Vulnerabilities > CVE-2007-3738 - Unspecified vulnerability in Mozilla Firefox

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

mozilla

nessus

NVD

Published: 2007-07-18

Updated: 2024-11-21

Summary

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 allow remote attackers to execute arbitrary code via a crafted XPCNativeWrapper.

Vulnerable Configurations

Part	Description	Count
Application	Mozilla Mozilla Firefox 2.0.0.2 Mozilla Firefox 2.0 Mozilla Firefox 2.0.0.3 Mozilla Firefox 2.0.0.4 Mozilla Firefox 2.0.0.1	5

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1532.NASL
description	# This shares a lot of text with dsa-1534.wml, dsa-1535.wml, dsa-1574.wml Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-4879 Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracked, resulting in a loss of privacy. - CVE-2008-1233
last seen	2020-06-01
modified	2020-06-02
plugin id	31709
published	2008-03-31
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/31709
title	Debian DSA-1532-1 : xulrunner - several vulnerabilities
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1532. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(31709); script_version("1.21"); script_cvs_date("Date: 2019/08/02 13:32:21"); script_cve_id("CVE-2007-4879", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241"); script_bugtraq_id(28448); script_xref(name:"DSA", value:"1532"); script_name(english:"Debian DSA-1532-1 : xulrunner - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "# This shares a lot of text with dsa-1534.wml, dsa-1535.wml, dsa-1574.wml Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-4879 Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracked, resulting in a loss of privacy. - CVE-2008-1233 'moz_bug_r_a4' discovered that variants of CVE-2007-3738 and CVE-2007-5338 allow the execution of arbitrary code through XPCNativeWrapper. - CVE-2008-1234 'moz_bug_r_a4' discovered that insecure handling of event handlers could lead to cross-site scripting. - CVE-2008-1235 Boris Zbarsky, Johnny Stenback and 'moz_bug_r_a4' discovered that incorrect principal handling could lead to cross-site scripting and the execution of arbitrary code. - CVE-2008-1236 Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats Palmgren discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2008-1237 'georgi', 'tgirmann' and Igor Bukanov discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. - CVE-2008-1238 Gregory Fleischer discovered that HTTP Referrer headers were handled incorrectly in combination with URLs containing Basic Authentication credentials with empty usernames, resulting in potential Cross-Site Request Forgery attacks. - CVE-2008-1240 Gregory Fleischer discovered that web content fetched through the jar: protocol can use Java to connect to arbitrary ports. This is only an issue in combination with the non-free Java plugin. - CVE-2008-1241 Chris Thomas discovered that background tabs could generate XUL popups overlaying the current tab, resulting in potential spoofing attacks. The Mozilla products from the old stable distribution (sarge) are no longer supported." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-4879" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-1233" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-3738" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-5338" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-1234" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-1235" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-1236" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-1237" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-1238" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-1240" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-1241" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2008/dsa-1532" ); script_set_attribute( attribute:"solution", value: "Upgrade the xulrunner packages. For the stable distribution (etch), these problems have been fixed in version 1.8.0.15~pre080323b-0etch1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(59, 79, 94, 287, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xulrunner"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/03/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/03/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"libmozillainterfaces-java", reference:"1.8.0.15~pre080323b-0etch1")) flag++; if (deb_check(release:"4.0", prefix:"libmozjs-dev", reference:"1.8.0.15~pre080323b-0etch1")) flag++; if (deb_check(release:"4.0", prefix:"libmozjs0d", reference:"1.8.0.15~pre080323b-0etch1")) flag++; if (deb_check(release:"4.0", prefix:"libmozjs0d-dbg", reference:"1.8.0.15~pre080323b-0etch1")) flag++; if (deb_check(release:"4.0", prefix:"libnspr4-0d", reference:"1.8.0.15~pre080323b-0etch1")) flag++; if (deb_check(release:"4.0", prefix:"libnspr4-0d-dbg", reference:"1.8.0.15~pre080323b-0etch1")) flag++; if (deb_check(release:"4.0", prefix:"libnspr4-dev", reference:"1.8.0.15~pre080323b-0etch1")) flag++; if (deb_check(release:"4.0", prefix:"libnss3-0d", reference:"1.8.0.15~pre080323b-0etch1")) flag++; if (deb_check(release:"4.0", prefix:"libnss3-0d-dbg", reference:"1.8.0.15~pre080323b-0etch1")) flag++; if (deb_check(release:"4.0", prefix:"libnss3-dev", reference:"1.8.0.15~pre080323b-0etch1")) flag++; if (deb_check(release:"4.0", prefix:"libnss3-tools", reference:"1.8.0.15~pre080323b-0etch1")) flag++; if (deb_check(release:"4.0", prefix:"libsmjs-dev", reference:"1.8.0.15~pre080323b-0etch1")) flag++; if (deb_check(release:"4.0", prefix:"libsmjs1", reference:"1.8.0.15~pre080323b-0etch1")) flag++; if (deb_check(release:"4.0", prefix:"libxul-common", reference:"1.8.0.15~pre080323b-0etch1")) flag++; if (deb_check(release:"4.0", prefix:"libxul-dev", reference:"1.8.0.15~pre080323b-0etch1")) flag++; if (deb_check(release:"4.0", prefix:"libxul0d", reference:"1.8.0.15~pre080323b-0etch1")) flag++; if (deb_check(release:"4.0", prefix:"libxul0d-dbg", reference:"1.8.0.15~pre080323b-0etch1")) flag++; if (deb_check(release:"4.0", prefix:"python-xpcom", reference:"1.8.0.15~pre080323b-0etch1")) flag++; if (deb_check(release:"4.0", prefix:"spidermonkey-bin", reference:"1.8.0.15~pre080323b-0etch1")) flag++; if (deb_check(release:"4.0", prefix:"xulrunner", reference:"1.8.0.15~pre080323b-0etch1")) flag++; if (deb_check(release:"4.0", prefix:"xulrunner-gnome-support", reference:"1.8.0.15~pre080323b-0etch1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Windows
NASL id	MOZILLA_FIREFOX_2005.NASL
description	The installed version of Firefox is affected by various security issues, one of which may lead to execution of arbitrary code on the affected host subject to the user
last seen	2020-06-01
modified	2020-06-02
plugin id	25735
published	2007-07-19
reporter	This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/25735
title	Firefox < 2.0.0.5 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(25735); script_version("1.22"); script_cve_id( "CVE-2007-3089", "CVE-2007-3285", "CVE-2007-3656", "CVE-2007-3734", "CVE-2007-3735", "CVE-2007-3736", "CVE-2007-3737", "CVE-2007-3738" ); script_bugtraq_id(24286, 24447, 24831, 24946); script_name(english:"Firefox < 2.0.0.5 Multiple Vulnerabilities"); script_summary(english:"Checks version of Firefox"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a web browser that is affected by multiple vulnerabilities." ); script_set_attribute(attribute:"description", value: "The installed version of Firefox is affected by various security issues, one of which may lead to execution of arbitrary code on the affected host subject to the user's privileges." ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-18/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-19/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-20/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-21/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-22/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-23/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-24/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-25/" ); script_set_attribute(attribute:"solution", value: "Upgrade to Firefox 2.0.0.5 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(200, 264); script_set_attribute(attribute:"plugin_publication_date", value: "2007/07/19"); script_set_attribute(attribute:"vuln_publication_date", value: "2007/06/05"); script_set_attribute(attribute:"patch_publication_date", value: "2007/07/17"); script_cvs_date("Date: 2018/07/16 14:09:14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Firefox/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item_or_exit("SMB/transport"); installs = get_kb_list("SMB/Mozilla/Firefox/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox"); mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'2.0.0.5', severity:SECURITY_HOLE);

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20070718_THUNDERBIRD_ON_SL5_X.NASL
description	Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML email message containing JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-3089, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738)
last seen	2020-06-01
modified	2020-06-02
plugin id	60230
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60230
title	Scientific Linux Security Update : thunderbird on SL5.x, SL4.x, SL3.x i386/x86_64

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-1180.NASL
description	Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML email message containing JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-3089, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738) Users of Thunderbird are advised to upgrade to these erratum packages, which contain patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	27705
published	2007-11-06
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/27705
title	Fedora 7 : thunderbird-2.0.0.5-1.fc7 (2007-1180)

NASL family	SuSE Local Security Checks
NASL id	SUSE_MOZILLAFIREFOX-3932.NASL
description	This update brings Mozilla Firefox to security update version 2.0.0.5 Following security problems were fixed : - Crashes with evidence of memory corruption The usual collection of stability fixes for crashes that look suspicious but haven
last seen	2020-06-01
modified	2020-06-02
plugin id	29361
published	2007-12-13
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/29361
title	SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 3932)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SEAMONKEY-3984.NASL
description	This update fixes several security issues in Mozilla SeaMonkey 1.1.3. Following security problems were fixed : - MFSA 2007-18: Crashes with evidence of memory corruption The usual collection of stability fixes for crashes that look suspicious but haven
last seen	2020-06-01
modified	2020-06-02
plugin id	27443
published	2007-10-17
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/27443
title	openSUSE 10 Security Update : seamonkey (seamonkey-3984)

NASL family	SuSE Local Security Checks
NASL id	SUSE_MOZILLAFIREFOX-3935.NASL
description	This update brings Mozilla Firefox to security update version 2.0.0.5 Following security problems were fixed : - MFSA 2007-18: Crashes with evidence of memory corruption The usual collection of stability fixes for crashes that look suspicious but haven
last seen	2020-06-01
modified	2020-06-02
plugin id	27123
published	2007-10-17
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/27123
title	openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-3935)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-1143.NASL
description	Updated firefox packages that fix several security bugs are now available for Fedora Core 7. Users of devhelp are advised to upgrade to these erratum packages, which contain an update to devhelp built against the updated Firefox packages. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	27694
published	2007-11-06
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/27694
title	Fedora 7 : devhelp-0.13-9.fc7 (2007-1143)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2007-0722.NASL
description	Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way SeaMonkey handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	25739
published	2007-07-23
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/25739
title	CentOS 3 / 4 : seamonkey (CESA-2007:0722)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-1157.NASL
description	Updated firefox packages that fix several security bugs are now available for Fedora 7. Users of Blam are advised to upgrade to this errata package, which has been rebuilt against the updated Firefox package. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	27701
published	2007-11-06
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/27701
title	Fedora 7 : blam-1.8.3-5.fc7 (2007-1157)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2007-0724.NASL
description	Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way Firefox handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) Users of Firefox are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	25741
published	2007-07-23
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/25741
title	CentOS 4 / 5 : firefox (CESA-2007:0724)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-1181.NASL
description	SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way SeaMonkey handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	27706
published	2007-11-06
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/27706
title	Fedora 7 : seamonkey-1.1.3-1.fc7 (2007-1181)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-642.NASL
description	Mozilla Firefox is an open source web browser, designed for standards compliance, performance and portability. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-3734, CVE-2007-3735) Several flaws were found in the way Firefox handles certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) A flaw was found in the way Firefox processes certain web content. A web page containing malicious content could execute arbitrary commands as the user running Firefox. (CVE-2007-3737, CVE-2007-3738) Users of Firefox are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	25747
published	2007-07-23
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/25747
title	Fedora Core 6 : firefox-1.5.0.12-4.fc6 (2007-642)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SEAMONKEY-3986.NASL
description	This update fixes several security issues in Mozilla SeaMonkey 1.0.9. Following security problems were fixed : - MFSA 2007-18: Crashes with evidence of memory corruption The usual collection of stability fixes for crashes that look suspicious but haven
last seen	2020-06-01
modified	2020-06-02
plugin id	27444
published	2007-10-17
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/27444
title	openSUSE 10 Security Update : seamonkey (seamonkey-3986)

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2007-152.NASL
description	A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.6. This update provides the latest Firefox to correct these issues. As well, it provides Firefox 2.0.0.6 for older products.
last seen	2020-06-01
modified	2020-06-02
plugin id	25836
published	2007-08-02
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/25836
title	Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2007:152)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2007-0722.NASL
description	From Red Hat Security Advisory 2007:0722 : Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way SeaMonkey handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	67546
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67546
title	Oracle Linux 3 / 4 : seamonkey (ELSA-2007-0722)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2007-0722.NASL
description	Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way SeaMonkey handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	25751
published	2007-07-23
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/25751
title	RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2007:0722)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-1144.NASL
description	Updated firefox packages that fix several security bugs are now available for Fedora Core 7. Users of yelp are advised to upgrade to these erratum packages, which contain an update to yelp built against the updated Firefox packages. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	27695
published	2007-11-06
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/27695
title	Fedora 7 : yelp-2.18.1-5.fc7 (2007-1144)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200708-09.NASL
description	The remote host is affected by the vulnerability described in GLSA-200708-09 (Mozilla products: Multiple vulnerabilities) Mozilla developers fixed several bugs, including an issue with modifying XPCNativeWrappers (CVE-2007-3738), a problem with event handlers executing elements outside of the document (CVE-2007-3737), and a cross-site scripting (XSS) vulnerability (CVE-2007-3736). They also fixed a problem with promiscuous IFRAME access (CVE-2007-3089) and an XULRunner URL spoofing issue with the wyciwyg:// URI and HTTP 302 redirects (CVE-2007-3656). Denials of Service involving corrupted memory were fixed in the browser engine (CVE-2007-3734) and the JavaScript engine (CVE-2007-3735). Finally, another XSS vulnerability caused by a regression in the CVE-2007-3089 patch was fixed (CVE-2007-3844). Impact : A remote attacker could entice a user to view a specially crafted web page that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code or a Denial of Service. It is also possible for an attacker to perform cross-site scripting attacks, which could result in the exposure of sensitive information such as login credentials. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	25888
published	2007-08-15
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/25888
title	GLSA-200708-09 : Mozilla products: Multiple vulnerabilities

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-641.NASL
description	Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML email message containing JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-3089, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	25746
published	2007-07-23
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/25746
title	Fedora Core 6 : thunderbird-1.5.0.12-2.fc6 (2007-641)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2007-0723.NASL
description	Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML email message containing JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-3089, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	25740
published	2007-07-23
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/25740
title	CentOS 4 / 5 : thunderbird (CESA-2007:0723)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20070718_SEAMONKEY_ON_SL4_X.NASL
description	Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way SeaMonkey handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsingsession if the user reloads a targeted site. (CVE-2007-3656)
last seen	2020-06-01
modified	2020-06-02
plugin id	60229
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60229
title	Scientific Linux Security Update : seamonkey on SL4.x, SL3.x i386/x86_64

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-1142.NASL
description	Mozilla Firefox is an open source web browser, designed for standards compliance, performance and portability. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-3734, CVE-2007-3735) Several flaws were found in the way Firefox handles certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) A flaw was found in the way Firefox processes certain web content. A web page containing malicious content could execute arbitrary commands as the user running Firefox. (CVE-2007-3737, CVE-2007-3738) Users of Firefox are advised to upgrade to these erratum packages, which contain patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	27693
published	2007-11-06
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/27693
title	Fedora 7 : firefox-2.0.0.5-1.fc7 (2007-1142)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-1138.NASL
description	Updated firefox packages that fix several security bugs are now available for Fedora Core 7. Users of epiphany are advised to upgrade to these erratum packages, which contain an update to epiphany built against the updated Firefox packages. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	27692
published	2007-11-06
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/27692
title	Fedora 7 : epiphany-2.18.3-2.fc7 (2007-1138)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1535.NASL
description	# This shares a lot of text with dsa-1532.wml, dsa-1534.wml, dsa-1574.wml Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-4879 Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracked, resulting in a loss of privacy. - CVE-2008-1233
last seen	2020-06-01
modified	2020-06-02
plugin id	31806
published	2008-04-11
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/31806
title	Debian DSA-1535-1 : iceweasel - several vulnerabilities

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1339.NASL
description	Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the SeaMonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3089 Ronen Zilberman and Michal Zalewski discovered that a timing race allows the injection of content into about:blank frames. - CVE-2007-3656 Michal Zalewski discovered that same-origin policies for wyciwyg:// documents are insufficiently enforced. - CVE-2007-3734 Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul Nickerson and Vladimir Sukhoy discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2007-3735 Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. - CVE-2007-3736
last seen	2020-06-01
modified	2020-06-02
plugin id	25801
published	2007-07-30
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/25801
title	Debian DSA-1339-1 : iceape - several vulnerabilities

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-490-1.NASL
description	Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user
last seen	2020-06-01
modified	2020-06-02
plugin id	28092
published	2007-11-10
reporter	Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/28092
title	Ubuntu 6.06 LTS / 6.10 / 7.04 : firefox vulnerabilities (USN-490-1)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20070718_FIREFOX_ON_SL5_X.NASL
description	Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way Firefox handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656)
last seen	2020-06-01
modified	2020-06-02
plugin id	60228
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60228
title	Scientific Linux Security Update : firefox on SL5.x, SL4.x, SL3.x i386/x86_64

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2007-0724.NASL
description	From Red Hat Security Advisory 2007:0724 : Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way Firefox handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) Users of Firefox are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	67548
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67548
title	Oracle Linux 4 / 5 : firefox (ELSA-2007-0724)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_E190CA65363611DCA697000C6EC775D9.NASL
description	The Mozilla Foundation reports of multiple security issues in Firefox, SeaMonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. - MFSA 2007-25 XPCNativeWrapper pollution - MFSA 2007-24 Unauthorized access to wyciwyg:// documents - MFSA 2007-21 Privilege escalation using an event handler attached to an element not in the document - MFSA 2007-20 Frame spoofing while window is loading - MFSA 2007-19 XSS using addEventListener and setTimeout - MFSA 2007-18 Crashes with evidence of memory corruption
last seen	2020-06-01
modified	2020-06-02
plugin id	25749
published	2007-07-23
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/25749
title	FreeBSD : mozilla -- multiple vulnerabilities (e190ca65-3636-11dc-a697-000c6ec775d9)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1534.NASL
description	# This shares a lot of text with dsa-1532.wml, dsa-1535.wml, dsa-1574.wml Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the SeaMonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-4879 Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracked, resulting in a loss of privacy. - CVE-2008-1233
last seen	2020-06-01
modified	2020-06-02
plugin id	31711
published	2008-03-31
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/31711
title	Debian DSA-1534-1 : iceape - several vulnerabilities

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2007-0723.NASL
description	Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML email message containing JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-3089, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	25752
published	2007-07-23
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/25752
title	RHEL 4 / 5 : thunderbird (RHSA-2007:0723)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2007-0723.NASL
description	From Red Hat Security Advisory 2007:0723 : Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML email message containing JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-3089, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	67547
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67547
title	Oracle Linux 4 : thunderbird (ELSA-2007-0723)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1574.NASL
description	# This shares a lot of text with dsa-1532.wml, dsa-1534.wml, dsa-1535.wml Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-1233
last seen	2020-06-01
modified	2020-06-02
plugin id	32308
published	2008-05-13
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/32308
title	Debian DSA-1574-1 : icedove - several vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	SUSE_MOZILLAFIREFOX-3933.NASL
description	This update brings Mozilla Firefox to security update version 2.0.0.5 Following security problems were fixed : - MFSA 2007-18: Crashes with evidence of memory corruption The usual collection of stability fixes for crashes that look suspicious but haven
last seen	2020-06-01
modified	2020-06-02
plugin id	27122
published	2007-10-17
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/27122
title	openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-3933)

NASL family	SuSE Local Security Checks
NASL id	SUSE_MOZILLATHUNDERBIRD-3973.NASL
description	This update fixes several security problems in Mozilla Thunderbird 1.5.0.12. Following security problems were fixed : - MFSA 2007-18: Crashes with evidence of memory corruption The usual collection of stability fixes for crashes that look suspicious but haven
last seen	2020-06-01
modified	2020-06-02
plugin id	27132
published	2007-10-17
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/27132
title	openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-3973)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2007-0724.NASL
description	Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way Firefox handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) Users of Firefox are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	25753
published	2007-07-23
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/25753
title	RHEL 4 / 5 : firefox (RHSA-2007:0724)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1337.NASL
description	Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3089 Ronen Zilberman and Michal Zalewski discovered that a timing race allows the injection of content into about:blank frames. - CVE-2007-3656 Michal Zalewski discovered that same-origin policies for wyciwyg:// documents are insufficiently enforced. - CVE-2007-3734 Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul Nickerson and Vladimir Sukhoy discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2007-3735 Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. - CVE-2007-3736
last seen	2020-06-01
modified	2020-06-02
plugin id	25780
published	2007-07-27
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/25780
title	Debian DSA-1337-1 : xulrunner - several vulnerabilities

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-1155.NASL
description	Updated Firefox packages that fix several security bugs are now available for Fedora 7. Users of epiphany-extensions are advised to upgrade to this errata package, which has been rebuilt against the updated Firefox package. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	27700
published	2007-11-06
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/27700
title	Fedora 7 : epiphany-extensions-2.18.3-2 (2007-1155)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1338.NASL
description	Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3089 Ronen Zilberman and Michal Zalewski discovered that a timing race allows the injection of content into about:blank frames. - CVE-2007-3656 Michal Zalewski discovered that same-origin policies for wyciwyg:// documents are insufficiently enforced. - CVE-2007-3734 Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul Nickerson and Vladimir Sukhoy discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2007-3735 Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. - CVE-2007-3736
last seen	2020-06-01
modified	2020-06-02
plugin id	25781
published	2007-07-27
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/25781
title	Debian DSA-1338-1 : iceweasel - several vulnerabilities

Oval

accepted

2013-04-29T04:22:58.436-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 allow remote attackers to execute arbitrary code via a crafted XPCNativeWrapper.

family

unix

oval:org.mitre.oval:def:9875

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 allow remote attackers to execute arbitrary code via a crafted XPCNativeWrapper.

version

Redhat

advisories

bugzilla

id	248518
title	CVE-2007-3089 various flaws in mozilla products (CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3656 CVE-2007-3738)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025

AND
comment seamonkey-chat is earlier than 0:1.0.9-4.el4
oval oval:com.redhat.rhsa:tst:20070722001
comment seamonkey-chat is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060609004
AND
comment seamonkey-devel is earlier than 0:1.0.9-4.el4
oval oval:com.redhat.rhsa:tst:20070722003
comment seamonkey-devel is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060609010

AND

comment seamonkey-js-debugger is earlier than 0:1.0.9-4.el4
oval oval:com.redhat.rhsa:tst:20070722005
comment seamonkey-js-debugger is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060609002

AND
comment seamonkey is earlier than 0:1.0.9-4.el4
oval oval:com.redhat.rhsa:tst:20070722007
comment seamonkey is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060609006
AND
comment seamonkey-mail is earlier than 0:1.0.9-4.el4
oval oval:com.redhat.rhsa:tst:20070722009
comment seamonkey-mail is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060609012

AND

comment seamonkey-dom-inspector is earlier than 0:1.0.9-4.el4
oval oval:com.redhat.rhsa:tst:20070722011
comment seamonkey-dom-inspector is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060609008

rhsa

id	RHSA-2007:0722
released	2008-01-07
severity	Critical
title	RHSA-2007:0722: seamonkey security update (Critical)

bugzilla

id	248518
title	CVE-2007-3089 various flaws in mozilla products (CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3656 CVE-2007-3738)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025
comment thunderbird is earlier than 0:1.5.0.12-0.3.el4
oval oval:com.redhat.rhsa:tst:20070723001
comment thunderbird is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060330002

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005
comment thunderbird is earlier than 0:1.5.0.12-3.el5
oval oval:com.redhat.rhsa:tst:20070723004
comment thunderbird is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070108002

rhsa

id	RHSA-2007:0723
released	2007-07-18
severity	Moderate
title	RHSA-2007:0723: thunderbird security update (Moderate)

bugzilla

id	248518
title	CVE-2007-3089 various flaws in mozilla products (CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3656 CVE-2007-3738)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025
comment firefox is earlier than 0:1.5.0.12-0.3.el4
oval oval:com.redhat.rhsa:tst:20070724001
comment firefox is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060200002

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005
comment firefox is earlier than 0:1.5.0.12-3.el5
oval oval:com.redhat.rhsa:tst:20070724004
comment firefox is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070097008

rhsa

id	RHSA-2007:0724
released	2008-01-09
severity	Critical
title	RHSA-2007:0724: firefox security update (Critical)

rpms

seamonkey-0:1.0.9-0.3.el3
seamonkey-0:1.0.9-0.4.el2
seamonkey-0:1.0.9-4.el4
seamonkey-chat-0:1.0.9-0.3.el3
seamonkey-chat-0:1.0.9-0.4.el2
seamonkey-chat-0:1.0.9-4.el4
seamonkey-debuginfo-0:1.0.9-0.3.el3
seamonkey-debuginfo-0:1.0.9-4.el4
seamonkey-devel-0:1.0.9-0.3.el3
seamonkey-devel-0:1.0.9-0.4.el2
seamonkey-devel-0:1.0.9-4.el4
seamonkey-dom-inspector-0:1.0.9-0.3.el3
seamonkey-dom-inspector-0:1.0.9-0.4.el2
seamonkey-dom-inspector-0:1.0.9-4.el4
seamonkey-js-debugger-0:1.0.9-0.3.el3
seamonkey-js-debugger-0:1.0.9-0.4.el2
seamonkey-js-debugger-0:1.0.9-4.el4
seamonkey-mail-0:1.0.9-0.3.el3
seamonkey-mail-0:1.0.9-0.4.el2
seamonkey-mail-0:1.0.9-4.el4
seamonkey-nspr-0:1.0.9-0.3.el3
seamonkey-nspr-0:1.0.9-0.4.el2
seamonkey-nspr-devel-0:1.0.9-0.3.el3
seamonkey-nspr-devel-0:1.0.9-0.4.el2
seamonkey-nss-0:1.0.9-0.3.el3
seamonkey-nss-0:1.0.9-0.4.el2
seamonkey-nss-devel-0:1.0.9-0.3.el3
seamonkey-nss-devel-0:1.0.9-0.4.el2
thunderbird-0:1.5.0.12-0.3.el4
thunderbird-0:1.5.0.12-3.el5
thunderbird-debuginfo-0:1.5.0.12-0.3.el4
thunderbird-debuginfo-0:1.5.0.12-3.el5
firefox-0:1.5.0.12-0.3.el4
firefox-0:1.5.0.12-3.el5
firefox-debuginfo-0:1.5.0.12-0.3.el4
firefox-debuginfo-0:1.5.0.12-3.el5

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 24946 CVE(CAN) ID: CVE-2007-3734,CVE-2007-3735,CVE-2007-3736,CVE-2007-3737,CVE-2007-3738 Mozilla Firefox是一款流行的开源WEB浏览器。 Firefox的浏览器引擎和JavaScript引擎中存在多个内存破坏漏洞，可能允许攻击者导致浏览器崩溃。 addEventListener和setTimeout方式中的漏洞可能允许攻击者破坏浏览器的同源策略向其他站点注入脚本，访问或修改该站点的保密或敏感数据。攻击者可以使用文档外的元素调用事件处理器，这可能导致以chrome权限执行任意代码。攻击者可以修改XPCNativeWrapper，导致浏览器之后的访问会执行用户所提供的代码。 Mozilla Firefox < 2.0.0.5 Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href="ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/2.0.0.5" target="_blank">ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/2.0.0.5</a>
id	SSV:2020
last seen	2017-11-19
modified	2007-07-19
published	2007-07-19
reporter	Root
title	Mozilla Firefox 2.0.0.4多个远程安全漏洞

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

Seebug

References