    cpe:2.3:a:mozilla:firefox:38.1.1
  • Mozilla Firefox 38.2.0
    cpe:2.3:a:mozilla:firefox:38.2.0
  • Mozilla Firefox 38.2.1
    cpe:2.3:a:mozilla:firefox:38.2.1
  • Mozilla Firefox 38.3.0
    cpe:2.3:a:mozilla:firefox:38.3.0
  • Mozilla Firefox 38.4.0
    cpe:2.3:a:mozilla:firefox:38.4.0
  • Mozilla Firefox 38.5.0
    cpe:2.3:a:mozilla:firefox:38.5.0
  • Mozilla Firefox 38.5.1
    cpe:2.3:a:mozilla:firefox:38.5.1
  • Mozilla Firefox 38.5.2
    cpe:2.3:a:mozilla:firefox:38.5.2
  • Mozilla Firefox 38.6.0
    cpe:2.3:a:mozilla:firefox:38.6.0
  • Mozilla Firefox 38.6.1
    cpe:2.3:a:mozilla:firefox:38.6.1
  • Mozilla Firefox 38.7.0
    cpe:2.3:a:mozilla:firefox:38.7.0
  • Mozilla Firefox 38.7.1
    cpe:2.3:a:mozilla:firefox:38.7.1
  • Mozilla Firefox 38.8.0
    cpe:2.3:a:mozilla:firefox:38.8.0
  • Mozilla Firefox 39.0
    cpe:2.3:a:mozilla:firefox:39.0
  • Mozilla Firefox 39.0.3
    cpe:2.3:a:mozilla:firefox:39.0.3
  • Mozilla Firefox 40.0
    cpe:2.3:a:mozilla:firefox:40.0
  • Mozilla Firefox 40.0.2
    cpe:2.3:a:mozilla:firefox:40.0.2
  • Mozilla Firefox 40.0.3
    cpe:2.3:a:mozilla:firefox:40.0.3
  • Mozilla Firefox 41.0
    cpe:2.3:a:mozilla:firefox:41.0
  • Mozilla Firefox 41.0.1
    cpe:2.3:a:mozilla:firefox:41.0.1
  • Mozilla Firefox 41.0.2
    cpe:2.3:a:mozilla:firefox:41.0.2
  • Mozilla Firefox 42.0
    cpe:2.3:a:mozilla:firefox:42.0
  • Mozilla Firefox 42.0 (64 bit)
    cpe:2.3:a:mozilla:firefox:42.0:-:-:-:-:-:x64
  • Mozilla Firefox 43.0
    cpe:2.3:a:mozilla:firefox:43.0
  • Mozilla Firefox 43.0.1
    cpe:2.3:a:mozilla:firefox:43.0.1
  • Mozilla Firefox 43.0.2
    cpe:2.3:a:mozilla:firefox:43.0.2
  • Mozilla Firefox 43.0.3
    cpe:2.3:a:mozilla:firefox:43.0.3
  • Mozilla Firefox 43.0.4
    cpe:2.3:a:mozilla:firefox:43.0.4
  • Mozilla Firefox 44.0
    cpe:2.3:a:mozilla:firefox:44.0
  • Mozilla Firefox 44.0.1
    cpe:2.3:a:mozilla:firefox:44.0.1
  • Mozilla Firefox 44.0.2
    cpe:2.3:a:mozilla:firefox:44.0.2
  • Mozilla Firefox 45.0
    cpe:2.3:a:mozilla:firefox:45.0
  • Mozilla Firefox 45.0.1
    cpe:2.3:a:mozilla:firefox:45.0.1
  • Mozilla Firefox 45.0.2
    cpe:2.3:a:mozilla:firefox:45.0.2
  • Mozilla Firefox 45.1.1
    cpe:2.3:a:mozilla:firefox:45.1.1
  • Mozilla Firefox 45.2.0
    cpe:2.3:a:mozilla:firefox:45.2.0
  • Mozilla Firefox 45.3.0
    cpe:2.3:a:mozilla:firefox:45.3.0
  • Mozilla Firefox 45.4.0
    cpe:2.3:a:mozilla:firefox:45.4.0
  • Mozilla Firefox 45.5.0
    cpe:2.3:a:mozilla:firefox:45.5.0
  • Mozilla Firefox 45.5.1
    cpe:2.3:a:mozilla:firefox:45.5.1
  • Mozilla Firefox 45.6.0
    cpe:2.3:a:mozilla:firefox:45.6.0
  • Mozilla Firefox 45.7.0
    cpe:2.3:a:mozilla:firefox:45.7.0
  • Mozilla Firefox 45.8.0
    cpe:2.3:a:mozilla:firefox:45.8.0
  • Mozilla Firefox 45.9.0
    cpe:2.3:a:mozilla:firefox:45.9.0
  • Mozilla Firefox 46.0
    cpe:2.3:a:mozilla:firefox:46.0
  • Mozilla Firefox 46.0.1
    cpe:2.3:a:mozilla:firefox:46.0.1
  • Mozilla Firefox 47.0
    cpe:2.3:a:mozilla:firefox:47.0
  • Mozilla Firefox 47.0.1
    cpe:2.3:a:mozilla:firefox:47.0.1
  • Mozilla Firefox 47.0.2
    cpe:2.3:a:mozilla:firefox:47.0.2
  • Mozilla Firefox 48.0
    cpe:2.3:a:mozilla:firefox:48.0
  • Mozilla Firefox 48.0.1
    cpe:2.3:a:mozilla:firefox:48.0.1
  • Mozilla Firefox 48.0.2
    cpe:2.3:a:mozilla:firefox:48.0.2
  • Mozilla Firefox 49.0
    cpe:2.3:a:mozilla:firefox:49.0
  • Mozilla Firefox 49.0.1
    cpe:2.3:a:mozilla:firefox:49.0.1
  • Mozilla Firefox 49.0.2
    cpe:2.3:a:mozilla:firefox:49.0.2
  • Mozilla Firefox 50.0
    cpe:2.3:a:mozilla:firefox:50.0
  • Mozilla Firefox 50.0.1
    cpe:2.3:a:mozilla:firefox:50.0.1
  • Mozilla Firefox 50.0.2
    cpe:2.3:a:mozilla:firefox:50.0.2
  • Mozilla Firefox 51.0
    cpe:2.3:a:mozilla:firefox:51.0
  • Mozilla Firefox 51.0.1
    cpe:2.3:a:mozilla:firefox:51.0.1
  • Mozilla Firefox 52.0
    cpe:2.3:a:mozilla:firefox:52.0
  • Mozilla Firefox 52.0.1
    cpe:2.3:a:mozilla:firefox:52.0.1
  • Mozilla Firefox 52.0.2
    cpe:2.3:a:mozilla:firefox:52.0.2
  • Mozilla Firefox 52.1.0
    cpe:2.3:a:mozilla:firefox:52.1.0
  • Mozilla Firefox 52.1.1
    cpe:2.3:a:mozilla:firefox:52.1.1
  • Mozilla Firefox 52.1.2
    cpe:2.3:a:mozilla:firefox:52.1.2
  • Mozilla Firefox 52.2.0
    cpe:2.3:a:mozilla:firefox:52.2.0
  • Mozilla Firefox 52.2.1
    cpe:2.3:a:mozilla:firefox:52.2.1
  • Mozilla Firefox 52.3.0
    cpe:2.3:a:mozilla:firefox:52.3.0
  • Mozilla Firefox 52.4.0
    cpe:2.3:a:mozilla:firefox:52.4.0
  • Mozilla Firefox 52.4.1
    cpe:2.3:a:mozilla:firefox:52.4.1
  • Mozilla Firefox 52.5.0
    cpe:2.3:a:mozilla:firefox:52.5.0
  • Mozilla Firefox 52.5.2
    cpe:2.3:a:mozilla:firefox:52.5.2
  • Mozilla Firefox 52.5.3
    cpe:2.3:a:mozilla:firefox:52.5.3
  • Mozilla Firefox 52.6.0
    cpe:2.3:a:mozilla:firefox:52.6.0
  • Mozilla Firefox 52.7.0
    cpe:2.3:a:mozilla:firefox:52.7.0
  • Mozilla Firefox 52.7.1
    cpe:2.3:a:mozilla:firefox:52.7.1
  • Mozilla Firefox 52.7.2
    cpe:2.3:a:mozilla:firefox:52.7.2
  • Mozilla Firefox 52.7.3
    cpe:2.3:a:mozilla:firefox:52.7.3
  • Mozilla Firefox 52.7.4
    cpe:2.3:a:mozilla:firefox:52.7.4
  • Mozilla Firefox 52.8.0
    cpe:2.3:a:mozilla:firefox:52.8.0
  • Mozilla Firefox 52.8.1
    cpe:2.3:a:mozilla:firefox:52.8.1
  • Mozilla Firefox 52.9.0
    cpe:2.3:a:mozilla:firefox:52.9.0
  • Mozilla Firefox 53.0
    cpe:2.3:a:mozilla:firefox:53.0
  • Mozilla Firefox 53.0.2
    cpe:2.3:a:mozilla:firefox:53.0.2
  • Mozilla Firefox 53.0.3
    cpe:2.3:a:mozilla:firefox:53.0.3
  • Mozilla Firefox 54.0
    cpe:2.3:a:mozilla:firefox:54.0
  • Mozilla Firefox 54.0.1
    cpe:2.3:a:mozilla:firefox:54.0.1
  • Mozilla Firefox 55.0
    cpe:2.3:a:mozilla:firefox:55.0
  • Mozilla Firefox 55.0.1
    cpe:2.3:a:mozilla:firefox:55.0.1
  • Mozilla Firefox 55.0.2
    cpe:2.3:a:mozilla:firefox:55.0.2
  • Mozilla Firefox 55.0.3
    cpe:2.3:a:mozilla:firefox:55.0.3
  • Mozilla Firefox 56.0
    cpe:2.3:a:mozilla:firefox:56.0
  • Mozilla Firefox 56.0.1
    cpe:2.3:a:mozilla:firefox:56.0.1
  • Mozilla Firefox 56.0.2
    cpe:2.3:a:mozilla:firefox:56.0.2
  • Mozilla Firefox 57.0
    cpe:2.3:a:mozilla:firefox:57.0
  • Mozilla Firefox 57.0.1
    cpe:2.3:a:mozilla:firefox:57.0.1
  • Mozilla Firefox 57.0.2
    cpe:2.3:a:mozilla:firefox:57.0.2
  • Mozilla Firefox 57.0.3
    cpe:2.3:a:mozilla:firefox:57.0.3
  • Mozilla Firefox 57.0.4
    cpe:2.3:a:mozilla:firefox:57.0.4
  • Mozilla Firefox 58.0
    cpe:2.3:a:mozilla:firefox:58.0
  • Mozilla Firefox 58.0.1
    cpe:2.3:a:mozilla:firefox:58.0.1
  • Mozilla Firefox 58.0.2
    cpe:2.3:a:mozilla:firefox:58.0.2
  • Mozilla Firefox 59.0
    cpe:2.3:a:mozilla:firefox:59.0
  • Mozilla Firefox 59.0.1
    cpe:2.3:a:mozilla:firefox:59.0.1
  • Mozilla Firefox 59.0.2
    cpe:2.3:a:mozilla:firefox:59.0.2
  • Mozilla Firefox 59.0.3
    cpe:2.3:a:mozilla:firefox:59.0.3
  • Mozilla Firefox 60.0
    cpe:2.3:a:mozilla:firefox:60.0
  • Mozilla Firefox 60.0.1
    cpe:2.3:a:mozilla:firefox:60.0.1
  • Mozilla Firefox 60.0.2
    cpe:2.3:a:mozilla:firefox:60.0.2
  • Mozilla Firefox 60.1.0
    cpe:2.3:a:mozilla:firefox:60.1.0
  • Mozilla Firefox 60.2.0
    cpe:2.3:a:mozilla:firefox:60.2.0
  • Mozilla Firefox 60.2.1
    cpe:2.3:a:mozilla:firefox:60.2.1
  • Mozilla Firefox 60.2.2
    cpe:2.3:a:mozilla:firefox:60.2.2
  • Mozilla Firefox 60.3.0
    cpe:2.3:a:mozilla:firefox:60.3.0
  • Mozilla Firefox 60.4.0
    cpe:2.3:a:mozilla:firefox:60.4.0
  • Mozilla Firefox 60.5.0
    cpe:2.3:a:mozilla:firefox:60.5.0
  • Mozilla Firefox 61.0
    cpe:2.3:a:mozilla:firefox:61.0
  • Mozilla Firefox 61.0.1
    cpe:2.3:a:mozilla:firefox:61.0.1
  • Mozilla Firefox 61.0.2
    cpe:2.3:a:mozilla:firefox:61.0.2
  • Mozilla Firefox 62.0
    cpe:2.3:a:mozilla:firefox:62.0
  • Mozilla Firefox 62.0.2
    cpe:2.3:a:mozilla:firefox:62.0.2
  • Mozilla Firefox 62.0.3
    cpe:2.3:a:mozilla:firefox:62.0.3
  • Mozilla Firefox 63.0
    cpe:2.3:a:mozilla:firefox:63.0
  • Mozilla Firefox 63.0.1
    cpe:2.3:a:mozilla:firefox:63.0.1
  • Mozilla Firefox 63.0.3
    cpe:2.3:a:mozilla:firefox:63.0.3
  • Mozilla Firefox Extended Support Release (ESR) 10.0
    cpe:2.3:a:mozilla:firefox_esr:10.0
  • Mozilla Firefox Extended Support Release (ESR) 10.1
    cpe:2.3:a:mozilla:firefox_esr:10.0.1
  • Mozilla Firefox Extended Support Release (ESR) 10.0.2
    cpe:2.3:a:mozilla:firefox_esr:10.0.2
  • Mozilla Firefox Extended Support Release (ESR) 10.0.3
    cpe:2.3:a:mozilla:firefox_esr:10.0.3
  • Mozilla Firefox Extended Support Release (ESR) 10.0.4
    cpe:2.3:a:mozilla:firefox_esr:10.0.4
  • Mozilla Firefox Extended Support Release (ESR) 10.0.5
    cpe:2.3:a:mozilla:firefox_esr:10.0.5
  • Mozilla Firefox Extended Support Release (ESR) 10.0.6
    cpe:2.3:a:mozilla:firefox_esr:10.0.6
  • Mozilla Firefox Extended Support Release (ESR) 10.0.7
    cpe:2.3:a:mozilla:firefox_esr:10.0.7
  • Mozilla Firefox Extended Support Release (ESR) 10.0.8
    cpe:2.3:a:mozilla:firefox_esr:10.0.8
  • Mozilla Firefox Extended Support Release (ESR) 10.0.9
    cpe:2.3:a:mozilla:firefox_esr:10.0.9
  • Mozilla Firefox Extended Support Release (ESR) 10.0.10
    cpe:2.3:a:mozilla:firefox_esr:10.0.10
  • Mozilla Firefox Extended Support Release (ESR) 10.0.11
    cpe:2.3:a:mozilla:firefox_esr:10.0.11
  • Mozilla Firefox Extended Support Release (ESR) 10.0.12
    cpe:2.3:a:mozilla:firefox_esr:10.0.12
  • Mozilla Firefox Extended Support Release (ESR) 17.0
    cpe:2.3:a:mozilla:firefox_esr:17.0
  • Mozilla Firefox Extended Support Release (ESR) 17.0.1
    cpe:2.3:a:mozilla:firefox_esr:17.0.1
  • Mozilla Firefox Extended Support Release (ESR) 17.0.2
    cpe:2.3:a:mozilla:firefox_esr:17.0.2
  • Mozilla Firefox Extended Support Release (ESR) 17.0.3
    cpe:2.3:a:mozilla:firefox_esr:17.0.3
  • Mozilla Firefox Extended Support Release (ESR) 17.0.4
    cpe:2.3:a:mozilla:firefox_esr:17.0.4
  • Mozilla Firefox Extended Support Release (ESR) 17.0.5
    cpe:2.3:a:mozilla:firefox_esr:17.0.5
  • Mozilla Firefox Extended Support Release (ESR) 17.0.6
    cpe:2.3:a:mozilla:firefox_esr:17.0.6
  • Mozilla Firefox Extended Support Release (ESR) 17.0.7
    cpe:2.3:a:mozilla:firefox_esr:17.0.7
  • Mozilla Firefox Extended Support Release (ESR) 17.0.8
    cpe:2.3:a:mozilla:firefox_esr:17.0.8
  • Mozilla Firefox Extended Support Release (ESR) 17.0.9
    cpe:2.3:a:mozilla:firefox_esr:17.0.9
  • Mozilla Firefox Extended Support Release (ESR) 17.0.10
    cpe:2.3:a:mozilla:firefox_esr:17.0.10
  • Mozilla Firefox Extended Support Release (ESR) 17.0.11
    cpe:2.3:a:mozilla:firefox_esr:17.0.11
  • Mozilla Firefox Extended Support Release (ESR) 24.0
    cpe:2.3:a:mozilla:firefox_esr:24.0
  • Mozilla Firefox Extended Support Release (ESR) 24.0.1
    cpe:2.3:a:mozilla:firefox_esr:24.0.1
  • Mozilla Firefox Extended Support Release (ESR) 24.0.2
    cpe:2.3:a:mozilla:firefox_esr:24.0.2
  • Mozilla Firefox Extended Support Release (ESR) 24.1.0
    cpe:2.3:a:mozilla:firefox_esr:24.1.0
  • Mozilla Firefox Extended Support Release (ESR) 24.1.1
    cpe:2.3:a:mozilla:firefox_esr:24.1.1
  • Mozilla Firefox Extended Support Release (ESR) 24.2
    cpe:2.3:a:mozilla:firefox_esr:24.2
  • Mozilla Firefox Extended Support Release (ESR) 24.3
    cpe:2.3:a:mozilla:firefox_esr:24.3
  • Mozilla Firefox Extended Support Release (ESR) 24.4
    cpe:2.3:a:mozilla:firefox_esr:24.4
  • Mozilla Firefox Extended Support Release (ESR) 24.5
    cpe:2.3:a:mozilla:firefox_esr:24.5
  • Mozilla Firefox Extended Support Release (ESR) 24.6
    cpe:2.3:a:mozilla:firefox_esr:24.6
  • Mozilla Firefox Extended Support Release (ESR) 24.7
    cpe:2.3:a:mozilla:firefox_esr:24.7
  • Mozilla Firefox Extended Support Release (ESR) 24.8
    cpe:2.3:a:mozilla:firefox_esr:24.8
  • Mozilla Firefox Extended Support Release (ESR) 31.0
    cpe:2.3:a:mozilla:firefox_esr:31.0
  • Mozilla Firefox Extended Support Release (ESR) 31.1
    cpe:2.3:a:mozilla:firefox_esr:31.1
  • Mozilla Firefox Extended Support Release (ESR) 31.1.0
    cpe:2.3:a:mozilla:firefox_esr:31.1.0
  • Mozilla Firefox Extended Support Release (ESR) 31.1.1
    cpe:2.3:a:mozilla:firefox_esr:31.1.1
  • Mozilla Firefox Extended Support Release (ESR) 31.2
    cpe:2.3:a:mozilla:firefox_esr:31.2
  • Mozilla Firefox Extended Support Release (ESR) 31.3
    cpe:2.3:a:mozilla:firefox_esr:31.3
  • Mozilla Firefox Extended Support Release (ESR) 31.3.0
    cpe:2.3:a:mozilla:firefox_esr:31.3.0
  • Mozilla Firefox Extended Support Release (ESR) 31.4
    cpe:2.3:a:mozilla:firefox_esr:31.4
  • Mozilla Firefox Extended Support Release (ESR) 31.5
    cpe:2.3:a:mozilla:firefox_esr:31.5
  • Mozilla Firefox Extended Support Release (ESR) 31.5.1
    cpe:2.3:a:mozilla:firefox_esr:31.5.1
  • Mozilla Firefox Extended Support Release (ESR) 31.5.2
    cpe:2.3:a:mozilla:firefox_esr:31.5.2
  • Mozilla Firefox Extended Support Release (ESR) 31.5.3
    cpe:2.3:a:mozilla:firefox_esr:31.5.3
  • Mozilla Firefox Extended Support Release (ESR) 31.6
    cpe:2.3:a:mozilla:firefox_esr:31.6
  • Mozilla Firefox Extended Support Release (ESR) 31.8
    cpe:2.3:a:mozilla:firefox_esr:31.8
  • Mozilla Firefox ESR 38.0
    cpe:2.3:a:mozilla:firefox_esr:38.0
  • Mozilla Firefox ESR 38.0 (64 bit)
    cpe:2.3:a:mozilla:firefox_esr:38.0:-:-:-:-:-:x64
  • Mozilla Firefox ESR 38.0.1
    cpe:2.3:a:mozilla:firefox_esr:38.0.1
  • Mozilla Firefox ESR 38.0.1 (64 bit)
    cpe:2.3:a:mozilla:firefox_esr:38.0.1:-:-:-:-:-:x64
  • Mozilla Firefox ESR 38.0.5
    cpe:2.3:a:mozilla:firefox_esr:38.0.5
  • Mozilla Firefox ESR 38.0.5 (64 bit)
    cpe:2.3:a:mozilla:firefox_esr:38.0.5:-:-:-:-:-:x64
  • Mozilla Firefox ESR 38.1.0
    cpe:2.3:a:mozilla:firefox_esr:38.1.0
  • Mozilla Firefox ESR 38.1.0 (64 bit)
    cpe:2.3:a:mozilla:firefox_esr:38.1.0:-:-:-:-:-:x64
  • Mozilla Firefox ESR 38.1.1
    cpe:2.3:a:mozilla:firefox_esr:38.1.1
  • Mozilla Firefox ESR 38.1.1 (64 bit)
    cpe:2.3:a:mozilla:firefox_esr:38.1.1:-:-:-:-:-:x64
  • Mozilla Firefox ESR 38.2.0
    cpe:2.3:a:mozilla:firefox_esr:38.2.0
  • Mozilla Firefox ESR 38.2.0 (64 bit)
    cpe:2.3:a:mozilla:firefox_esr:38.2.0:-:-:-:-:-:x64
  • Mozilla Firefox ESR 38.2.1
    cpe:2.3:a:mozilla:firefox_esr:38.2.1
  • Mozilla Firefox ESR 38.2.1 (64 bit)
    cpe:2.3:a:mozilla:firefox_esr:38.2.1:-:-:-:-:-:x64
  • Mozilla Firefox Extended Support Release (ESR) 38.3.0
    cpe:2.3:a:mozilla:firefox_esr:38.3.0
  • Mozilla Firefox ESR 38.3.0 (64 bit)
    cpe:2.3:a:mozilla:firefox_esr:38.3.0:-:-:-:-:-:x64
  • Mozilla Firefox ESR 38.4.0
    cpe:2.3:a:mozilla:firefox_esr:38.4.0
  • Mozilla Firefox ESR 38.4.0 (64 bit)
    cpe:2.3:a:mozilla:firefox_esr:38.4.0:-:-:-:-:-:x64
  • Mozilla Firefox ESR 38.5.0
    cpe:2.3:a:mozilla:firefox_esr:38.5.0
  • Mozilla Firefox ESR 38.5.1
    cpe:2.3:a:mozilla:firefox_esr:38.5.1
  • Mozilla Firefox ESR 38.5.2
    cpe:2.3:a:mozilla:firefox_esr:38.5.2
  • Mozilla Firefox Extended Support Release (ESR) 38.6.0
    cpe:2.3:a:mozilla:firefox_esr:38.6.0
  • Mozilla Firefox Extended Support Release (ESR) 38.6.1
    cpe:2.3:a:mozilla:firefox_esr:38.6.1
  • Mozilla Firefox Extended Support Release (ESR) 38.7.0
    cpe:2.3:a:mozilla:firefox_esr:38.7.0
  • Mozilla Firefox Extended Support Release (ESR) 38.7.1
    cpe:2.3:a:mozilla:firefox_esr:38.7.1
  • Mozilla Firefox ESR 38.8.0
    cpe:2.3:a:mozilla:firefox_esr:38.8.0
  • Mozilla Firefox Extended Support Release (ESR) 45.0.2
    cpe:2.3:a:mozilla:firefox_esr:45.0.2
  • Mozilla Firefox Extended Support Release (ESR) 45.1.0
    cpe:2.3:a:mozilla:firefox_esr:45.1.0
  • Mozilla Firefox Extended Support Release (ESR) 45.1.1
    cpe:2.3:a:mozilla:firefox_esr:45.1.1
  • Mozilla Firefox Extended Support Release (ESR) 45.2.0
    cpe:2.3:a:mozilla:firefox_esr:45.2.0
  • Mozilla Firefox Extended Support Release (ESR) 45.3.0
    cpe:2.3:a:mozilla:firefox_esr:45.3.0
  • Mozilla Firefox ESR 45.4.0
    cpe:2.3:a:mozilla:firefox_esr:45.4.0
  • Mozilla Firefox ESR 45.5.0
    cpe:2.3:a:mozilla:firefox_esr:45.5.0
  • Mozilla Thunderbird
    cpe:2.3:a:mozilla:thunderbird
  • Mozilla Thunderbird 0.1
    cpe:2.3:a:mozilla:thunderbird:0.1
  • Mozilla Thunderbird 0.2
    cpe:2.3:a:mozilla:thunderbird:0.2
  • Mozilla Thunderbird 0.3
    cpe:2.3:a:mozilla:thunderbird:0.3
  • Mozilla Thunderbird 0.4
    cpe:2.3:a:mozilla:thunderbird:0.4
  • Mozilla Thunderbird 0.5
    cpe:2.3:a:mozilla:thunderbird:0.5
  • Mozilla Thunderbird 0.6
    cpe:2.3:a:mozilla:thunderbird:0.6
  • Mozilla Thunderbird 0.7
    cpe:2.3:a:mozilla:thunderbird:0.7
  • Mozilla Thunderbird 0.7 Release Candidate
    cpe:2.3:a:mozilla:thunderbird:0.7:rc
  • Mozilla Thunderbird 0.7.1
    cpe:2.3:a:mozilla:thunderbird:0.7.1
  • Mozilla Thunderbird 0.7.2
    cpe:2.3:a:mozilla:thunderbird:0.7.2
  • Mozilla Thunderbird 0.7.3
    cpe:2.3:a:mozilla:thunderbird:0.7.3
  • Mozilla Thunderbird 0.8
    cpe:2.3:a:mozilla:thunderbird:0.8
  • Mozilla Thunderbird 0.9
    cpe:2.3:a:mozilla:thunderbird:0.9
  • Mozilla Thunderbird 1.0
    cpe:2.3:a:mozilla:thunderbird:1.0
  • Mozilla Thunderbird 1.0 Release Candidate
    cpe:2.3:a:mozilla:thunderbird:1.0:rc
  • Mozilla Thunderbird 1.0.2
    cpe:2.3:a:mozilla:thunderbird:1.0.2
  • Mozilla Thunderbird 1.0.5
    cpe:2.3:a:mozilla:thunderbird:1.0.5
  • Mozilla Thunderbird 1.0.6
    cpe:2.3:a:mozilla:thunderbird:1.0.6
  • Mozilla Thunderbird 1.0.7
    cpe:2.3:a:mozilla:thunderbird:1.0.7
  • Mozilla Thunderbird 1.0.8
    cpe:2.3:a:mozilla:thunderbird:1.0.8
  • Mozilla Thunderbird 1.1 Alpha 1
    cpe:2.3:a:mozilla:thunderbird:1.1:alpha1
  • Mozilla Thunderbird 1.1 Alpha 2
    cpe:2.3:a:mozilla:thunderbird:1.1:alpha2
  • Mozilla Thunderbird 1.5
    cpe:2.3:a:mozilla:thunderbird:1.5
  • Mozilla Thunderbird 1.5 Beta 1
    cpe:2.3:a:mozilla:thunderbird:1.5:beta1
  • Mozilla Thunderbird 1.5 Beta 2
    cpe:2.3:a:mozilla:thunderbird:1.5:beta2
  • Mozilla Thunderbird 1.5 Release Candidate 1
    cpe:2.3:a:mozilla:thunderbird:1.5:rc1
  • Mozilla Thunderbird 1.5 Release Candidate 2
    cpe:2.3:a:mozilla:thunderbird:1.5:rc2
  • Mozilla Thunderbird 1.5.0.2
    cpe:2.3:a:mozilla:thunderbird:1.5.0.2
  • Mozilla Thunderbird 1.5.0.4
    cpe:2.3:a:mozilla:thunderbird:1.5.0.4
  • Mozilla Thunderbird 1.5.0.5
    cpe:2.3:a:mozilla:thunderbird:1.5.0.5
  • Mozilla Thunderbird 1.5.0.7
    cpe:2.3:a:mozilla:thunderbird:1.5.0.7
  • Mozilla Thunderbird 1.5.0.8
    cpe:2.3:a:mozilla:thunderbird:1.5.0.8
  • Mozilla Thunderbird 1.5.0.9
    cpe:2.3:a:mozilla:thunderbird:1.5.0.9
  • Mozilla Thunderbird 1.5.0.10
    cpe:2.3:a:mozilla:thunderbird:1.5.0.10
  • Mozilla Thunderbird 1.5.0.12
    cpe:2.3:a:mozilla:thunderbird:1.5.0.12
  • Mozilla Thunderbird 1.5.0.13
    cpe:2.3:a:mozilla:thunderbird:1.5.0.13
  • Mozilla Thunderbird 1.5.0.14
    cpe:2.3:a:mozilla:thunderbird:1.5.0.14
  • Mozilla Thunderbird 2.0
    cpe:2.3:a:mozilla:thunderbird:2.0
  • Mozilla Thunderbird 2.0 Alpha 1
    cpe:2.3:a:mozilla:thunderbird:2.0:alpha1
  • Mozilla Thunderbird 2.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:2.0:beta1
  • Mozilla Thunderbird 2.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:2.0:beta2
  • Mozilla Thunderbird 2.0.0.0
    cpe:2.3:a:mozilla:thunderbird:2.0.0.0
  • Mozilla Thunderbird 2.0.0.0 Release Candidate 1
    cpe:2.3:a:mozilla:thunderbird:2.0.0.0:rc1
  • Mozilla Thunderbird 2.0.0.4
    cpe:2.3:a:mozilla:thunderbird:2.0.0.4
  • Mozilla Thunderbird 2.0.0.5
    cpe:2.3:a:mozilla:thunderbird:2.0.0.5
  • Mozilla Thunderbird 2.0.0.6
    cpe:2.3:a:mozilla:thunderbird:2.0.0.6
  • Mozilla Thunderbird 2.0.0.9
    cpe:2.3:a:mozilla:thunderbird:2.0.0.9
  • Mozilla Thunderbird 2.0.0.12
    cpe:2.3:a:mozilla:thunderbird:2.0.0.12
  • Mozilla Thunderbird 2.0.0.14
    cpe:2.3:a:mozilla:thunderbird:2.0.0.14
  • Mozilla Thunderbird 2.0.0.16
    cpe:2.3:a:mozilla:thunderbird:2.0.0.16
  • Mozilla Thunderbird 2.0.0.17
    cpe:2.3:a:mozilla:thunderbird:2.0.0.17
  • Mozilla Thunderbird 2.0.0.18
    cpe:2.3:a:mozilla:thunderbird:2.0.0.18
  • Mozilla Thunderbird 2.0.0.19
    cpe:2.3:a:mozilla:thunderbird:2.0.0.19
  • Mozilla Thunderbird 2.0.0.21
    cpe:2.3:a:mozilla:thunderbird:2.0.0.21
  • Mozilla Thunderbird 2.0.0.22
    cpe:2.3:a:mozilla:thunderbird:2.0.0.22
  • Mozilla Thunderbird 2.0.0.23
    cpe:2.3:a:mozilla:thunderbird:2.0.0.23
  • Mozilla Thunderbird 2.0.0.24
    cpe:2.3:a:mozilla:thunderbird:2.0.0.24
  • Mozilla Thunderbird 2.0.0.14
    cpe:2.3:a:mozilla:thunderbird:2.0.14
  • Mozilla Thunderbird 3.0
    cpe:2.3:a:mozilla:thunderbird:3.0
  • Mozilla Thunderbird 3.0 Alpha 1
    cpe:2.3:a:mozilla:thunderbird:3.0:alpha1
  • Mozilla Thunderbird 3.0 Alpha 2
    cpe:2.3:a:mozilla:thunderbird:3.0:alpha2
  • Mozilla Thunderbird 3.0 Alpha 3
    cpe:2.3:a:mozilla:thunderbird:3.0:alpha3
  • Mozilla Thunderbird 3.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:3.0:beta1
  • Mozilla Thunderbird 3.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:3.0:beta2
  • Mozilla Thunderbird 3.0 Beta 3
    cpe:2.3:a:mozilla:thunderbird:3.0:beta3
  • Mozilla Thunderbird 3.0 Beta 4
    cpe:2.3:a:mozilla:thunderbird:3.0:beta4
  • Mozilla Thunderbird 3.0 Release Candidate 1
    cpe:2.3:a:mozilla:thunderbird:3.0:rc1
  • Mozilla Thunderbird 3.0 Release Candidate 2
    cpe:2.3:a:mozilla:thunderbird:3.0:rc2
  • Mozilla Thunderbird 3.0.1
    cpe:2.3:a:mozilla:thunderbird:3.0.1
  • Mozilla Thunderbird 3.0.2
    cpe:2.3:a:mozilla:thunderbird:3.0.2
  • Mozilla Thunderbird 3.0.3
    cpe:2.3:a:mozilla:thunderbird:3.0.3
  • Mozilla Thunderbird 3.0.4
    cpe:2.3:a:mozilla:thunderbird:3.0.4
  • Mozilla Thunderbird 3.0.5
    cpe:2.3:a:mozilla:thunderbird:3.0.5
  • Mozilla Thunderbird 3.0.6
    cpe:2.3:a:mozilla:thunderbird:3.0.6
  • Mozilla Thunderbird 3.0.7
    cpe:2.3:a:mozilla:thunderbird:3.0.7
  • Mozilla Thunderbird 3.0.8
    cpe:2.3:a:mozilla:thunderbird:3.0.8
  • Mozilla Thunderbird 3.0.9
    cpe:2.3:a:mozilla:thunderbird:3.0.9
  • Mozilla Thunderbird 3.0.10
    cpe:2.3:a:mozilla:thunderbird:3.0.10
  • Mozilla Thunderbird 3.0.11
    cpe:2.3:a:mozilla:thunderbird:3.0.11
  • Mozilla Thunderbird 3.1
    cpe:2.3:a:mozilla:thunderbird:3.1
  • Mozilla Thunderbird 3.1 Alpha 1
    cpe:2.3:a:mozilla:thunderbird:3.1:alpha1
  • Mozilla Thunderbird 3.1 Beta 1
    cpe:2.3:a:mozilla:thunderbird:3.1:beta1
  • Mozilla Thunderbird 3.1 Beta 2
    cpe:2.3:a:mozilla:thunderbird:3.1:beta2
  • Mozilla Thunderbird 3.1 Release Candidate 1
    cpe:2.3:a:mozilla:thunderbird:3.1:rc1
  • Mozilla Thunderbird 3.1 Release Candidate 2
    cpe:2.3:a:mozilla:thunderbird:3.1:rc2
  • Mozilla Thunderbird 3.1.1
    cpe:2.3:a:mozilla:thunderbird:3.1.1
  • Mozilla Thunderbird 3.1.2
    cpe:2.3:a:mozilla:thunderbird:3.1.2
  • Mozilla Thunderbird 3.1.3
    cpe:2.3:a:mozilla:thunderbird:3.1.3
  • Mozilla Thunderbird 3.1.4
    cpe:2.3:a:mozilla:thunderbird:3.1.4
  • Mozilla Thunderbird 3.1.5
    cpe:2.3:a:mozilla:thunderbird:3.1.5
  • Mozilla Thunderbird 3.1.6
    cpe:2.3:a:mozilla:thunderbird:3.1.6
  • Mozilla Thunderbird 3.1.7
    cpe:2.3:a:mozilla:thunderbird:3.1.7
  • Mozilla Thunderbird 3.1.8
    cpe:2.3:a:mozilla:thunderbird:3.1.8
  • Mozilla Thunderbird 3.1.9
    cpe:2.3:a:mozilla:thunderbird:3.1.9
  • Mozilla Thunderbird 3.1.10
    cpe:2.3:a:mozilla:thunderbird:3.1.10
  • Mozilla Thunderbird 3.1.11
    cpe:2.3:a:mozilla:thunderbird:3.1.11
  • Mozilla Thunderbird 3.1.12
    cpe:2.3:a:mozilla:thunderbird:3.1.12
  • Mozilla Thunderbird 3.1.13
    cpe:2.3:a:mozilla:thunderbird:3.1.13
  • Mozilla Thunderbird 3.1.14
    cpe:2.3:a:mozilla:thunderbird:3.1.14
  • Mozilla Thunderbird 3.1.15
    cpe:2.3:a:mozilla:thunderbird:3.1.15
  • Mozilla Thunderbird 3.1.16
    cpe:2.3:a:mozilla:thunderbird:3.1.16
  • Mozilla Thunderbird 3.1.17
    cpe:2.3:a:mozilla:thunderbird:3.1.17
  • Mozilla Thunderbird 3.1.18
    cpe:2.3:a:mozilla:thunderbird:3.1.18
  • Mozilla Thunderbird 3.1.19
    cpe:2.3:a:mozilla:thunderbird:3.1.19
  • Mozilla Thunderbird 3.1.20
    cpe:2.3:a:mozilla:thunderbird:3.1.20
  • Mozilla Thunderbird 3.3 Alpha 1
    cpe:2.3:a:mozilla:thunderbird:3.3:alpha1
  • Mozilla Thunderbird 3.3 Alpha 2
    cpe:2.3:a:mozilla:thunderbird:3.3:alpha2
  • Mozilla Thunderbird 3.3 Alpha 3
    cpe:2.3:a:mozilla:thunderbird:3.3:alpha3
  • Mozilla Thunderbird 5.0
    cpe:2.3:a:mozilla:thunderbird:5.0
  • Mozilla Thunderbird 5.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:5.0:beta1
  • Mozilla Thunderbird 5.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:5.0:beta2
  • Mozilla Thunderbird 6.0
    cpe:2.3:a:mozilla:thunderbird:6.0
  • Mozilla Thunderbird 6.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:6.0:beta1
  • Mozilla Thunderbird 6.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:6.0:beta2
  • Mozilla Thunderbird 6.0 Beta 3
    cpe:2.3:a:mozilla:thunderbird:6.0:beta3
  • Mozilla Thunderbird 6.0.1
    cpe:2.3:a:mozilla:thunderbird:6.0.1
  • Mozilla Thunderbird 6.0.2
    cpe:2.3:a:mozilla:thunderbird:6.0.2
  • Mozilla Thunderbird 7.0
    cpe:2.3:a:mozilla:thunderbird:7.0
  • Mozilla Thunderbird 7.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:7.0:beta1
  • Mozilla Thunderbird 7.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:7.0:beta2
  • Mozilla Thunderbird 7.0 Beta 3
    cpe:2.3:a:mozilla:thunderbird:7.0:beta3
  • Mozilla Thunderbird 7.0.1
    cpe:2.3:a:mozilla:thunderbird:7.0.1
  • Mozilla Thunderbird 8.0
    cpe:2.3:a:mozilla:thunderbird:8.0
  • Mozilla Thunderbird 8.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:8.0:beta1
  • Mozilla Thunderbird 8.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:8.0:beta2
  • Mozilla Thunderbird 8.0 Beta 3
    cpe:2.3:a:mozilla:thunderbird:8.0:beta3
  • Mozilla Thunderbird 8.0 Beta 4
    cpe:2.3:a:mozilla:thunderbird:8.0:beta4
  • Mozilla Thunderbird 8.0 Beta 5
    cpe:2.3:a:mozilla:thunderbird:8.0:beta5
  • Mozilla Thunderbird 9.0
    cpe:2.3:a:mozilla:thunderbird:9.0
  • Mozilla Thunderbird 9.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:9.0:beta1
  • Mozilla Thunderbird 9.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:9.0:beta2
  • Mozilla Thunderbird 9.0 Beta 3
    cpe:2.3:a:mozilla:thunderbird:9.0:beta3
  • Mozilla Thunderbird 9.0 Beta 4
    cpe:2.3:a:mozilla:thunderbird:9.0:beta4
  • Mozilla Thunderbird 9.0 Beta 5
    cpe:2.3:a:mozilla:thunderbird:9.0:beta5
  • Mozilla Thunderbird 9.0.1
    cpe:2.3:a:mozilla:thunderbird:9.0.1
  • Mozilla Thunderbird 10.0
    cpe:2.3:a:mozilla:thunderbird:10.0
  • Mozilla Thunderbird 10.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:10.0:beta1
  • Mozilla Thunderbird 10.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:10.0:beta2
  • Mozilla Thunderbird 10.0 Beta 3
    cpe:2.3:a:mozilla:thunderbird:10.0:beta3
  • Mozilla Thunderbird 10.0 Beta 4
    cpe:2.3:a:mozilla:thunderbird:10.0:beta4
  • Mozilla Thunderbird 10.0 Beta 5
    cpe:2.3:a:mozilla:thunderbird:10.0:beta5
  • Mozilla Thunderbird 10.0.1
    cpe:2.3:a:mozilla:thunderbird:10.0.1
  • Mozilla Thunderbird 10.0.2
    cpe:2.3:a:mozilla:thunderbird:10.0.2
  • Mozilla Thunderbird 11.0
    cpe:2.3:a:mozilla:thunderbird:11.0
  • Mozilla Thunderbird 11.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:11.0:beta1
  • Mozilla Thunderbird 11.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:11.0:beta2
  • Mozilla Thunderbird 11.0 Beta 3
    cpe:2.3:a:mozilla:thunderbird:11.0:beta3
  • Mozilla Thunderbird 11.0 Beta 4
    cpe:2.3:a:mozilla:thunderbird:11.0:beta4
  • Mozilla Thunderbird 11.0 Beta 5
    cpe:2.3:a:mozilla:thunderbird:11.0:beta5
  • Mozilla Thunderbird 11.0.1
    cpe:2.3:a:mozilla:thunderbird:11.0.1
  • Mozilla Thunderbird 12.0
    cpe:2.3:a:mozilla:thunderbird:12.0
  • Mozilla Thunderbird 12.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:12.0:beta1
  • Mozilla Thunderbird 12.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:12.0:beta2
  • Mozilla Thunderbird 12.0 Beta 3
    cpe:2.3:a:mozilla:thunderbird:12.0:beta3
  • Mozilla Thunderbird 12.0 Beta 4
    cpe:2.3:a:mozilla:thunderbird:12.0:beta4
  • Mozilla Thunderbird 12.0 Beta 5
    cpe:2.3:a:mozilla:thunderbird:12.0:beta5
  • Mozilla Thunderbird 12.0.1
    cpe:2.3:a:mozilla:thunderbird:12.0.1
  • Mozilla Thunderbird 13.0
    cpe:2.3:a:mozilla:thunderbird:13.0
  • Mozilla Thunderbird 13.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:13.0:beta1
  • Mozilla Thunderbird 13.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:13.0:beta2
  • Mozilla Thunderbird 13.0 Beta 3
    cpe:2.3:a:mozilla:thunderbird:13.0:beta3
  • Mozilla Thunderbird 13.0 Beta 4
    cpe:2.3:a:mozilla:thunderbird:13.0:beta4
  • Mozilla Thunderbird 13.0.1
    cpe:2.3:a:mozilla:thunderbird:13.0.1
  • Mozilla Thunderbird 14.0
    cpe:2.3:a:mozilla:thunderbird:14.0
  • Mozilla Thunderbird 14.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:14.0:beta1
  • Mozilla Thunderbird 14.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:14.0:beta2
  • Mozilla Thunderbird 14.0 Beta 3
    cpe:2.3:a:mozilla:thunderbird:14.0:beta3
  • Mozilla Thunderbird 14.0 Beta 4
    cpe:2.3:a:mozilla:thunderbird:14.0:beta4
  • Mozilla Thunderbird 14.0 Beta 5
    cpe:2.3:a:mozilla:thunderbird:14.0:beta5
  • Mozilla Thunderbird 15.0
    cpe:2.3:a:mozilla:thunderbird:15.0
  • Mozilla Thunderbird 15.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:15.0:beta1
  • Mozilla Thunderbird 15.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:15.0:beta2
  • Mozilla Thunderbird 15.0 Beta 3
    cpe:2.3:a:mozilla:thunderbird:15.0:beta3
  • Mozilla Thunderbird 15.0 Beta 4
    cpe:2.3:a:mozilla:thunderbird:15.0:beta4
  • Mozilla Thunderbird 15.0 Beta 5
    cpe:2.3:a:mozilla:thunderbird:15.0:beta5
  • Mozilla Thunderbird 15.0.1
    cpe:2.3:a:mozilla:thunderbird:15.0.1
  • Mozilla Thunderbird 16.0
    cpe:2.3:a:mozilla:thunderbird:16.0
  • Mozilla Thunderbird 16.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:16.0:beta1
  • Mozilla Thunderbird 16.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:16.0:beta2
  • Mozilla Thunderbird 16.0 Beta 3
    cpe:2.3:a:mozilla:thunderbird:16.0:beta3
  • Mozilla Thunderbird 16.0 Beta 4
    cpe:2.3:a:mozilla:thunderbird:16.0:beta4
  • Mozilla Thunderbird 16.0.1
    cpe:2.3:a:mozilla:thunderbird:16.0.1
  • Mozilla Thunderbird 16.0.2
    cpe:2.3:a:mozilla:thunderbird:16.0.2
  • Mozilla Thunderbird 17.0
    cpe:2.3:a:mozilla:thunderbird:17.0
  • Mozilla Thunderbird 17.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:17.0:beta1
  • Mozilla Thunderbird 17.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:17.0:beta2
  • Mozilla Thunderbird 17.0 Beta 3
    cpe:2.3:a:mozilla:thunderbird:17.0:beta3
  • Mozilla Thunderbird 17.0.2
    cpe:2.3:a:mozilla:thunderbird:17.0.2
  • Mozilla Thunderbird 17.0.3
    cpe:2.3:a:mozilla:thunderbird:17.0.3
  • Mozilla Thunderbird 17.0.4
    cpe:2.3:a:mozilla:thunderbird:17.0.4
  • Mozilla Thunderbird 17.0.5
    cpe:2.3:a:mozilla:thunderbird:17.0.5
  • Mozilla Thunderbird 17.0.6
    cpe:2.3:a:mozilla:thunderbird:17.0.6
  • Mozilla Thunderbird 17.0.7
    cpe:2.3:a:mozilla:thunderbird:17.0.7
  • Mozilla Thunderbird 17.0.8
    cpe:2.3:a:mozilla:thunderbird:17.0.8
  • Mozilla Thunderbird 17.0.9
    cpe:2.3:a:mozilla:thunderbird:17.0.9
  • Mozilla Thunderbird 17.0.10
    cpe:2.3:a:mozilla:thunderbird:17.0.10
  • Mozilla Thunderbird 18.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:18.0:beta1
  • Mozilla Thunderbird 19.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:19.0:beta1
  • Mozilla Thunderbird 20.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:20.0:beta1
  • Mozilla Thunderbird 21.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:21.0:beta1
  • Mozilla Thunderbird 22.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:22.0:beta1
  • Mozilla Thunderbird 23.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:23.0:beta1
  • Mozilla Thunderbird 24.0
    cpe:2.3:a:mozilla:thunderbird:24.0
  • Mozilla Thunderbird 24.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:24.0:beta1
  • Mozilla Thunderbird 24.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:24.0:beta2
  • Mozilla Thunderbird 24.0 Beta 3
    cpe:2.3:a:mozilla:thunderbird:24.0:beta3
  • Mozilla Thunderbird 24.0.1
    cpe:2.3:a:mozilla:thunderbird:24.0.1
  • Mozilla Thunderbird 24.1.0
    cpe:2.3:a:mozilla:thunderbird:24.1.0
  • Mozilla Thunderbird 24.1.1
    cpe:2.3:a:mozilla:thunderbird:24.1.1
  • Mozilla Thunderbird 24.2.0
    cpe:2.3:a:mozilla:thunderbird:24.2.0
  • Mozilla Thunderbird 24.3.0
    cpe:2.3:a:mozilla:thunderbird:24.3.0
  • Mozilla Thunderbird 24.4.0
    cpe:2.3:a:mozilla:thunderbird:24.4.0
  • Mozilla Thunderbird 24.5.0
    cpe:2.3:a:mozilla:thunderbird:24.5.0
  • Mozilla Thunderbird 24.6.0
    cpe:2.3:a:mozilla:thunderbird:24.6.0
  • Mozilla Thunderbird 24.7.0
    cpe:2.3:a:mozilla:thunderbird:24.7.0
  • Mozilla Thunderbird 24.8.0
    cpe:2.3:a:mozilla:thunderbird:24.8.0
  • Mozilla Thunderbird 24.8.1
    cpe:2.3:a:mozilla:thunderbird:24.8.1
  • Mozilla Thunderbird 25.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:25.0:beta1
  • Mozilla Thunderbird 26.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:26.0:beta1
  • Mozilla Thunderbird 27.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:27.0:beta1
  • Mozilla Thunderbird 28.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:28.0:beta1
  • Mozilla Thunderbird 29.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:29.0:beta1
  • Mozilla Thunderbird 30.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:30.0:beta1
  • Mozilla Thunderbird 31.0
    cpe:2.3:a:mozilla:thunderbird:31.0
  • Mozilla Thunderbird 31.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:31.0:beta1
  • Mozilla Thunderbird 31.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:31.0:beta2
  • Mozilla Thunderbird 31.0 Beta 3
    cpe:2.3:a:mozilla:thunderbird:31.0:beta3
  • Mozilla Thunderbird 31.1.0
    cpe:2.3:a:mozilla:thunderbird:31.1.0
  • Mozilla Thunderbird 31.1.1
    cpe:2.3:a:mozilla:thunderbird:31.1.1
  • Mozilla Thunderbird 31.1.2
    cpe:2.3:a:mozilla:thunderbird:31.1.2
  • Mozilla Thunderbird 31.2.0
    cpe:2.3:a:mozilla:thunderbird:31.2.0
  • Mozilla Thunderbird 31.3.0
    cpe:2.3:a:mozilla:thunderbird:31.3.0
  • Mozilla Thunderbird 31.4.0
    cpe:2.3:a:mozilla:thunderbird:31.4.0
  • Mozilla Thunderbird 31.5.0
    cpe:2.3:a:mozilla:thunderbird:31.5.0
  • Mozilla Thunderbird 31.6.0
    cpe:2.3:a:mozilla:thunderbird:31.6.0
  • Mozilla Thunderbird 31.7.0
    cpe:2.3:a:mozilla:thunderbird:31.7.0
  • Mozilla Thunderbird 31.8.0
    cpe:2.3:a:mozilla:thunderbird:31.8.0
  • Mozilla Thunderbird 32.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:32.0:beta1
  • Mozilla Thunderbird 33.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:33.0:beta1
  • Mozilla Thunderbird 34.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:34.0:beta1
  • Mozilla Thunderbird 36.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:36.0:beta1
  • Mozilla Thunderbird 37.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:37.0:beta1
  • Mozilla Thunderbird 38.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:38.0:beta1
  • Mozilla Thunderbird 38.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:38.0:beta2
  • Mozilla Thunderbird 38.0 Beta 3
    cpe:2.3:a:mozilla:thunderbird:38.0:beta3
  • Mozilla Thunderbird 38.0 Beta 4
    cpe:2.3:a:mozilla:thunderbird:38.0:beta4
  • Mozilla Thunderbird 38.0 Beta 5
    cpe:2.3:a:mozilla:thunderbird:38.0:beta5
  • Mozilla Thunderbird 38.0 Beta 6
    cpe:2.3:a:mozilla:thunderbird:38.0:beta6
  • Mozilla Thunderbird 38.0.1
    cpe:2.3:a:mozilla:thunderbird:38.0.1
  • Mozilla Thunderbird 38.1.0
    cpe:2.3:a:mozilla:thunderbird:38.1.0
  • Mozilla Thunderbird 38.2.0
    cpe:2.3:a:mozilla:thunderbird:38.2.0
  • Mozilla Thunderbird 38.3.0
    cpe:2.3:a:mozilla:thunderbird:38.3.0
  • Mozilla Thunderbird 38.4.0
    cpe:2.3:a:mozilla:thunderbird:38.4.0
  • Mozilla Thunderbird 38.5.0
    cpe:2.3:a:mozilla:thunderbird:38.5.0
  • Mozilla Thunderbird 38.5.1
    cpe:2.3:a:mozilla:thunderbird:38.5.1
  • Mozilla Thunderbird 38.6.0
    cpe:2.3:a:mozilla:thunderbird:38.6.0
  • Mozilla Thunderbird 38.7.0
    cpe:2.3:a:mozilla:thunderbird:38.7.0
  • Mozilla Thunderbird 38.7.1
    cpe:2.3:a:mozilla:thunderbird:38.7.1
  • Mozilla Thunderbird 38.7.2
    cpe:2.3:a:mozilla:thunderbird:38.7.2
  • Mozilla Thunderbird 38.8.0
    cpe:2.3:a:mozilla:thunderbird:38.8.0
  • Mozilla Thunderbird 40.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:40.0:beta1
  • Mozilla Thunderbird 41.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:41.0:beta1
  • Mozilla Thunderbird 41.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:41.0:beta2
  • Mozilla Thunderbird 42.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:42.0:beta1
  • Mozilla Thunderbird 42.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:42.0:beta2
  • Mozilla Thunderbird 43.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:43.0:beta1
  • Mozilla Thunderbird 44.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:44.0:beta1
  • Mozilla Thunderbird 45.0
    cpe:2.3:a:mozilla:thunderbird:45.0
  • Mozilla Thunderbird 45.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:45.0:beta1
  • Mozilla Thunderbird 45.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:45.0:beta2
  • Mozilla Thunderbird 45.0 Beta 3
    cpe:2.3:a:mozilla:thunderbird:45.0:beta3
  • Mozilla Thunderbird 45.0 Beta 4
    cpe:2.3:a:mozilla:thunderbird:45.0:beta4
  • Mozilla Thunderbird 45.1 Beta 1
    cpe:2.3:a:mozilla:thunderbird:45.1:beta1
  • Mozilla Thunderbird 45.1.0
    cpe:2.3:a:mozilla:thunderbird:45.1.0
  • Mozilla Thunderbird 45.1.1
    cpe:2.3:a:mozilla:thunderbird:45.1.1
  • Mozilla Thunderbird 45.2 Beta 1
    cpe:2.3:a:mozilla:thunderbird:45.2:beta1
  • Mozilla Thunderbird 45.2.0
    cpe:2.3:a:mozilla:thunderbird:45.2.0
  • Mozilla Thunderbird 45.3.0
    cpe:2.3:a:mozilla:thunderbird:45.3.0
  • Mozilla Thunderbird 45.4.0
    cpe:2.3:a:mozilla:thunderbird:45.4.0
  • Mozilla Thunderbird 45.5.0
    cpe:2.3:a:mozilla:thunderbird:45.5.0
  • Mozilla Thunderbird 45.5.1
    cpe:2.3:a:mozilla:thunderbird:45.5.1
  • Mozilla Thunderbird 45.6.0
    cpe:2.3:a:mozilla:thunderbird:45.6.0
  • Mozilla Thunderbird 45.7.0
    cpe:2.3:a:mozilla:thunderbird:45.7.0
  • Mozilla Thunderbird 45.7.1
    cpe:2.3:a:mozilla:thunderbird:45.7.1
  • Mozilla Thunderbird 45.8.0
    cpe:2.3:a:mozilla:thunderbird:45.8.0
  • Mozilla Thunderbird 47.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:47.0:beta1
  • Mozilla Thunderbird 47.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:47.0:beta2
  • Mozilla Thunderbird 49.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:49.0:beta1
  • Mozilla Thunderbird 50.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:50.0:beta1
  • Mozilla Thunderbird 50.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:50.0:beta2
  • Mozilla Thunderbird 50.0 Beta 3
    cpe:2.3:a:mozilla:thunderbird:50.0:beta3
  • Mozilla Thunderbird 51.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:51.0:beta1
  • Mozilla Thunderbird 51.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:51.0:beta2
  • Mozilla Thunderbird 52.0
    cpe:2.3:a:mozilla:thunderbird:52.0
  • Mozilla Thunderbird 52.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:52.0:beta1
  • Mozilla Thunderbird 52.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:52.0:beta2
  • Mozilla Thunderbird 52.0 Beta 3
    cpe:2.3:a:mozilla:thunderbird:52.0:beta3
  • Mozilla Thunderbird 52.0 Beta 4
    cpe:2.3:a:mozilla:thunderbird:52.0:beta4
  • Mozilla Thunderbird 52.0.1
    cpe:2.3:a:mozilla:thunderbird:52.0.1
  • Mozilla Thunderbird 52.1.0
    cpe:2.3:a:mozilla:thunderbird:52.1.0
  • Mozilla Thunderbird 52.1.1
    cpe:2.3:a:mozilla:thunderbird:52.1.1
  • Mozilla Thunderbird 52.2.0
    cpe:2.3:a:mozilla:thunderbird:52.2.0
  • Mozilla Thunderbird 52.2.1
    cpe:2.3:a:mozilla:thunderbird:52.2.1
  • Mozilla Thunderbird 52.3.0
    cpe:2.3:a:mozilla:thunderbird:52.3.0
  • Mozilla Thunderbird 52.4.0
    cpe:2.3:a:mozilla:thunderbird:52.4.0
  • Mozilla Thunderbird 52.5.0
    cpe:2.3:a:mozilla:thunderbird:52.5.0
  • Mozilla Thunderbird 52.5.2
    cpe:2.3:a:mozilla:thunderbird:52.5.2
  • Mozilla Thunderbird 52.6.0
    cpe:2.3:a:mozilla:thunderbird:52.6.0
  • Mozilla Thunderbird 52.7.0
    cpe:2.3:a:mozilla:thunderbird:52.7.0
  • Mozilla Thunderbird 52.8.0
    cpe:2.3:a:mozilla:thunderbird:52.8.0
  • Mozilla Thunderbird 52.9.0
    cpe:2.3:a:mozilla:thunderbird:52.9.0
  • Mozilla Thunderbird 52.9.1
    cpe:2.3:a:mozilla:thunderbird:52.9.1
  • Mozilla Thunderbird 53.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:53.0:beta1
  • Mozilla Thunderbird 53.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:53.0:beta2
  • Mozilla Thunderbird 54.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:54.0:beta1
  • Mozilla Thunderbird 54.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:54.0:beta2
  • Mozilla Thunderbird 54.0 Beta 3
    cpe:2.3:a:mozilla:thunderbird:54.0:beta3
  • Mozilla Thunderbird 55.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:55.0:beta2
  • Mozilla Thunderbird 56.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:56.0:beta1
  • Mozilla Thunderbird 56.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:56.0:beta2
  • Mozilla Thunderbird 56.0 Beta 3
    cpe:2.3:a:mozilla:thunderbird:56.0:beta3
  • Mozilla Thunderbird 56.0 Beta 4
    cpe:2.3:a:mozilla:thunderbird:56.0:beta4
  • Mozilla Thunderbird 57.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:57.0:beta1
  • Mozilla Thunderbird 57.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:57.0:beta2
  • Mozilla Thunderbird 58.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:58.0:beta1
  • Mozilla Thunderbird 58.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:58.0:beta2
  • Mozilla Thunderbird 58.0 Beta 3
    cpe:2.3:a:mozilla:thunderbird:58.0:beta3
  • Mozilla Thunderbird 59.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:59.0:beta1
  • Mozilla Thunderbird 59.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:59.0:beta2
  • Mozilla Thunderbird 60.0
    cpe:2.3:a:mozilla:thunderbird:60.0
  • Mozilla Thunderbird 60.0 Beta 1
    cpe:2.3:a:mozilla:thunderbird:60.0:beta1
  • Mozilla Thunderbird 60.0 Beta 10
    cpe:2.3:a:mozilla:thunderbird:60.0:beta10
  • Mozilla Thunderbird 60.0 Beta 11
    cpe:2.3:a:mozilla:thunderbird:60.0:beta11
  • Mozilla Thunderbird 60.0 Beta 2
    cpe:2.3:a:mozilla:thunderbird:60.0:beta2
  • Mozilla Thunderbird 60.0 Beta 3
    cpe:2.3:a:mozilla:thunderbird:60.0:beta3
  • Mozilla Thunderbird 60.0 Beta 4
    cpe:2.3:a:mozilla:thunderbird:60.0:beta4
  • Mozilla Thunderbird 60.0 Beta 5
    cpe:2.3:a:mozilla:thunderbird:60.0:beta5
  • Mozilla Thunderbird 60.0 Beta 6
    cpe:2.3:a:mozilla:thunderbird:60.0:beta6
  • Mozilla Thunderbird 60.0 Beta 7
    cpe:2.3:a:mozilla:thunderbird:60.0:beta7
  • Mozilla Thunderbird 60.0 Beta 8
    cpe:2.3:a:mozilla:thunderbird:60.0:beta8
  • Mozilla Thunderbird 60.0 Beta 9
    cpe:2.3:a:mozilla:thunderbird:60.0:beta9
  • Mozilla Thunderbird 60.2.1
    cpe:2.3:a:mozilla:thunderbird:60.2.1
  • Mozilla Thunderbird 60.3.0
    cpe:2.3:a:mozilla:thunderbird:60.3.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.04 LTS Edition
    cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.10
    cpe:2.3:o:canonical:ubuntu_linux:18.10
  • Red Hat Enterprise Linux Desktop 6.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • Red Hat Enterprise Linux Server 6.0
    cpe:2.3:o:redhat:enterprise_linux_server:6.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6
  • Red Hat Enterprise Linux Server Telecommunications Update Service (TUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
  • Red Hat Enterprise Linux Workstation 6.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-346
CAPEC
  • JSON Hijacking (aka JavaScript Hijacking)
    An attacker targets a system that uses JavaScript Object Notation (JSON) as a transport mechanism between the client and the server (common in Web 2.0 systems using AJAX) to steal possibly confidential information transmitted from the server back to the client inside the JSON object by taking advantage of the loophole in the browser's Same Origin Policy that does not prohibit JavaScript from one website to be included and executed in the context of another website. An attacker gets the victim to visit his or her malicious page that contains a script tag whose source points to the vulnerable system with a URL that requests a response from the server containing a JSON object with possibly confidential information. The malicious page also contains malicious code to capture the JSON object returned by the server before any other processing on it can take place, typically by overriding the JavaScript function used to create new objects. This hook allows the malicious code to get access to the creation of each object and transmit the possibly sensitive contents of the captured JSON object to the attackers' server. There is nothing in the browser's security model to prevent the attackers' malicious JavaScript code (originating from attacker's domain) to set up an environment (as described above) to intercept a JSON object response (coming from the vulnerable target system's domain), read its contents and transmit to the attackers' controlled site. The same origin policy protects the domain object model (DOM), but not the JSON.
  • Cache Poisoning
    An attacker exploits the functionality of cache technologies to cause specific data to be cached that aids the attackers' objectives. This describes any attack whereby an attacker places incorrect or harmful material in cache. The targeted cache can be an application's cache (e.g. a web browser cache) or a public cache (e.g. a DNS or ARP cache). Until the cache is refreshed, most applications or clients will treat the corrupted cache value as valid. This can lead to a wide range of exploits including redirecting web browsers towards sites that install malware and repeatedly incorrect calculations based on the incorrect value.
  • DNS Cache Poisoning
    A domain name server translates a domain name (such as www.example.com) into an IP address that Internet hosts use to contact Internet resources. An attacker modifies a public DNS cache to cause certain names to resolve to incorrect addresses that the attacker specifies. The result is that client applications that rely upon the targeted cache for domain name resolution will be directed not to the actual address of the specified domain name but to some other address. Attackers can use this to herd clients to sites that install malware on the victim's computer or to masquerade as part of a Pharming attack.
  • Exploitation of Session Variables, Resource IDs and other Trusted Credentials
    Attacks on session IDs and resource IDs take advantage of the fact that some software accepts user input without verifying its authenticity. For example, a message queuing system that allows service requesters to post messages to its queue through an open channel (such as anonymous FTP), authorization is done through checking group or role membership contained in the posted message. However, there is no proof that the message itself, the information in the message (such group or role membership), or indeed the process that wrote the message to the queue are authentic and authorized to do so. Many server side processes are vulnerable to these attacks because the server to server communications have not been analyzed from a security perspective or the processes "trust" other systems because they are behind a firewall. In a similar way servers that use easy to guess or spoofable schemes for representing digital identity can also be vulnerable. Such systems frequently use schemes without cryptography and digital signatures (or with broken cryptography). Session IDs may be guessed due to insufficient randomness, poor protection (passed in the clear), lack of integrity (unsigned), or improperly correlation with access control policy enforcement points. Exposed configuration and properties files that contain system passwords, database connection strings, and such may also give an attacker an edge to identify these identifiers. The net result is that spoofing and impersonation is possible leading to an attacker's ability to break authentication, authorization, and audit controls on the system.
  • Application API Message Manipulation via Man-in-the-Middle
    An attacker manipulates either egress or ingress data from a client within an application framework in order to change the content of messages. Performing this attack can allow the attacker to gain unauthorized privileges within the application, or conduct attacks such as phishing, deceptive strategies to spread malware, or traditional web-application attacks. The techniques require use of specialized software that allow the attacker to man-in-the-middle communications between the web browser and the remote system. Despite the use of MITM software, the attack is actually directed at the server, as the client is one node in a series of content brokers that pass information along to the application framework. Additionally, it is not true "Man-in-the-Middle" attack at the network layer, but an application-layer attack the root cause of which is the master applications trust in the integrity of code supplied by the client.
  • Transaction or Event Tampering via Application API Manipulation
    An attacker hosts or joins an event or transaction within an application framework in order to change the content of messages or items that are being exchanged. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that look authentic but may contain deceptive links, substitute one item or another, spoof an existing item and conduct a false exchange, or otherwise change the amounts or identity of what is being exchanged. The techniques require use of specialized software that allow the attacker to man-in-the-middle communications between the web browser and the remote system in order to change the content of various application elements. Often, items exchanged in game can be monetized via sales for coin, virtual dollars, etc. The purpose of the attack is for the attack to scam the victim by trapping the data packets involved the exchange and altering the integrity of the transfer process.
  • Application API Navigation Remapping
    An attacker manipulates either egress or ingress data from a client within an application framework in order to change the destination and/or content of links/buttons displayed to a user within API messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that looks authentic but contains links/buttons that point to an attacker controlled destination. Some applications make navigation remapping more difficult to detect because the actual HREF values of images, profile elements, and links/buttons are masked. One example would be to place an image in a user's photo gallery that when clicked upon redirected the user to an off-site location. Also, traditional web vulnerabilities (such as CSRF) can be constructed with remapped buttons or links. In some cases navigation remapping can be used for Phishing attacks or even means to artificially boost the page view, user site reputation, or click-fraud.
  • Navigation Remapping To Propagate Malicious Content
    An attacker manipulates either egress or ingress data from a client within an application framework in order to change the content of messages and thereby circumvent the expected application logic. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that look authentic but may contain deceptive links, spam-like content, or links to the attackers' code. In general, content-spoofing within an application API can be employed to stage many different types of attacks varied based on the attackers' intent. When the goal is to spread malware, deceptive content is created such as modified links, buttons, or images, that entice users to click on those items, all of which point to a malicious URI. The techniques require use of specialized software that allow the attacker to man-in-the-middle communications between the web browser and the remote system in order to change the destination of various application interface elements.
  • Application API Button Hijacking
    An attacker manipulates either egress or ingress data from a client within an application framework in order to change the destination and/or content of buttons displayed to a user within API messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that looks authentic but contains buttons that point to an attacker controlled destination. For example, an in-game event occurs and the attacker traps the result, which turns out to be a form that will be populated to their primary profile. The attacker, using a MITM proxy, observes the following data: By altering the destination of "Claim_Link" to point to the attackers' server an unwitting victim can be enticed to click the link. Another example would be for the attacker to rewrite the button destinations for an event so that clicking "Yes" or "No" causes the user to load the attackers' code.
  • Content Spoofing Via Application API Manipulation
    An attacker manipulates either egress or ingress data from a client within an application framework in order to change the content of messages. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that look authentic but may contain deceptive links, spam-like content, or links to the attackers' code. In general, content-spoofing within an application API can be employed to stage many different types of attacks varied based on the attackers' intent. The techniques require use of specialized software that allow the attacker to man-in-the-middle communications between the web browser and the remote system.
  • SaaS User Request Forgery
    An adversary, through a previously installed malicious application, performs malicious actions against a third-party Software as a Service (SaaS) application (also known as a cloud based application) by leveraging the persistent and implicit trust placed on a trusted user's session. This attack is executed after a trusted user is authenticated into a cloud service, "piggy-backing" on the authenticated session, and exploiting the fact that the cloud service believes it is only interacting with the trusted user. If successful, the actions embedded in the malicious application will be processed and accepted by the targeted SaaS application and executed at the trusted user's privilege level.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
  • Reusing Session IDs (aka Session Replay)
    This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
  • Manipulating Writeable Configuration Files
    Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.
  • Manipulating Input to File System Calls
    An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
  • Pharming
    A pharming attack occurs when the victim is fooled into entering sensitive data into supposedly trusted locations, such as an online bank site or a trading platform. An attacker can impersonate these supposedly trusted sites and have the victim be directed to his site rather than the originally intended one. Pharming does not require script injection or clicking on malicious links for the attack to succeed.
nessus via4
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_64_0.NASL
    description The version of Mozilla Firefox installed on the remote Windows host is is prior to 64.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-29 advisory. - A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash. (CVE-2018-12407) - A buffer overflow and out-of-bounds read can occur in TextureStorage11 within the ANGLE graphics library, used for WebGL content. This results in a potentially exploitable crash. (CVE-2018-17466) - A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. (CVE-2018-18492) - A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. (CVE-2018-18493) - A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same- origin policy violation and could allow for data theft. (CVE-2018-18494) - WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. (CVE-2018-18495) - When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. *Note: This issue only affects Windows operating systems. Other operating systems are not affected.* (CVE-2018-18496) - Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to opened privileged about: or file: locations. (CVE-2018-18497) - A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This can lead to an out-of-bounds write. (CVE-2018-18498) - The about:crashcontent and about:crashparent pages can be triggered by web content. These pages are used to crash the loaded page or the browser for test purposes. This issue allows for a non-persistent denial of service (DOS) attack by a malicious site which links to these pages. (CVE-2018-18510) - Mozilla developers and community members Alex Gaynor, Andr Bargull, Boris Zbarsky, Christian Holler, Jan de Mooij, Jason Kratzer, Philipp, Ronald Crane, Natalia Csoregi, and Paul Theriault reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2018-12406) - Mozilla developers and community members Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Jed Davis, Natalia Csoregi, Nicolas B. Pierron, and Tyson Smith reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2018-12405) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-02-14
    plugin id 119604
    published 2018-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119604
    title Mozilla Firefox < 64.0 Multiple Vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3868-1.NASL
    description Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restrictions, or execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-25
    plugin id 121381
    published 2019-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121381
    title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : thunderbird vulnerabilities (USN-3868-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOS_FIREFOX_64_0.NASL
    description The version of Firefox installed on the remote macOS or Mac OS X host is prior to 64.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-29 advisory. - A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash. (CVE-2018-12407) - A buffer overflow and out-of-bounds read can occur in TextureStorage11 within the ANGLE graphics library, used for WebGL content. This results in a potentially exploitable crash. (CVE-2018-17466) - A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. (CVE-2018-18492) - A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. (CVE-2018-18493) - A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same- origin policy violation and could allow for data theft. (CVE-2018-18494) - WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. (CVE-2018-18495) - When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. *Note: This issue only affects Windows operating systems. Other operating systems are not affected.* (CVE-2018-18496) - Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to opened privileged about: or file: locations. (CVE-2018-18497) - A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This can lead to an out-of-bounds write. (CVE-2018-18498) - The about:crashcontent and about:crashparent pages can be triggered by web content. These pages are used to crash the loaded page or the browser for test purposes. This issue allows for a non-persistent denial of service (DOS) attack by a malicious site which links to these pages. (CVE-2018-18510) - Mozilla developers and community members Alex Gaynor, Andr Bargull, Boris Zbarsky, Christian Holler, Jan de Mooij, Jason Kratzer, Philipp, Ronald Crane, Natalia Csoregi, and Paul Theriault reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2018-12406) - Mozilla developers and community members Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Jed Davis, Natalia Csoregi, Nicolas B. Pierron, and Tyson Smith reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2018-12405) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-02-14
    plugin id 122192
    published 2019-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=122192
    title Mozilla Firefox < 64.0
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_64_0.NASL
    description The version of Mozilla Firefox installed on the remote macOS host is prior to 64.0. It is, therefore, affected by multiple vulnerabilities as noted in Mozilla Firefox stable channel update release notes for 2018/12/11. Please refer to the release notes for additional information. Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-31
    plugin id 119603
    published 2018-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119603
    title Mozilla Firefox < 64.0 Multiple Vulnerabilities (macOS)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3844-1.NASL
    description Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restritions, or execute arbitrary code. (CVE-2018-12405, CVE-2018-12406, CVE-2018-12407, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494, CVE-2018-18498) Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to open privileged pages, or bypass other security restrictions. (CVE-2018-18495, CVE-2018-18497). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 119654
    published 2018-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119654
    title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : firefox vulnerabilities (USN-3844-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_D10B49B28D0249E8AFDE0844626317AF.NASL
    description Mozilla Foundation reports : CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Use-after-free with select element CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs CVE-2018-18495: WebExtension content scripts can be loaded in about: pages CVE-2018-18496: Embedded feed preview page can be abused for clickjacking CVE-2018-18497: WebExtensions can load arbitrary URLs through pipe separators CVE-2018-18498: Integer overflow when calculating buffer sizes for images CVE-2018-12406: Memory safety bugs fixed in Firefox 64 CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 119636
    published 2018-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119636
    title FreeBSD : mozilla -- multiple vulnerabilities (d10b49b2-8d02-49e8-afde-0844626317af)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-3833.NASL
    description From Red Hat Security Advisory 2018:3833 : An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * Mozilla: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494) * Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Natalia Csoregi, Nicolas B. Pierron, Tyson Smith, Nils, Atte Kettunen, James Lee of Kryptos Logic, and r as the original reporters.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 119756
    published 2018-12-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119756
    title Oracle Linux 7 : firefox (ELSA-2018-3833)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2019-0160.NASL
    description From Red Hat Security Advisory 2019:0160 : An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * chromium-browser, firefox: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494) * Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Natalia Csoregi, Nicolas B. Pierron, Tyson Smith, Nils, Atte Kettunen, James Lee of Kryptos Logic, and r as the original reporters.
    last seen 2019-02-21
    modified 2019-01-25
    plugin id 121378
    published 2019-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121378
    title Oracle Linux 7 : thunderbird (ELSA-2019-0160)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-4236-1.NASL
    description This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in MozillaFirefox : Update to Firefox ESR 60.4 (bsc#1119105) CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Fixed a use-after-free with select element CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: Update to NSS 3.40.1 (bsc#1119105) CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) Fixed a decryption failure during FFDHE key exchange Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: Update mozilla-nspr to 4.20 (bsc#1119105) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 119871
    published 2018-12-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119871
    title SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr / mozilla-nss (SUSE-SU-2018:4236-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20181217_FIREFOX_ON_SL7_X.NASL
    description This update upgrades Firefox to version 60.4.0 ESR. Security Fix(es) : - Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) - Mozilla: Memory corruption in Angle (CVE-2018-17466) - Mozilla: Use-after-free with select element (CVE-2018-18492) - Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) - Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494) - Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 119882
    published 2018-12-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119882
    title Scientific Linux Security Update : firefox on SL7.x x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2019-0159.NASL
    description An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * chromium-browser, firefox: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494) * Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Natalia Csoregi, Nicolas B. Pierron, Tyson Smith, Nils, Atte Kettunen, James Lee of Kryptos Logic, and r as the original reporters.
    last seen 2019-02-21
    modified 2019-02-04
    plugin id 121545
    published 2019-02-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121545
    title CentOS 6 : thunderbird (CESA-2019:0159)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_60_4_ESR.NASL
    description The version of Mozilla Firefox ESR installed on the remote macOS host is prior to 60.4. It is, therefore, affected by multiple vulnerabilities as noted in Mozilla Firefox ESR stable channel update release notes for 2018/12/11. Please refer to the release notes for additional information. Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self- reported version number.
    last seen 2019-02-21
    modified 2018-12-12
    plugin id 119605
    published 2018-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119605
    title Mozilla Firefox ESR < 60.4 Multiple Vulnerabilities (macOS)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-3831.NASL
    description An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * Mozilla: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494) * Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Natalia Csoregi, Nicolas B. Pierron, Tyson Smith, Nils, Atte Kettunen, James Lee of Kryptos Logic, and r as the original reporters.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 119873
    published 2018-12-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119873
    title CentOS 6 : firefox (CESA-2018:3831)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1605.NASL
    description Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or bypass of the same-origin policy. For Debian 8 'Jessie', these problems have been fixed in version 60.4.0esr-1~deb8u1. We recommend that you upgrade your firefox-esr packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 119667
    published 2018-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119667
    title Debian DLA-1605-1 : firefox-esr security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2019-182.NASL
    description This update for MozillaThunderbird to version 60.5.0 fixes the following issues : Security vulnerabilities addressed (MFSA 2019-03 boo#1122983 MFSA 2018-31) : - CVE-2018-18500: Use-after-free parsing HTML5 stream - CVE-2018-18505: Privilege escalation through IPC channel messages - CVE-2016-5824: DoS (use-after-free) via a crafted ics file - CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 - CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Use-after-free with select element - CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Integer overflow when calculating buffer sizes for images - CVE-2018-12405: Memory safety bugs fixed in Firefox 64, 60.4, and Thunderbird 60.4 Other bugs fixed and changes made : - FileLink provider WeTransfer to upload large attachments - Thunderbird now allows the addition of OpenSearch search engines from a local XML file using a minimal user inferface: [+] button to select a file an add, [-] to remove. - More search engines: Google and DuckDuckGo available by default in some locales - During account creation, Thunderbird will now detect servers using the Microsoft Exchange protocol. It will offer the installation of a 3rd party add-on (Owl) which supports that protocol. - Thunderbird now compatible with other WebExtension-based FileLink add-ons like the Dropbox add-on - New WebExtensions FileLink API to facilitate add-ons - Fix decoding problems for messages with less common charsets (cp932, cp936) - New messages in the drafts folder (and other special or virtual folders) will no longer be included in the new messages notification - Thunderbird 60 will migrate security databases (key3.db, cert8.db to key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a fault that potentially deleted saved passwords and private certificate keys for users using a master password. Version 60.3.3 will prevent the loss of data; affected users who have already upgraded to version 60.3.2 or earlier can restore the deleted key3.db file from backup to complete the migration. - Address book search and auto-complete slowness introduced in Thunderbird 60.3.2 - Plain text markup with * for bold, / for italics, _ for underline and | for code did not work when the enclosed text contained non-ASCII characters - While composing a message, a link not removed when link location was removed in the link properties panel - Encoding problems when exporting address books or messages using the system charset. Messages are now always exported using the UTF-8 encoding - If the 'Date' header of a message was invalid, Jan 1970 or Dec 1969 was displayed. Now using date from 'Received' header instead. - Body search/filtering didn't reliably ignore content of tags - Inappropriate warning 'Thunderbird prevented the site (addons.thunderbird.net) from asking you to install software on your computer' when installing add-ons - Incorrect display of correspondents column since own email address was not always detected - Spurious (encoded newline) inserted into drafts and sent email - Double-clicking on a word in the Write window sometimes launched the Advanced Property Editor or Link Properties dialog - Fixe Cookie removal - 'Download rest of message' was not working if global inbox was used - Fix Encoding problems for users (especially in Poland) when a file was sent via a folder using 'Sent to > Mail recipient' due to a problem in the Thunderbird MAPI interface - According to RFC 4616 and RFC 5721, passwords containing non-ASCII characters are encoded using UTF-8 which can lead to problems with non-compliant providers, for example office365.com. The SMTP LOGIN and POP3 USER/PASS authentication methods are now using a Latin-1 encoding again to work around this issue - Fix shutdown crash/hang after entering an empty IMAP password
    last seen 2019-02-21
    modified 2019-02-15
    plugin id 122224
    published 2019-02-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=122224
    title openSUSE Security Update : MozillaThunderbird (openSUSE-2019-182)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2019-0160.NASL
    description An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * chromium-browser, firefox: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494) * Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Natalia Csoregi, Nicolas B. Pierron, Tyson Smith, Nils, Atte Kettunen, James Lee of Kryptos Logic, and r as the original reporters.
    last seen 2019-02-21
    modified 2019-01-25
    plugin id 121380
    published 2019-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121380
    title RHEL 7 : thunderbird (RHSA-2019:0160)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_60_4_ESR.NASL
    description The version of Mozilla Firefox ESR installed on the remote Windows host is prior to 60.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-30 advisory. - Mozilla developers and community members Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Jed Davis, Natalia Csoregi, Nicolas B. Pierron, and Tyson Smith reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2018-12405) - A buffer overflow and out-of-bounds read can occur in TextureStorage11 within the ANGLE graphics library, used for WebGL content. This results in a potentially exploitable crash. (CVE-2018-17466) - A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. (CVE-2018-18492) - A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. (CVE-2018-18493) - A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same- origin policy violation and could allow for data theft. (CVE-2018-18494) - A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. (CVE-2018-18498) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 119606
    published 2018-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119606
    title Mozilla Firefox ESR < 60.4 Multiple Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4354.NASL
    description Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or bypass of the same-origin policy.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 119634
    published 2018-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119634
    title Debian DSA-4354-1 : firefox-esr - security update
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20190125_THUNDERBIRD_ON_SL6_X.NASL
    description This update upgrades Thunderbird to version 60.4.0. Security Fix(es) : - Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) - chromium-browser, firefox: Memory corruption in Angle (CVE-2018-17466) - Mozilla: Use-after-free with select element (CVE-2018-18492) - Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) - Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494) - Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498)
    last seen 2019-02-21
    modified 2019-01-28
    plugin id 121409
    published 2019-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121409
    title Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1544.NASL
    description This update to Mozilla Firefox 60.4.0 ESR fixes security issues and bugs. Security issues fixed as part of the MFSA 2018-30 advisory (boo#1119105) : - CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Use-after-free with select element - CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Integer overflow when calculating buffer sizes for images - CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 The following changes are included : - now requires NSS >= 3.36.6 - Updated list of currency codes to include Unidad Previsional (UYW)
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 119671
    published 2018-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119671
    title openSUSE Security Update : Mozilla Firefox (openSUSE-2018-1544)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-3831.NASL
    description An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * Mozilla: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494) * Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Natalia Csoregi, Nicolas B. Pierron, Tyson Smith, Nils, Atte Kettunen, James Lee of Kryptos Logic, and r as the original reporters.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 119734
    published 2018-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119734
    title RHEL 6 : firefox (RHSA-2018:3831)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20181217_FIREFOX_ON_SL6_X.NASL
    description This update upgrades Firefox to version 60.4.0 ESR. Security Fix(es) : - Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) - Mozilla: Memory corruption in Angle (CVE-2018-17466) - Mozilla: Use-after-free with select element (CVE-2018-18492) - Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) - Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494) - Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 119881
    published 2018-12-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119881
    title Scientific Linux Security Update : firefox on SL6.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-3833.NASL
    description An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * Mozilla: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494) * Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Natalia Csoregi, Nicolas B. Pierron, Tyson Smith, Nils, Atte Kettunen, James Lee of Kryptos Logic, and r as the original reporters.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 119874
    published 2018-12-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119874
    title CentOS 7 : firefox (CESA-2018:3833)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2019-0160.NASL
    description An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * chromium-browser, firefox: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494) * Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Natalia Csoregi, Nicolas B. Pierron, Tyson Smith, Nils, Atte Kettunen, James Lee of Kryptos Logic, and r as the original reporters.
    last seen 2019-02-21
    modified 2019-02-04
    plugin id 121546
    published 2019-02-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121546
    title CentOS 7 : thunderbird (CESA-2019:0160)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20190125_THUNDERBIRD_ON_SL7_X.NASL
    description This update upgrades Thunderbird to version 60.4.0. Security Fix(es) : - Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) - chromium-browser, firefox: Memory corruption in Angle (CVE-2018-17466) - Mozilla: Use-after-free with select element (CVE-2018-18492) - Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) - Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494) - Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498)
    last seen 2019-02-21
    modified 2019-01-28
    plugin id 121410
    published 2019-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121410
    title Scientific Linux Security Update : thunderbird on SL7.x x86_64
  • NASL family MacOS X Local Security Checks
    NASL id MACOS_FIREFOX_60_4_ESR.NASL
    description The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-30 advisory. - Mozilla developers and community members Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Jed Davis, Natalia Csoregi, Nicolas B. Pierron, and Tyson Smith reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2018-12405) - A buffer overflow and out-of-bounds read can occur in TextureStorage11 within the ANGLE graphics library, used for WebGL content. This results in a potentially exploitable crash. (CVE-2018-17466) - A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. (CVE-2018-18492) - A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. (CVE-2018-18493) - A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same- origin policy violation and could allow for data theft. (CVE-2018-18494) - A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. (CVE-2018-18498) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 121641
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121641
    title Mozilla Firefox ESR < 60.4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-3833.NASL
    description An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * Mozilla: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494) * Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Natalia Csoregi, Nicolas B. Pierron, Tyson Smith, Nils, Atte Kettunen, James Lee of Kryptos Logic, and r as the original reporters.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 119735
    published 2018-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119735
    title RHEL 7 : firefox (RHSA-2018:3833)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2019-0159.NASL
    description An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * chromium-browser, firefox: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494) * Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Natalia Csoregi, Nicolas B. Pierron, Tyson Smith, Nils, Atte Kettunen, James Lee of Kryptos Logic, and r as the original reporters.
    last seen 2019-02-21
    modified 2019-01-25
    plugin id 121379
    published 2019-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121379
    title RHEL 6 : thunderbird (RHSA-2019:0159)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-3831.NASL
    description From Red Hat Security Advisory 2018:3831 : An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * Mozilla: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494) * Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Natalia Csoregi, Nicolas B. Pierron, Tyson Smith, Nils, Atte Kettunen, James Lee of Kryptos Logic, and r as the original reporters.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 119755
    published 2018-12-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119755
    title Oracle Linux 6 : firefox (ELSA-2018-3831)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4362.NASL
    description Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.
    last seen 2019-02-21
    modified 2019-01-23
    plugin id 120963
    published 2019-01-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120963
    title Debian DSA-4362-1 : thunderbird - security update
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2019-0159.NASL
    description From Red Hat Security Advisory 2019:0159 : An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Security Fix(es) : * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * chromium-browser, firefox: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494) * Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Natalia Csoregi, Nicolas B. Pierron, Tyson Smith, Nils, Atte Kettunen, James Lee of Kryptos Logic, and r as the original reporters.
    last seen 2019-02-21
    modified 2019-01-28
    plugin id 121408
    published 2019-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121408
    title Oracle Linux 6 : thunderbird (ELSA-2019-0159)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-4235-1.NASL
    description This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in MozillaFirefox : Update to Firefox ESR 60.4 (bsc#1119105) CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Fixed a use-after-free with select element CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: Update to NSS 3.40.1 (bsc#1119105) CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) Fixed a decryption failure during FFDHE key exchange Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: Update mozilla-nspr to 4.20 (bsc#1119105) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120193
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120193
    title SUSE SLED15 / SLES15 Security Update : MozillaFirefox, mozilla-nspr / mozilla-nss (SUSE-SU-2018:4235-1)
redhat via4
advisories
  • rhsa
    id RHSA-2018:3831
  • rhsa
    id RHSA-2018:3833
  • rhsa
    id RHSA-2019:0159
  • rhsa
    id RHSA-2019:0160
rpms
  • firefox-0:60.4.0-1.el6
  • firefox-0:60.4.0-1.el7
  • thunderbird-0:60.4.0-1.el6
  • thunderbird-0:60.4.0-1.el7_6
refmap via4
bid 106168
confirm
debian
  • DSA-4354
  • DSA-4362
gentoo GLSA-201903-04
mlist [debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update
ubuntu
  • USN-3844-1
  • USN-3868-1
Last major update 28-02-2019 - 13:29
Published 28-02-2019 - 13:29
Last modified 11-03-2019 - 11:09
Back to Top