Vulnerabilities > CVE-2007-3844 - Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

mozilla

nessus

exploit available

NVD

Published: 2007-08-08

Updated: 2018-10-15

Summary

Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression.

Vulnerable Configurations

Part	Description	Count
Application	Mozilla Mozilla Firefox 2.0.0.5 Mozilla Seamonkey 1.1.3 Mozilla Thunderbird 2.0.0.5	3

Exploit-Db

description	Mozilla Firefox/Thunderbird/SeaMonkey Chrome-Loaded About:Blank Script Execution Vulnerability. CVE-2007-3844. Remote exploit for linux platform
id	EDB-ID:30439
last seen	2016-02-03
modified	2007-07-31
published	2007-07-31
reporter	moz_bug_r_a4
source	https://www.exploit-db.com/download/30439/
title	Mozilla Firefox/Thunderbird/SeaMonkey Chrome-Loaded About:Blank Script Execution Vulnerability

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1345.NASL
description	Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3844
last seen	2020-06-01
modified	2020-06-02
plugin id	25853
published	2007-08-13
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/25853
title	Debian DSA-1345-1 : xulrunner - several vulnerabilities
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1345. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(25853); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:32:20"); script_cve_id("CVE-2007-3844", "CVE-2007-3845"); script_xref(name:"DSA", value:"1345"); script_name(english:"Debian DSA-1345-1 : xulrunner - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3844 'moz_bug_r_a4' discovered that a regression in the handling of'about:blank' windows used by addons may lead to an attacker being able to modify the content of websites. - CVE-2007-3845 Jesper Johansson discovered that missing sanitising of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page. The oldstable distribution (sarge) doesn't include xulrunner." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-3844" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-3845" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2007/dsa-1345" ); script_set_attribute( attribute:"solution", value: "Upgrade the xulrunner packages. For the stable distribution (etch) these problems have been fixed in version 1.8.0.13~pre070720-0etch3." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xulrunner"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2007/08/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/08/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"libmozillainterfaces-java", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libmozjs-dev", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libmozjs0d", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libmozjs0d-dbg", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libnspr4-0d", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libnspr4-0d-dbg", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libnspr4-dev", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libnss3-0d", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libnss3-0d-dbg", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libnss3-dev", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libnss3-tools", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libsmjs-dev", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libsmjs1", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libxul-common", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libxul-dev", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libxul0d", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"libxul0d-dbg", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"python-xpcom", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"spidermonkey-bin", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"xulrunner", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (deb_check(release:"4.0", prefix:"xulrunner-gnome-support", reference:"1.8.0.13~pre070720-0etch3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2007-0981.NASL
description	Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way in which Thunderbird processed certain malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Thunderbird displayed malformed HTML mail content. An HTML mail message containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Thunderbird sftp protocol handler. A malicious HTML mail message could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Thunderbird generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	27542
published	2007-10-25
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/27542
title	CentOS 4 / 5 : thunderbird (CESA-2007:0981)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0981 and # CentOS Errata and Security Advisory 2007:0981 respectively. # include("compat.inc"); if (description) { script_id(27542); script_version("1.20"); script_cvs_date("Date: 2019/10/25 13:36:04"); script_cve_id("CVE-2007-1095", "CVE-2007-2292", "CVE-2007-3511", "CVE-2007-3844", "CVE-2007-5334", "CVE-2007-5337", "CVE-2007-5338", "CVE-2007-5339", "CVE-2007-5340"); script_bugtraq_id(22688, 23668, 24725, 25142, 26132); script_xref(name:"RHSA", value:"2007:0981"); script_name(english:"CentOS 4 / 5 : thunderbird (CESA-2007:0981)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way in which Thunderbird processed certain malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Thunderbird displayed malformed HTML mail content. An HTML mail message containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Thunderbird sftp protocol handler. A malicious HTML mail message could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Thunderbird generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues." ); # https://lists.centos.org/pipermail/centos-announce/2007-October/014307.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?089f3780" ); # https://lists.centos.org/pipermail/centos-announce/2007-October/014308.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?315f5abd" ); # https://lists.centos.org/pipermail/centos-announce/2007-October/014314.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ac983987" ); # https://lists.centos.org/pipermail/centos-announce/2007-October/014315.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?04eabe0f" ); # https://lists.centos.org/pipermail/centos-announce/2007-October/014319.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?92aa20fb" ); script_set_attribute( attribute:"solution", value:"Update the affected thunderbird package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(16, 20, 200); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:thunderbird"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/02/26"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) \|\| "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(4\|5)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x / 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-4", reference:"thunderbird-1.5.0.12-0.5.el4.centos")) flag++; if (rpm_check(release:"CentOS-5", reference:"thunderbird-1.5.0.12-5.el5.centos")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird"); }

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20071019_FIREFOX_ON_SL5_X.NASL
description	Several flaws were found in the way in which Firefox processed certain malformed web content. A web page containing malicious content could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Firefox displayed malformed web content. A web page containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Firefox sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Firefox generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292)
last seen	2020-06-01
modified	2020-06-02
plugin id	60268
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60268
title	Scientific Linux Security Update : firefox on SL5.x, SL4.x, SL3.x i386/x86_64

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20071019_THUNDERBIRD_ON_SL5_X.NASL
description	Several flaws were found in the way in which Thunderbird processed certain malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Thunderbird displayed malformed HTML mail content. An HTML mail message containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Thunderbird sftp protocol handler. A malicious HTML mail message could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Thunderbird generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292)
last seen	2020-06-01
modified	2020-06-02
plugin id	60270
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60270
title	Scientific Linux Security Update : thunderbird on SL5.x, SL4.x, SL3.x i386/x86_64

NASL family	Windows
NASL id	SEAMONKEY_114.NASL
description	The installed version of SeaMonkey allows unescaped URIs to be passed to external programs, which could lead to execution of arbitrary code on the affected host subject to the user
last seen	2020-06-01
modified	2020-06-02
plugin id	25842
published	2007-08-04
reporter	This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/25842
title	SeaMonkey < 1.1.4 Multiple Vulnerabilities

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2007-0980.NASL
description	Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way in which SeaMonkey processed certain malformed web content. A web page containing malicious content could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which SeaMonkey displayed malformed web content. A web page containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the SeaMonkey sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which SeaMonkey generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	27569
published	2007-10-25
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/27569
title	RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2007:0980)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SEAMONKEY-4596.NASL
description	This update fixes several security issues in Mozilla SeaMonkey 1.0.9. Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher moz_bug_r_a4 reported that a flaw was introduced by the fix for MFSA 2007-20 that could enable privilege escalation attacks against addons that create
last seen	2020-06-01
modified	2020-06-02
plugin id	27581
published	2007-10-26
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/27581
title	openSUSE 10 Security Update : seamonkey (seamonkey-4596)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2007-0979.NASL
description	Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way in which Firefox processed certain malformed web content. A web page containing malicious content could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Firefox displayed malformed web content. A web page containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Firefox sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Firefox generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) All users of Firefox are advised to upgrade to these updated packages, which contain backported patches that correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	27540
published	2007-10-25
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/27540
title	CentOS 4 / 5 : firefox (CESA-2007:0979)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-3431.NASL
description	Updated thunderbird packages that fix several security bugs are now available for Fedora Core 7. This update has been rated as having moderate security impact by the Fedora Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way in which Thunderbird processed certain malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Thunderbird displayed malformed HTML mail content. An HTML mail message containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Thunderbird sftp protocol handler. A malicious HTML mail message could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Thunderbird generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	28231
published	2007-11-16
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/28231
title	Fedora 7 : thunderbird-2.0.0.9-1.fc7 (2007-3431)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2007-0981.NASL
description	From Red Hat Security Advisory 2007:0981 : Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way in which Thunderbird processed certain malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Thunderbird displayed malformed HTML mail content. An HTML mail message containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Thunderbird sftp protocol handler. A malicious HTML mail message could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Thunderbird generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	67593
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67593
title	Oracle Linux 4 : thunderbird (ELSA-2007-0981)

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2007-152.NASL
description	A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.6. This update provides the latest Firefox to correct these issues. As well, it provides Firefox 2.0.0.6 for older products.
last seen	2020-06-01
modified	2020-06-02
plugin id	25836
published	2007-08-02
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/25836
title	Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2007:152)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2007-0981.NASL
description	Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way in which Thunderbird processed certain malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Thunderbird displayed malformed HTML mail content. An HTML mail message containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Thunderbird sftp protocol handler. A malicious HTML mail message could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Thunderbird generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	27570
published	2007-10-25
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/27570
title	RHEL 4 / 5 : thunderbird (RHSA-2007:0981)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2007-0980.NASL
description	From Red Hat Security Advisory 2007:0980 : Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way in which SeaMonkey processed certain malformed web content. A web page containing malicious content could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which SeaMonkey displayed malformed web content. A web page containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the SeaMonkey sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which SeaMonkey generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	67592
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67592
title	Oracle Linux 3 / 4 : seamonkey (ELSA-2007-0980)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2008-047.NASL
description	A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.9. This update provides the latest Thunderbird to correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	37880
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/37880
title	Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2008:047)

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2007-213-01.NASL
description	New mozilla-firefox packages are available for Slackware 11.0 and 12.0 to fix security issues. Note that Firefox 1.5.x has reached its EOL (end of life) and is no longer being updated by mozilla.com. Users of Firefox 1.5.x are encouraged to upgrade to Firefox 2.x. Since we use the official Firefox binaries, these packages should work equally well on earlier Slackware systems.
last seen	2020-06-01
modified	2020-06-02
plugin id	25831
published	2007-08-02
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/25831
title	Slackware 11.0 / 12.0 : firefox (SSA:2007-213-01)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-2601.NASL
description	SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. By leveraging browser flaws, users could be fooled into possibly surrendering sensitive information (CVE-2007-1095, CVE-2007-3511, CVE-2007-3844, CVE-2007-5334). Malformed web content could result in the execution of arbitrary commands (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340). Digest Authentication requests can be used to conduct a response splitting attack (CVE-2007-2292). The sftp protocol handler could be used to view the contents of arbitrary local files (CVE-2007-5337). Users of SeaMonkey are advised to upgrade to these erratum packages, which contain patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	27780
published	2007-11-06
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/27780
title	Fedora 7 : seamonkey-1.1.5-1.fc7 (2007-2601)

NASL family	SuSE Local Security Checks
NASL id	SUSE_MOZILLAFIREFOX-4572.NASL
description	This update brings Mozilla Firefox to security update version 2.0.0.8 Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher moz_bug_r_a4 reported that a flaw was introduced by the fix for MFSA 2007-20 that could enable privilege escalation attacks against addons that create
last seen	2020-06-01
modified	2020-06-02
plugin id	27528
published	2007-10-24
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/27528
title	openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-4572)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200708-09.NASL
description	The remote host is affected by the vulnerability described in GLSA-200708-09 (Mozilla products: Multiple vulnerabilities) Mozilla developers fixed several bugs, including an issue with modifying XPCNativeWrappers (CVE-2007-3738), a problem with event handlers executing elements outside of the document (CVE-2007-3737), and a cross-site scripting (XSS) vulnerability (CVE-2007-3736). They also fixed a problem with promiscuous IFRAME access (CVE-2007-3089) and an XULRunner URL spoofing issue with the wyciwyg:// URI and HTTP 302 redirects (CVE-2007-3656). Denials of Service involving corrupted memory were fixed in the browser engine (CVE-2007-3734) and the JavaScript engine (CVE-2007-3735). Finally, another XSS vulnerability caused by a regression in the CVE-2007-3089 patch was fixed (CVE-2007-3844). Impact : A remote attacker could entice a user to view a specially crafted web page that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code or a Denial of Service. It is also possible for an attacker to perform cross-site scripting attacks, which could result in the exposure of sensitive information such as login credentials. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	25888
published	2007-08-15
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/25888
title	GLSA-200708-09 : Mozilla products: Multiple vulnerabilities

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-503-1.NASL
description	Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious email, an attacker could execute arbitrary code with the user
last seen	2020-06-01
modified	2020-06-02
plugin id	28107
published	2007-11-10
reporter	Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/28107
title	Ubuntu 6.06 LTS / 6.10 / 7.04 : mozilla-thunderbird vulnerabilities (USN-503-1)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20071019_SEAMONKEY_ON_SL4_X.NASL
description	Several flaws were found in the way in which SeaMonkey processed certain malformed web content. A web page containing malicious content could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which SeaMonkey displayed malformed web content. A web page containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the SeaMonkey sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which SeaMonkey generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292)
last seen	2020-06-01
modified	2020-06-02
plugin id	60269
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60269
title	Scientific Linux Security Update : seamonkey on SL4.x, SL3.x i386/x86_64

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1344.NASL
description	Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3844
last seen	2020-06-01
modified	2020-06-02
plugin id	25852
published	2007-08-13
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/25852
title	Debian DSA-1344-1 : iceweasel - several vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	SUSE_SEAMONKEY-4594.NASL
description	This update fixes several security issues in Mozilla SeaMonkey 1.1.5. Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher moz_bug_r_a4 reported that a flaw was introduced by the fix for MFSA 2007-20 that could enable privilege escalation attacks against addons that create
last seen	2020-06-01
modified	2020-06-02
plugin id	27573
published	2007-10-25
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/27573
title	openSUSE 10 Security Update : seamonkey (seamonkey-4594)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2007-0980.NASL
description	Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way in which SeaMonkey processed certain malformed web content. A web page containing malicious content could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which SeaMonkey displayed malformed web content. A web page containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the SeaMonkey sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which SeaMonkey generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	27541
published	2007-10-25
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/27541
title	CentOS 3 / 4 : seamonkey (CESA-2007:0980)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-3414.NASL
description	Updated thunderbird packages that fix several security bugs are now available for Fedora Core 8. This update has been rated as having moderate security impact by the Fedora Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way in which Thunderbird processed certain malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Thunderbird displayed malformed HTML mail content. An HTML mail message containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Thunderbird sftp protocol handler. A malicious HTML mail message could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Thunderbird generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	28230
published	2007-11-16
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/28230
title	Fedora 8 : thunderbird-2.0.0.9-1.fc8 (2007-3414)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1391.NASL
description	Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3734 Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul Nickerson and Vladimir Sukhoy discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2007-3735 Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. - CVE-2007-3844
last seen	2020-06-01
modified	2020-06-02
plugin id	27546
published	2007-10-25
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/27546
title	Debian DSA-1391-1 : icedove - several vulnerabilities

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1346.NASL
description	Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the SeaMonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3844
last seen	2020-06-01
modified	2020-06-02
plugin id	25854
published	2007-08-13
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/25854
title	Debian DSA-1346-1 : iceape - several vulnerabilities

NASL family	Windows
NASL id	MOZILLA_THUNDERBIRD_2006.NASL
description	The installed version of Mozilla Thunderbird allows unescaped URIs to be passed to external programs, which could lead to execution of arbitrary code, as well as privilege escalation attacks against addons that create
last seen	2020-06-01
modified	2020-06-02
plugin id	25837
published	2007-08-02
reporter	This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/25837
title	Mozilla Thunderbird < 1.5.0.13 / 2.0.0.6 Multiple Vulnerabilities

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-493-1.NASL
description	A flaw was discovered in handling of
last seen	2020-06-01
modified	2020-06-02
plugin id	28095
published	2007-11-10
reporter	Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/28095
title	Ubuntu 6.06 LTS / 6.10 / 7.04 : firefox vulnerabilities (USN-493-1)

NASL family	Windows
NASL id	MOZILLA_FIREFOX_2006.NASL
description	The installed version of Firefox allows unescaped URIs to be passed to external programs, which could lead to execution of arbitrary code on the affected host subject to the user
last seen	2020-06-01
modified	2020-06-02
plugin id	25820
published	2007-07-31
reporter	This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/25820
title	Firefox < 2.0.0.6 Multiple Vulnerabilities

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2007-0979.NASL
description	Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way in which Firefox processed certain malformed web content. A web page containing malicious content could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Firefox displayed malformed web content. A web page containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Firefox sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Firefox generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) All users of Firefox are advised to upgrade to these updated packages, which contain backported patches that correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	27568
published	2007-10-25
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/27568
title	RHEL 4 / 5 : firefox (RHSA-2007:0979)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_E24797AF803D11DCB787003048705D5A.NASL
description	RedHat reports : Several flaws were found in the way in which Firefox displayed malformed web content. A web page containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334)
last seen	2020-06-01
modified	2020-06-02
plugin id	27552
published	2007-10-25
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/27552
title	FreeBSD : firefox -- OnUnload Javascript browser entrapment vulnerability (e24797af-803d-11dc-b787-003048705d5a)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-2795.NASL
description	SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. By leveraging browser flaws, users could be fooled into possibly surrendering sensitive information (CVE-2007-1095, CVE-2007-3511, CVE-2007-3844, CVE-2007-5334). Malformed web content could result in the execution of arbitrary commands (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340). Digest Authentication requests can be used to conduct a response splitting attack (CVE-2007-2292). The sftp protocol handler could be used to view the contents of arbitrary local files (CVE-2007-5337). Users of SeaMonkey are advised to upgrade to these erratum packages, which contain patches that correct these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	27805
published	2007-11-07
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/27805
title	Fedora 8 : seamonkey-1.1.5-2.fc8 (2007-2795)

NASL family	SuSE Local Security Checks
NASL id	SUSE_MOZILLAFIREFOX-4570.NASL
description	This update brings Mozilla Firefox to security update version 2.0.0.8 Following security problems were fixed : - Privilege escalation through chrome-loaded about:blank windows. (MFSA 2007-26 / CVE-2007-3844) Mozilla researcher moz_bug_r_a4 reported that a flaw was introduced by the fix for MFSA 2007-20 that could enable privilege escalation attacks against addons that create
last seen	2020-06-01
modified	2020-06-02
plugin id	29362
published	2007-12-13
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/29362
title	SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 4570)

NASL family	SuSE Local Security Checks
NASL id	SUSE_MOZILLAFIREFOX-4574.NASL
description	This update brings Mozilla Firefox to security update version 2.0.0.8 Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher moz_bug_r_a4 reported that a flaw was introduced by the fix for MFSA 2007-20 that could enable privilege escalation attacks against addons that create
last seen	2020-06-01
modified	2020-06-02
plugin id	27529
published	2007-10-24
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/27529
title	openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-4574)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2007-0979.NASL
description	From Red Hat Security Advisory 2007:0979 : Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way in which Firefox processed certain malformed web content. A web page containing malicious content could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Firefox displayed malformed web content. A web page containing specially crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Firefox sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Firefox generates a digest authentication request. If a user opened a specially crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) All users of Firefox are advised to upgrade to these updated packages, which contain backported patches that correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	67591
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67591
title	Oracle Linux 4 / 5 : firefox (ELSA-2007-0979)

Oval

accepted

2013-04-29T04:19:45.581-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:9493

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

: this issue is caused by a CVE-2007-3089 regression.

version

Redhat

advisories

rhsa
id RHSA-2007:0979
rhsa
id RHSA-2007:0980
rhsa
id RHSA-2007:0981

rpms

firefox-0:1.5.0.12-0.7.el4
firefox-0:1.5.0.12-6.el5
firefox-debuginfo-0:1.5.0.12-0.7.el4
firefox-debuginfo-0:1.5.0.12-6.el5
seamonkey-0:1.0.9-0.5.el3
seamonkey-0:1.0.9-0.6.el2
seamonkey-0:1.0.9-6.el4
seamonkey-chat-0:1.0.9-0.5.el3
seamonkey-chat-0:1.0.9-0.6.el2
seamonkey-chat-0:1.0.9-6.el4
seamonkey-debuginfo-0:1.0.9-0.5.el3
seamonkey-debuginfo-0:1.0.9-6.el4
seamonkey-devel-0:1.0.9-0.5.el3
seamonkey-devel-0:1.0.9-0.6.el2
seamonkey-devel-0:1.0.9-6.el4
seamonkey-dom-inspector-0:1.0.9-0.5.el3
seamonkey-dom-inspector-0:1.0.9-0.6.el2
seamonkey-dom-inspector-0:1.0.9-6.el4
seamonkey-js-debugger-0:1.0.9-0.5.el3
seamonkey-js-debugger-0:1.0.9-0.6.el2
seamonkey-js-debugger-0:1.0.9-6.el4
seamonkey-mail-0:1.0.9-0.5.el3
seamonkey-mail-0:1.0.9-0.6.el2
seamonkey-mail-0:1.0.9-6.el4
seamonkey-nspr-0:1.0.9-0.5.el3
seamonkey-nspr-0:1.0.9-0.6.el2
seamonkey-nspr-devel-0:1.0.9-0.5.el3
seamonkey-nspr-devel-0:1.0.9-0.6.el2
seamonkey-nss-0:1.0.9-0.5.el3
seamonkey-nss-0:1.0.9-0.6.el2
seamonkey-nss-devel-0:1.0.9-0.5.el3
seamonkey-nss-devel-0:1.0.9-0.6.el2
thunderbird-0:1.5.0.12-0.5.el4
thunderbird-0:1.5.0.12-5.el5
thunderbird-debuginfo-0:1.5.0.12-0.5.el4
thunderbird-debuginfo-0:1.5.0.12-5.el5

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 25142 CVE(CAN) ID: CVE-2007-3844 Firefox/Thunderbird/SeaMonkey是Mozilla所发布的WEB浏览器和邮件/新闻组客户端。 Firefox/Thunderbird/SeaMonkey在处理about:blank页面时存在漏洞，远程攻击者可能利用此漏洞在用户系统上执行任意命令。 window.open("about:blank"); content.location = "about:blank"; chrome通过以上方式所加载的about:blank拥有chrome权限。假设某一扩展从内容中收集URL，加载了about:blank（window.open("about:blank")或content.location = "about:blank"），然后通过URL生成链接并注入到about:blank文档中，则如果用户点击了所生成页面中的JavaScript:链接的话，就会以chrome权限运行脚本。 Mozilla Firefox 2.0.0.5 Mozilla Thunderbird 2.0.0.5 Mozilla SeaMonkey 1.1.3 Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href="http://www.mozilla.com/en-US/firefox/" target="_blank">http://www.mozilla.com/en-US/firefox/</a> <a href="http://www.mozilla.com/en-US/thunderbird/" target="_blank">http://www.mozilla.com/en-US/thunderbird/</a> <a href="http://www.mozilla.org/projects/seamonkey/" target="_blank">http://www.mozilla.org/projects/seamonkey/</a>
id	SSV:2069
last seen	2017-11-19
modified	2007-08-07
published	2007-08-07
reporter	Root
title	Firefox/Thunderbird/SeaMonkey Chrome加载about:blank窗口权限提升漏洞

Statements

contributor	Mark J Cox
lastmodified	2007-08-17
organization	Red Hat
statement	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250648 The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw.

Summary

Vulnerable Configurations

Exploit-Db

Nessus

Oval

Redhat

Seebug

Statements

References