Vulnerabilities > CVE-2007-3736 - Unspecified vulnerability in Mozilla Firefox
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN mozilla
nessus
Summary
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Nessus
NASL family Windows NASL id MOZILLA_FIREFOX_2005.NASL description The installed version of Firefox is affected by various security issues, one of which may lead to execution of arbitrary code on the affected host subject to the user last seen 2020-06-01 modified 2020-06-02 plugin id 25735 published 2007-07-19 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25735 title Firefox < 2.0.0.5 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(25735); script_version("1.22"); script_cve_id( "CVE-2007-3089", "CVE-2007-3285", "CVE-2007-3656", "CVE-2007-3734", "CVE-2007-3735", "CVE-2007-3736", "CVE-2007-3737", "CVE-2007-3738" ); script_bugtraq_id(24286, 24447, 24831, 24946); script_name(english:"Firefox < 2.0.0.5 Multiple Vulnerabilities"); script_summary(english:"Checks version of Firefox"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a web browser that is affected by multiple vulnerabilities." ); script_set_attribute(attribute:"description", value: "The installed version of Firefox is affected by various security issues, one of which may lead to execution of arbitrary code on the affected host subject to the user's privileges." ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-18/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-19/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-20/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-21/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-22/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-23/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-24/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-25/" ); script_set_attribute(attribute:"solution", value: "Upgrade to Firefox 2.0.0.5 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(200, 264); script_set_attribute(attribute:"plugin_publication_date", value: "2007/07/19"); script_set_attribute(attribute:"vuln_publication_date", value: "2007/06/05"); script_set_attribute(attribute:"patch_publication_date", value: "2007/07/17"); script_cvs_date("Date: 2018/07/16 14:09:14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Firefox/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item_or_exit("SMB/transport"); installs = get_kb_list("SMB/Mozilla/Firefox/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox"); mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'2.0.0.5', severity:SECURITY_HOLE);
NASL family Scientific Linux Local Security Checks NASL id SL_20070718_THUNDERBIRD_ON_SL5_X.NASL description Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML email message containing JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-3089, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738) last seen 2020-06-01 modified 2020-06-02 plugin id 60230 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60230 title Scientific Linux Security Update : thunderbird on SL5.x, SL4.x, SL3.x i386/x86_64 NASL family Fedora Local Security Checks NASL id FEDORA_2007-1180.NASL description Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML email message containing JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-3089, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738) Users of Thunderbird are advised to upgrade to these erratum packages, which contain patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27705 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27705 title Fedora 7 : thunderbird-2.0.0.5-1.fc7 (2007-1180) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-3932.NASL description This update brings Mozilla Firefox to security update version 2.0.0.5 Following security problems were fixed : - Crashes with evidence of memory corruption The usual collection of stability fixes for crashes that look suspicious but haven last seen 2020-06-01 modified 2020-06-02 plugin id 29361 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29361 title SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 3932) NASL family SuSE Local Security Checks NASL id SUSE_SEAMONKEY-3984.NASL description This update fixes several security issues in Mozilla SeaMonkey 1.1.3. Following security problems were fixed : - MFSA 2007-18: Crashes with evidence of memory corruption The usual collection of stability fixes for crashes that look suspicious but haven last seen 2020-06-01 modified 2020-06-02 plugin id 27443 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27443 title openSUSE 10 Security Update : seamonkey (seamonkey-3984) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-3935.NASL description This update brings Mozilla Firefox to security update version 2.0.0.5 Following security problems were fixed : - MFSA 2007-18: Crashes with evidence of memory corruption The usual collection of stability fixes for crashes that look suspicious but haven last seen 2020-06-01 modified 2020-06-02 plugin id 27123 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27123 title openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-3935) NASL family Fedora Local Security Checks NASL id FEDORA_2007-1143.NASL description Updated firefox packages that fix several security bugs are now available for Fedora Core 7. Users of devhelp are advised to upgrade to these erratum packages, which contain an update to devhelp built against the updated Firefox packages. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27694 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27694 title Fedora 7 : devhelp-0.13-9.fc7 (2007-1143) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0722.NASL description Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way SeaMonkey handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25739 published 2007-07-23 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25739 title CentOS 3 / 4 : seamonkey (CESA-2007:0722) NASL family Fedora Local Security Checks NASL id FEDORA_2007-1157.NASL description Updated firefox packages that fix several security bugs are now available for Fedora 7. Users of Blam are advised to upgrade to this errata package, which has been rebuilt against the updated Firefox package. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27701 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27701 title Fedora 7 : blam-1.8.3-5.fc7 (2007-1157) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0724.NASL description Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way Firefox handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) Users of Firefox are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25741 published 2007-07-23 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25741 title CentOS 4 / 5 : firefox (CESA-2007:0724) NASL family Fedora Local Security Checks NASL id FEDORA_2007-1181.NASL description SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way SeaMonkey handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27706 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27706 title Fedora 7 : seamonkey-1.1.3-1.fc7 (2007-1181) NASL family Fedora Local Security Checks NASL id FEDORA_2007-642.NASL description Mozilla Firefox is an open source web browser, designed for standards compliance, performance and portability. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-3734, CVE-2007-3735) Several flaws were found in the way Firefox handles certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) A flaw was found in the way Firefox processes certain web content. A web page containing malicious content could execute arbitrary commands as the user running Firefox. (CVE-2007-3737, CVE-2007-3738) Users of Firefox are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25747 published 2007-07-23 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25747 title Fedora Core 6 : firefox-1.5.0.12-4.fc6 (2007-642) NASL family SuSE Local Security Checks NASL id SUSE_SEAMONKEY-3986.NASL description This update fixes several security issues in Mozilla SeaMonkey 1.0.9. Following security problems were fixed : - MFSA 2007-18: Crashes with evidence of memory corruption The usual collection of stability fixes for crashes that look suspicious but haven last seen 2020-06-01 modified 2020-06-02 plugin id 27444 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27444 title openSUSE 10 Security Update : seamonkey (seamonkey-3986) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-152.NASL description A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.6. This update provides the latest Firefox to correct these issues. As well, it provides Firefox 2.0.0.6 for older products. last seen 2020-06-01 modified 2020-06-02 plugin id 25836 published 2007-08-02 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25836 title Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2007:152) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0722.NASL description From Red Hat Security Advisory 2007:0722 : Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way SeaMonkey handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67546 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67546 title Oracle Linux 3 / 4 : seamonkey (ELSA-2007-0722) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0722.NASL description Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way SeaMonkey handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25751 published 2007-07-23 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25751 title RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2007:0722) NASL family Fedora Local Security Checks NASL id FEDORA_2007-1144.NASL description Updated firefox packages that fix several security bugs are now available for Fedora Core 7. Users of yelp are advised to upgrade to these erratum packages, which contain an update to yelp built against the updated Firefox packages. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27695 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27695 title Fedora 7 : yelp-2.18.1-5.fc7 (2007-1144) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200708-09.NASL description The remote host is affected by the vulnerability described in GLSA-200708-09 (Mozilla products: Multiple vulnerabilities) Mozilla developers fixed several bugs, including an issue with modifying XPCNativeWrappers (CVE-2007-3738), a problem with event handlers executing elements outside of the document (CVE-2007-3737), and a cross-site scripting (XSS) vulnerability (CVE-2007-3736). They also fixed a problem with promiscuous IFRAME access (CVE-2007-3089) and an XULRunner URL spoofing issue with the wyciwyg:// URI and HTTP 302 redirects (CVE-2007-3656). Denials of Service involving corrupted memory were fixed in the browser engine (CVE-2007-3734) and the JavaScript engine (CVE-2007-3735). Finally, another XSS vulnerability caused by a regression in the CVE-2007-3089 patch was fixed (CVE-2007-3844). Impact : A remote attacker could entice a user to view a specially crafted web page that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code or a Denial of Service. It is also possible for an attacker to perform cross-site scripting attacks, which could result in the exposure of sensitive information such as login credentials. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 25888 published 2007-08-15 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25888 title GLSA-200708-09 : Mozilla products: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2007-641.NASL description Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML email message containing JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-3089, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25746 published 2007-07-23 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25746 title Fedora Core 6 : thunderbird-1.5.0.12-2.fc6 (2007-641) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0723.NASL description Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML email message containing JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-3089, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25740 published 2007-07-23 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25740 title CentOS 4 / 5 : thunderbird (CESA-2007:0723) NASL family Scientific Linux Local Security Checks NASL id SL_20070718_SEAMONKEY_ON_SL4_X.NASL description Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way SeaMonkey handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsingsession if the user reloads a targeted site. (CVE-2007-3656) last seen 2020-06-01 modified 2020-06-02 plugin id 60229 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60229 title Scientific Linux Security Update : seamonkey on SL4.x, SL3.x i386/x86_64 NASL family Fedora Local Security Checks NASL id FEDORA_2007-1142.NASL description Mozilla Firefox is an open source web browser, designed for standards compliance, performance and portability. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-3734, CVE-2007-3735) Several flaws were found in the way Firefox handles certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) A flaw was found in the way Firefox processes certain web content. A web page containing malicious content could execute arbitrary commands as the user running Firefox. (CVE-2007-3737, CVE-2007-3738) Users of Firefox are advised to upgrade to these erratum packages, which contain patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27693 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27693 title Fedora 7 : firefox-2.0.0.5-1.fc7 (2007-1142) NASL family Fedora Local Security Checks NASL id FEDORA_2007-1138.NASL description Updated firefox packages that fix several security bugs are now available for Fedora Core 7. Users of epiphany are advised to upgrade to these erratum packages, which contain an update to epiphany built against the updated Firefox packages. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27692 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27692 title Fedora 7 : epiphany-2.18.3-2.fc7 (2007-1138) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1339.NASL description Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the SeaMonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3089 Ronen Zilberman and Michal Zalewski discovered that a timing race allows the injection of content into about:blank frames. - CVE-2007-3656 Michal Zalewski discovered that same-origin policies for wyciwyg:// documents are insufficiently enforced. - CVE-2007-3734 Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul Nickerson and Vladimir Sukhoy discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2007-3735 Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. - CVE-2007-3736 last seen 2020-06-01 modified 2020-06-02 plugin id 25801 published 2007-07-30 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25801 title Debian DSA-1339-1 : iceape - several vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-490-1.NASL description Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 28092 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28092 title Ubuntu 6.06 LTS / 6.10 / 7.04 : firefox vulnerabilities (USN-490-1) NASL family Scientific Linux Local Security Checks NASL id SL_20070718_FIREFOX_ON_SL5_X.NASL description Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way Firefox handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) last seen 2020-06-01 modified 2020-06-02 plugin id 60228 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60228 title Scientific Linux Security Update : firefox on SL5.x, SL4.x, SL3.x i386/x86_64 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0724.NASL description From Red Hat Security Advisory 2007:0724 : Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way Firefox handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) Users of Firefox are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67548 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67548 title Oracle Linux 4 / 5 : firefox (ELSA-2007-0724) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0723.NASL description Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML email message containing JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-3089, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25752 published 2007-07-23 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25752 title RHEL 4 / 5 : thunderbird (RHSA-2007:0723) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-042.NASL description Security issues were identified and fixed in firefox 3.0.x and 3.5.x : Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code (CVE-2010-0159). Security researcher Orlando Barrera II reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 44672 published 2010-02-22 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44672 title Mandriva Linux Security Advisory : firefox (MDVSA-2010:042) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0723.NASL description From Red Hat Security Advisory 2007:0723 : Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML email message containing JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-3089, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67547 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67547 title Oracle Linux 4 : thunderbird (ELSA-2007-0723) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-3933.NASL description This update brings Mozilla Firefox to security update version 2.0.0.5 Following security problems were fixed : - MFSA 2007-18: Crashes with evidence of memory corruption The usual collection of stability fixes for crashes that look suspicious but haven last seen 2020-06-01 modified 2020-06-02 plugin id 27122 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27122 title openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-3933) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLATHUNDERBIRD-3973.NASL description This update fixes several security problems in Mozilla Thunderbird 1.5.0.12. Following security problems were fixed : - MFSA 2007-18: Crashes with evidence of memory corruption The usual collection of stability fixes for crashes that look suspicious but haven last seen 2020-06-01 modified 2020-06-02 plugin id 27132 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27132 title openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-3973) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0724.NASL description Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way Firefox handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) Users of Firefox are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25753 published 2007-07-23 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25753 title RHEL 4 / 5 : firefox (RHSA-2007:0724) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1337.NASL description Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3089 Ronen Zilberman and Michal Zalewski discovered that a timing race allows the injection of content into about:blank frames. - CVE-2007-3656 Michal Zalewski discovered that same-origin policies for wyciwyg:// documents are insufficiently enforced. - CVE-2007-3734 Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul Nickerson and Vladimir Sukhoy discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2007-3735 Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. - CVE-2007-3736 last seen 2020-06-01 modified 2020-06-02 plugin id 25780 published 2007-07-27 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25780 title Debian DSA-1337-1 : xulrunner - several vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2007-1155.NASL description Updated Firefox packages that fix several security bugs are now available for Fedora 7. Users of epiphany-extensions are advised to upgrade to this errata package, which has been rebuilt against the updated Firefox package. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27700 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27700 title Fedora 7 : epiphany-extensions-2.18.3-2 (2007-1155) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1338.NASL description Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3089 Ronen Zilberman and Michal Zalewski discovered that a timing race allows the injection of content into about:blank frames. - CVE-2007-3656 Michal Zalewski discovered that same-origin policies for wyciwyg:// documents are insufficiently enforced. - CVE-2007-3734 Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul Nickerson and Vladimir Sukhoy discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2007-3735 Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. - CVE-2007-3736 last seen 2020-06-01 modified 2020-06-02 plugin id 25781 published 2007-07-27 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25781 title Debian DSA-1338-1 : iceweasel - several vulnerabilities
Oval
accepted | 2013-04-29T04:15:35.807-04:00 | ||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||
description | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed. | ||||||||||||||||||||||||||||||||
family | unix | ||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:11749 | ||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
title | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed. | ||||||||||||||||||||||||||||||||
version | 27 |
Redhat
advisories |
| ||||||||||||
rpms |
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 24946 CVE(CAN) ID: CVE-2007-3734,CVE-2007-3735,CVE-2007-3736,CVE-2007-3737,CVE-2007-3738 Mozilla Firefox是一款流行的开源WEB浏览器。 Firefox的浏览器引擎和JavaScript引擎中存在多个内存破坏漏洞,可能允许攻击者导致浏览器崩溃。 addEventListener和setTimeout方式中的漏洞可能允许攻击者破坏浏览器的同源策略向其他站点注入脚本,访问或修改该站点的保密或敏感数据。 攻击者可以使用文档外的元素调用事件处理器,这可能导致以chrome权限执行任意代码。 攻击者可以修改XPCNativeWrapper,导致浏览器之后的访问会执行用户所提供的代码。 Mozilla Firefox < 2.0.0.5 Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/2.0.0.5" target="_blank">ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/2.0.0.5</a> |
id | SSV:2020 |
last seen | 2017-11-19 |
modified | 2007-07-19 |
published | 2007-07-19 |
reporter | Root |
title | Mozilla Firefox 2.0.0.4多个远程安全漏洞 |
References
- ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt
- ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt
- ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc
- ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://secunia.com/advisories/25589
- http://secunia.com/advisories/25589
- http://secunia.com/advisories/26072
- http://secunia.com/advisories/26072
- http://secunia.com/advisories/26095
- http://secunia.com/advisories/26095
- http://secunia.com/advisories/26103
- http://secunia.com/advisories/26103
- http://secunia.com/advisories/26106
- http://secunia.com/advisories/26106
- http://secunia.com/advisories/26107
- http://secunia.com/advisories/26107
- http://secunia.com/advisories/26149
- http://secunia.com/advisories/26149
- http://secunia.com/advisories/26151
- http://secunia.com/advisories/26151
- http://secunia.com/advisories/26159
- http://secunia.com/advisories/26159
- http://secunia.com/advisories/26179
- http://secunia.com/advisories/26179
- http://secunia.com/advisories/26204
- http://secunia.com/advisories/26204
- http://secunia.com/advisories/26205
- http://secunia.com/advisories/26205
- http://secunia.com/advisories/26211
- http://secunia.com/advisories/26211
- http://secunia.com/advisories/26216
- http://secunia.com/advisories/26216
- http://secunia.com/advisories/26258
- http://secunia.com/advisories/26258
- http://secunia.com/advisories/26271
- http://secunia.com/advisories/26271
- http://secunia.com/advisories/26460
- http://secunia.com/advisories/26460
- http://secunia.com/advisories/28135
- http://secunia.com/advisories/28135
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
- http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html
- http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html
- http://www.debian.org/security/2007/dsa-1337
- http://www.debian.org/security/2007/dsa-1337
- http://www.debian.org/security/2007/dsa-1338
- http://www.debian.org/security/2007/dsa-1338
- http://www.debian.org/security/2007/dsa-1339
- http://www.debian.org/security/2007/dsa-1339
- http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml
- http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
- http://www.mozilla.org/security/announce/2007/mfsa2007-19.html
- http://www.mozilla.org/security/announce/2007/mfsa2007-19.html
- http://www.novell.com/linux/security/advisories/2007_49_mozilla.html
- http://www.novell.com/linux/security/advisories/2007_49_mozilla.html
- http://www.redhat.com/support/errata/RHSA-2007-0722.html
- http://www.redhat.com/support/errata/RHSA-2007-0722.html
- http://www.redhat.com/support/errata/RHSA-2007-0723.html
- http://www.redhat.com/support/errata/RHSA-2007-0723.html
- http://www.redhat.com/support/errata/RHSA-2007-0724.html
- http://www.redhat.com/support/errata/RHSA-2007-0724.html
- http://www.securityfocus.com/archive/1/474226/100/0/threaded
- http://www.securityfocus.com/archive/1/474226/100/0/threaded
- http://www.securityfocus.com/archive/1/474542/100/0/threaded
- http://www.securityfocus.com/archive/1/474542/100/0/threaded
- http://www.securityfocus.com/bid/24946
- http://www.securityfocus.com/bid/24946
- http://www.securitytracker.com/id?1018410
- http://www.securitytracker.com/id?1018410
- http://www.ubuntu.com/usn/usn-490-1
- http://www.ubuntu.com/usn/usn-490-1
- http://www.vupen.com/english/advisories/2007/2564
- http://www.vupen.com/english/advisories/2007/2564
- http://www.vupen.com/english/advisories/2007/4256
- http://www.vupen.com/english/advisories/2007/4256
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35462
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35462
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11749
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11749