Vulnerabilities > CVE-2007-3735 - Remote vulnerability in Mozilla Firefox and Thunderbird

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
mozilla
critical
nessus

Summary

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.

Nessus

  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_2005.NASL
    descriptionThe installed version of Firefox is affected by various security issues, one of which may lead to execution of arbitrary code on the affected host subject to the user
    last seen2020-06-01
    modified2020-06-02
    plugin id25735
    published2007-07-19
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25735
    titleFirefox < 2.0.0.5 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    
    include("compat.inc");
    
    if (description)
    {
      script_id(25735);
      script_version("1.22");
    
      script_cve_id(
        "CVE-2007-3089", 
        "CVE-2007-3285", 
        "CVE-2007-3656", 
        "CVE-2007-3734",
        "CVE-2007-3735", 
        "CVE-2007-3736", 
        "CVE-2007-3737", 
        "CVE-2007-3738"
      );
      script_bugtraq_id(24286, 24447, 24831, 24946);
    
      script_name(english:"Firefox < 2.0.0.5 Multiple Vulnerabilities");
      script_summary(english:"Checks version of Firefox");
    
     script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a web browser that is affected by
    multiple vulnerabilities." );
     script_set_attribute(attribute:"description", value:
    "The installed version of Firefox is affected by various security
    issues, one of which may lead to execution of arbitrary code on the
    affected host subject to the user's privileges." );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-18/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-19/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-20/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-21/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-22/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-23/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-24/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-25/" );
     script_set_attribute(attribute:"solution", value:
    "Upgrade to Firefox 2.0.0.5 or later." );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"false");
     script_cwe_id(200, 264);
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2007/07/19");
     script_set_attribute(attribute:"vuln_publication_date", value: "2007/06/05");
     script_set_attribute(attribute:"patch_publication_date", value: "2007/07/17");
     script_cvs_date("Date: 2018/07/16 14:09:14");
    script_set_attribute(attribute:"plugin_type", value:"local");
    script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
    script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
      script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("Mozilla/Firefox/Version");
      exit(0);
    }
    
    include("mozilla_version.inc");
    port = get_kb_item_or_exit("SMB/transport"); 
    
    installs = get_kb_list("SMB/Mozilla/Firefox/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");
    
    mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'2.0.0.5', severity:SECURITY_HOLE);
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20070718_THUNDERBIRD_ON_SL5_X.NASL
    descriptionSeveral flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML email message containing JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-3089, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738)
    last seen2020-06-01
    modified2020-06-02
    plugin id60230
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60230
    titleScientific Linux Security Update : thunderbird on SL5.x, SL4.x, SL3.x i386/x86_64
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-1180.NASL
    descriptionMozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML email message containing JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-3089, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738) Users of Thunderbird are advised to upgrade to these erratum packages, which contain patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27705
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27705
    titleFedora 7 : thunderbird-2.0.0.5-1.fc7 (2007-1180)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-3932.NASL
    descriptionThis update brings Mozilla Firefox to security update version 2.0.0.5 Following security problems were fixed : - Crashes with evidence of memory corruption The usual collection of stability fixes for crashes that look suspicious but haven
    last seen2020-06-01
    modified2020-06-02
    plugin id29361
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/29361
    titleSuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 3932)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SEAMONKEY-3984.NASL
    descriptionThis update fixes several security issues in Mozilla SeaMonkey 1.1.3. Following security problems were fixed : - MFSA 2007-18: Crashes with evidence of memory corruption The usual collection of stability fixes for crashes that look suspicious but haven
    last seen2020-06-01
    modified2020-06-02
    plugin id27443
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27443
    titleopenSUSE 10 Security Update : seamonkey (seamonkey-3984)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-3935.NASL
    descriptionThis update brings Mozilla Firefox to security update version 2.0.0.5 Following security problems were fixed : - MFSA 2007-18: Crashes with evidence of memory corruption The usual collection of stability fixes for crashes that look suspicious but haven
    last seen2020-06-01
    modified2020-06-02
    plugin id27123
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27123
    titleopenSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-3935)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-1143.NASL
    descriptionUpdated firefox packages that fix several security bugs are now available for Fedora Core 7. Users of devhelp are advised to upgrade to these erratum packages, which contain an update to devhelp built against the updated Firefox packages. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27694
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27694
    titleFedora 7 : devhelp-0.13-9.fc7 (2007-1143)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0722.NASL
    descriptionUpdated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way SeaMonkey handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25739
    published2007-07-23
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25739
    titleCentOS 3 / 4 : seamonkey (CESA-2007:0722)
  • NASL familyWindows
    NASL idSEAMONKEY_113.NASL
    descriptionThe installed version of SeaMonkey contains various security issues that could cause the application to crash or lead to execution of arbitrary code on the affected host subject to the user
    last seen2020-06-01
    modified2020-06-02
    plugin id25765
    published2007-07-25
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25765
    titleSeaMonkey < 1.1.3 Multiple Vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-1157.NASL
    descriptionUpdated firefox packages that fix several security bugs are now available for Fedora 7. Users of Blam are advised to upgrade to this errata package, which has been rebuilt against the updated Firefox package. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27701
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27701
    titleFedora 7 : blam-1.8.3-5.fc7 (2007-1157)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0724.NASL
    descriptionUpdated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way Firefox handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) Users of Firefox are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25741
    published2007-07-23
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25741
    titleCentOS 4 / 5 : firefox (CESA-2007:0724)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-1181.NASL
    descriptionSeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way SeaMonkey handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27706
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27706
    titleFedora 7 : seamonkey-1.1.3-1.fc7 (2007-1181)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-642.NASL
    descriptionMozilla Firefox is an open source web browser, designed for standards compliance, performance and portability. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-3734, CVE-2007-3735) Several flaws were found in the way Firefox handles certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) A flaw was found in the way Firefox processes certain web content. A web page containing malicious content could execute arbitrary commands as the user running Firefox. (CVE-2007-3737, CVE-2007-3738) Users of Firefox are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25747
    published2007-07-23
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25747
    titleFedora Core 6 : firefox-1.5.0.12-4.fc6 (2007-642)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SEAMONKEY-3986.NASL
    descriptionThis update fixes several security issues in Mozilla SeaMonkey 1.0.9. Following security problems were fixed : - MFSA 2007-18: Crashes with evidence of memory corruption The usual collection of stability fixes for crashes that look suspicious but haven
    last seen2020-06-01
    modified2020-06-02
    plugin id27444
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27444
    titleopenSUSE 10 Security Update : seamonkey (seamonkey-3986)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-152.NASL
    descriptionA number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.6. This update provides the latest Firefox to correct these issues. As well, it provides Firefox 2.0.0.6 for older products.
    last seen2020-06-01
    modified2020-06-02
    plugin id25836
    published2007-08-02
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25836
    titleMandrake Linux Security Advisory : mozilla-firefox (MDKSA-2007:152)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-047.NASL
    descriptionA number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.9. This update provides the latest Thunderbird to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37880
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37880
    titleMandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2008:047)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0722.NASL
    descriptionFrom Red Hat Security Advisory 2007:0722 : Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way SeaMonkey handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67546
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67546
    titleOracle Linux 3 / 4 : seamonkey (ELSA-2007-0722)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0722.NASL
    descriptionUpdated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way SeaMonkey handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25751
    published2007-07-23
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25751
    titleRHEL 2.1 / 3 / 4 : seamonkey (RHSA-2007:0722)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_2005.NASL
    descriptionThe remote version of Mozilla Thunderbird suffers from various security issues, including at least one that could lead to execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id25754
    published2007-07-23
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25754
    titleMozilla Thunderbird < 2.0.0.5 Multiple Vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-1144.NASL
    descriptionUpdated firefox packages that fix several security bugs are now available for Fedora Core 7. Users of yelp are advised to upgrade to these erratum packages, which contain an update to yelp built against the updated Firefox packages. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27695
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27695
    titleFedora 7 : yelp-2.18.1-5.fc7 (2007-1144)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200708-09.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200708-09 (Mozilla products: Multiple vulnerabilities) Mozilla developers fixed several bugs, including an issue with modifying XPCNativeWrappers (CVE-2007-3738), a problem with event handlers executing elements outside of the document (CVE-2007-3737), and a cross-site scripting (XSS) vulnerability (CVE-2007-3736). They also fixed a problem with promiscuous IFRAME access (CVE-2007-3089) and an XULRunner URL spoofing issue with the wyciwyg:// URI and HTTP 302 redirects (CVE-2007-3656). Denials of Service involving corrupted memory were fixed in the browser engine (CVE-2007-3734) and the JavaScript engine (CVE-2007-3735). Finally, another XSS vulnerability caused by a regression in the CVE-2007-3089 patch was fixed (CVE-2007-3844). Impact : A remote attacker could entice a user to view a specially crafted web page that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code or a Denial of Service. It is also possible for an attacker to perform cross-site scripting attacks, which could result in the exposure of sensitive information such as login credentials. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id25888
    published2007-08-15
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25888
    titleGLSA-200708-09 : Mozilla products: Multiple vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-503-1.NASL
    descriptionVarious flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious email, an attacker could execute arbitrary code with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id28107
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28107
    titleUbuntu 6.06 LTS / 6.10 / 7.04 : mozilla-thunderbird vulnerabilities (USN-503-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-641.NASL
    descriptionMozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML email message containing JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-3089, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25746
    published2007-07-23
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25746
    titleFedora Core 6 : thunderbird-1.5.0.12-2.fc6 (2007-641)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0723.NASL
    descriptionUpdated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML email message containing JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-3089, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25740
    published2007-07-23
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25740
    titleCentOS 4 / 5 : thunderbird (CESA-2007:0723)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20070718_SEAMONKEY_ON_SL4_X.NASL
    descriptionSeveral flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way SeaMonkey handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsingsession if the user reloads a targeted site. (CVE-2007-3656)
    last seen2020-06-01
    modified2020-06-02
    plugin id60229
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60229
    titleScientific Linux Security Update : seamonkey on SL4.x, SL3.x i386/x86_64
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-1142.NASL
    descriptionMozilla Firefox is an open source web browser, designed for standards compliance, performance and portability. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-3734, CVE-2007-3735) Several flaws were found in the way Firefox handles certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) A flaw was found in the way Firefox processes certain web content. A web page containing malicious content could execute arbitrary commands as the user running Firefox. (CVE-2007-3737, CVE-2007-3738) Users of Firefox are advised to upgrade to these erratum packages, which contain patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27693
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27693
    titleFedora 7 : firefox-2.0.0.5-1.fc7 (2007-1142)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-1138.NASL
    descriptionUpdated firefox packages that fix several security bugs are now available for Fedora Core 7. Users of epiphany are advised to upgrade to these erratum packages, which contain an update to epiphany built against the updated Firefox packages. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27692
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27692
    titleFedora 7 : epiphany-2.18.3-2.fc7 (2007-1138)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1339.NASL
    descriptionSeveral remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the SeaMonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3089 Ronen Zilberman and Michal Zalewski discovered that a timing race allows the injection of content into about:blank frames. - CVE-2007-3656 Michal Zalewski discovered that same-origin policies for wyciwyg:// documents are insufficiently enforced. - CVE-2007-3734 Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul Nickerson and Vladimir Sukhoy discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2007-3735 Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. - CVE-2007-3736
    last seen2020-06-01
    modified2020-06-02
    plugin id25801
    published2007-07-30
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25801
    titleDebian DSA-1339-1 : iceape - several vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-490-1.NASL
    descriptionVarious flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id28092
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28092
    titleUbuntu 6.06 LTS / 6.10 / 7.04 : firefox vulnerabilities (USN-490-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20070718_FIREFOX_ON_SL5_X.NASL
    descriptionSeveral flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way Firefox handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656)
    last seen2020-06-01
    modified2020-06-02
    plugin id60228
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60228
    titleScientific Linux Security Update : firefox on SL5.x, SL4.x, SL3.x i386/x86_64
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0724.NASL
    descriptionFrom Red Hat Security Advisory 2007:0724 : Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way Firefox handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) Users of Firefox are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67548
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67548
    titleOracle Linux 4 / 5 : firefox (ELSA-2007-0724)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_E190CA65363611DCA697000C6EC775D9.NASL
    descriptionThe Mozilla Foundation reports of multiple security issues in Firefox, SeaMonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. - MFSA 2007-25 XPCNativeWrapper pollution - MFSA 2007-24 Unauthorized access to wyciwyg:// documents - MFSA 2007-21 Privilege escalation using an event handler attached to an element not in the document - MFSA 2007-20 Frame spoofing while window is loading - MFSA 2007-19 XSS using addEventListener and setTimeout - MFSA 2007-18 Crashes with evidence of memory corruption
    last seen2020-06-01
    modified2020-06-02
    plugin id25749
    published2007-07-23
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25749
    titleFreeBSD : mozilla -- multiple vulnerabilities (e190ca65-3636-11dc-a697-000c6ec775d9)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0723.NASL
    descriptionUpdated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML email message containing JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-3089, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25752
    published2007-07-23
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25752
    titleRHEL 4 / 5 : thunderbird (RHSA-2007:0723)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1391.NASL
    descriptionSeveral remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3734 Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul Nickerson and Vladimir Sukhoy discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2007-3735 Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. - CVE-2007-3844
    last seen2020-06-01
    modified2020-06-02
    plugin id27546
    published2007-10-25
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27546
    titleDebian DSA-1391-1 : icedove - several vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0723.NASL
    descriptionFrom Red Hat Security Advisory 2007:0723 : Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML email message containing JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-3089, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67547
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67547
    titleOracle Linux 4 : thunderbird (ELSA-2007-0723)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-3933.NASL
    descriptionThis update brings Mozilla Firefox to security update version 2.0.0.5 Following security problems were fixed : - MFSA 2007-18: Crashes with evidence of memory corruption The usual collection of stability fixes for crashes that look suspicious but haven
    last seen2020-06-01
    modified2020-06-02
    plugin id27122
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27122
    titleopenSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-3933)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLATHUNDERBIRD-3973.NASL
    descriptionThis update fixes several security problems in Mozilla Thunderbird 1.5.0.12. Following security problems were fixed : - MFSA 2007-18: Crashes with evidence of memory corruption The usual collection of stability fixes for crashes that look suspicious but haven
    last seen2020-06-01
    modified2020-06-02
    plugin id27132
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27132
    titleopenSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-3973)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0724.NASL
    descriptionUpdated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way Firefox handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) Users of Firefox are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25753
    published2007-07-23
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25753
    titleRHEL 4 / 5 : firefox (RHSA-2007:0724)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1337.NASL
    descriptionSeveral remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3089 Ronen Zilberman and Michal Zalewski discovered that a timing race allows the injection of content into about:blank frames. - CVE-2007-3656 Michal Zalewski discovered that same-origin policies for wyciwyg:// documents are insufficiently enforced. - CVE-2007-3734 Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul Nickerson and Vladimir Sukhoy discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2007-3735 Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. - CVE-2007-3736
    last seen2020-06-01
    modified2020-06-02
    plugin id25780
    published2007-07-27
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25780
    titleDebian DSA-1337-1 : xulrunner - several vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-1155.NASL
    descriptionUpdated Firefox packages that fix several security bugs are now available for Fedora 7. Users of epiphany-extensions are advised to upgrade to this errata package, which has been rebuilt against the updated Firefox package. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27700
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27700
    titleFedora 7 : epiphany-extensions-2.18.3-2 (2007-1155)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1338.NASL
    descriptionSeveral remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3089 Ronen Zilberman and Michal Zalewski discovered that a timing race allows the injection of content into about:blank frames. - CVE-2007-3656 Michal Zalewski discovered that same-origin policies for wyciwyg:// documents are insufficiently enforced. - CVE-2007-3734 Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul Nickerson and Vladimir Sukhoy discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2007-3735 Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. - CVE-2007-3736
    last seen2020-06-01
    modified2020-06-02
    plugin id25781
    published2007-07-27
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25781
    titleDebian DSA-1338-1 : iceweasel - several vulnerabilities

Oval

accepted2013-04-29T04:11:14.738-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionMultiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.
familyunix
idoval:org.mitre.oval:def:11066
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleMultiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.
version27

Redhat

advisories
  • rhsa
    idRHSA-2007:0722
  • rhsa
    idRHSA-2007:0723
  • rhsa
    idRHSA-2007:0724
rpms
  • seamonkey-0:1.0.9-0.3.el3
  • seamonkey-0:1.0.9-0.4.el2
  • seamonkey-0:1.0.9-4.el4
  • seamonkey-chat-0:1.0.9-0.3.el3
  • seamonkey-chat-0:1.0.9-0.4.el2
  • seamonkey-chat-0:1.0.9-4.el4
  • seamonkey-debuginfo-0:1.0.9-0.3.el3
  • seamonkey-debuginfo-0:1.0.9-4.el4
  • seamonkey-devel-0:1.0.9-0.3.el3
  • seamonkey-devel-0:1.0.9-0.4.el2
  • seamonkey-devel-0:1.0.9-4.el4
  • seamonkey-dom-inspector-0:1.0.9-0.3.el3
  • seamonkey-dom-inspector-0:1.0.9-0.4.el2
  • seamonkey-dom-inspector-0:1.0.9-4.el4
  • seamonkey-js-debugger-0:1.0.9-0.3.el3
  • seamonkey-js-debugger-0:1.0.9-0.4.el2
  • seamonkey-js-debugger-0:1.0.9-4.el4
  • seamonkey-mail-0:1.0.9-0.3.el3
  • seamonkey-mail-0:1.0.9-0.4.el2
  • seamonkey-mail-0:1.0.9-4.el4
  • seamonkey-nspr-0:1.0.9-0.3.el3
  • seamonkey-nspr-0:1.0.9-0.4.el2
  • seamonkey-nspr-devel-0:1.0.9-0.3.el3
  • seamonkey-nspr-devel-0:1.0.9-0.4.el2
  • seamonkey-nss-0:1.0.9-0.3.el3
  • seamonkey-nss-0:1.0.9-0.4.el2
  • seamonkey-nss-devel-0:1.0.9-0.3.el3
  • seamonkey-nss-devel-0:1.0.9-0.4.el2
  • thunderbird-0:1.5.0.12-0.3.el4
  • thunderbird-0:1.5.0.12-3.el5
  • thunderbird-debuginfo-0:1.5.0.12-0.3.el4
  • thunderbird-debuginfo-0:1.5.0.12-3.el5
  • firefox-0:1.5.0.12-0.3.el4
  • firefox-0:1.5.0.12-3.el5
  • firefox-debuginfo-0:1.5.0.12-0.3.el4
  • firefox-debuginfo-0:1.5.0.12-3.el5

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 24946 CVE(CAN) ID: CVE-2007-3734,CVE-2007-3735,CVE-2007-3736,CVE-2007-3737,CVE-2007-3738 Mozilla Firefox是一款流行的开源WEB浏览器。 Firefox的浏览器引擎和JavaScript引擎中存在多个内存破坏漏洞,可能允许攻击者导致浏览器崩溃。 addEventListener和setTimeout方式中的漏洞可能允许攻击者破坏浏览器的同源策略向其他站点注入脚本,访问或修改该站点的保密或敏感数据。 攻击者可以使用文档外的元素调用事件处理器,这可能导致以chrome权限执行任意代码。 攻击者可以修改XPCNativeWrapper,导致浏览器之后的访问会执行用户所提供的代码。 Mozilla Firefox &lt; 2.0.0.5 Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/2.0.0.5" target="_blank">ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/2.0.0.5</a>
idSSV:2020
last seen2017-11-19
modified2007-07-19
published2007-07-19
reporterRoot
titleMozilla Firefox 2.0.0.4多个远程安全漏洞

References