Vulnerabilities > CVE-2008-5016 - Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-5826.NASL description This update brings the Mozilla Firefox browser to version 2.0.0.18. It fixes following security issues : - The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. (CVE-2008-0017 / MFSA 2008-54) - Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. (CVE-2008-5012 / MFSA 2008-48) - Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that last seen 2020-06-01 modified 2020-06-02 plugin id 41465 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/41465 title SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5826) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0977.NASL description From Red Hat Security Advisory 2008:0977 : Updated SeaMonkey packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-0017, CVE-2008-5013, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021) Several flaws were found in the way malformed content was processed. A web site containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-5012, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024) All SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67765 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67765 title Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0977) NASL family SuSE Local Security Checks NASL id SUSE_SEAMONKEY-5815.NASL description This update brings the Mozilla SeaMonkey browser to version 1.1.13. It fixes following security issues : CVE-2008-0017 / MFSA 2008-54 : The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. CVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. CVE-2008-5013 / MFSA 2008-49 : Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that last seen 2020-06-01 modified 2020-06-02 plugin id 34961 published 2008-11-25 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34961 title openSUSE 10 Security Update : seamonkey (seamonkey-5815) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLATHUNDERBIRD-5825.NASL description This update brings the Mozilla Thunderbird E-Mail program to version 2.0.0.18. It fixes following security problems : CVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. CVE-2008-5014 / MFSA 2008-50 jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function. CVE-2008-5016 / MFSA 2008-52 : The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences. CVE-2008-5017 / MFSA 2008-52: Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors. CVE-2008-5018 / MFSA 2008-52: The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to last seen 2020-06-01 modified 2020-06-02 plugin id 34958 published 2008-11-25 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34958 title openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-5825) NASL family SuSE Local Security Checks NASL id SUSE_11_0_SEAMONKEY-081122.NASL description This update brings the Mozilla SeaMonkey browser to version 1.1.13. It fixes following security issues : CVE-2008-0017 / MFSA 2008-54 : The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. CVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. CVE-2008-5013 / MFSA 2008-49 : Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that last seen 2020-06-01 modified 2020-06-02 plugin id 40131 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40131 title openSUSE Security Update : seamonkey (seamonkey-326) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-5812.NASL description This update brings the Mozilla Firefox browser to version 2.0.0.18. It fixes following security issues : CVE-2008-0017 / MFSA 2008-54 : The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. CVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. CVE-2008-5013 / MFSA 2008-49 : Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that last seen 2020-06-01 modified 2020-06-02 plugin id 34957 published 2008-11-25 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34957 title openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-5812) NASL family Scientific Linux Local Security Checks NASL id SL_20081112_FIREFOX_ON_SL4_X.NASL description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-0017, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021) Several flaws were found in the way malformed content was processed. A web site containing specially crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-5022, CVE-2008-5023, CVE-2008-5024) A flaw was found in the way Firefox opened last seen 2020-06-01 modified 2020-06-02 plugin id 60494 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60494 title Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0976.NASL description From Red Hat Security Advisory 2008:0976 : Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5021) Several flaws were found in the way malformed HTML mail content was processed. An HTML mail message containing specially crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2008-5012, CVE-2008-5022, CVE-2008-5024) All Thunderbird users should upgrade to these updated packages, which resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67764 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67764 title Oracle Linux 4 : thunderbird (ELSA-2008-0976) NASL family Windows NASL id SEAMONKEY_1113.NASL description The installed version of SeaMonkey is earlier than 1.1.13. Such versions are potentially affected by the following security issues : - Locally saved last seen 2020-06-01 modified 2020-06-02 plugin id 34768 published 2008-11-13 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34768 title SeaMonkey < 1.1.13 Multiple Vulnerabilities NASL family Scientific Linux Local Security Checks NASL id SL_20081112_SEAMONKEY_ON_SL3_X.NASL description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-0017, CVE-2008-5013, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021) Several flaws were found in the way malformed content was processed. A web site containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-5012, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024) last seen 2020-06-01 modified 2020-06-02 plugin id 60495 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60495 title Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0977.NASL description Updated SeaMonkey packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-0017, CVE-2008-5013, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021) Several flaws were found in the way malformed content was processed. A web site containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-5012, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024) All SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34763 published 2008-11-13 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34763 title RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0977) NASL family Fedora Local Security Checks NASL id FEDORA_2008-9667.NASL description Updated firefox and xulrunner packages that fix various security issues are now available for Fedora Core 8. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-0017, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-5022, CVE-2008-5023, CVE-2008-5024) A flaw was found in the way Firefox opened last seen 2020-06-01 modified 2020-06-02 plugin id 34777 published 2008-11-16 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34777 title Fedora 8 : Miro-1.2.7-2.fc8 / blam-1.8.3-19.fc8 / cairo-dock-1.6.3.1-1.fc8.1 / chmsee-1.0.0-5.31.fc8 / etc (2008-9667) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_F29FEA8FB19F11DDA55E00163E000016.NASL description The Mozilla Foundation reports : MFSA 2008-58 Parsing error in E4X default namespace MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation MFSA 2008-55 Crash and remote code execution in nsFrameManager MFSA 2008-54 Buffer overflow in http-index-format parser MFSA 2008-53 XSS and JavaScript privilege escalation via session restore MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18) MFSA 2008-51 file: URIs inherit chrome privileges when opened from chrome MFSA 2008-50 Crash and remote code execution via __proto__ tampering MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading MFSA 2008-48 Image stealing via canvas and HTTP redirect MFSA 2008-47 Information stealing via local shortcut files MFSA 2008-46 Heap overflow when canceling newsgroup message MFSA 2008-44 resource: traversal vulnerabilities MFSA 2008-43 BOM characters stripped from JavaScript before execution MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17) MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation MFSA 2008-37 UTF-8 URL stack-based buffer overflow last seen 2020-06-01 modified 2020-06-02 plugin id 34771 published 2008-11-14 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34771 title FreeBSD : mozilla -- multiple vulnerabilities (f29fea8f-b19f-11dd-a55e-00163e000016) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0976.NASL description Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5021) Several flaws were found in the way malformed HTML mail content was processed. An HTML mail message containing specially crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2008-5012, CVE-2008-5022, CVE-2008-5024) All Thunderbird users should upgrade to these updated packages, which resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43714 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43714 title CentOS 4 / 5 : thunderbird (CESA-2008:0976) NASL family SuSE Local Security Checks NASL id SUSE_11_0_MOZILLAFIREFOX-081124.NASL description This update brings the Mozilla Firefox browser to version 3.0.4. It fixes following security issues : CVE-2008-0017 / MFSA 2008-54 : The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. CVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. CVE-2008-5013 / MFSA 2008-49 : Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that last seen 2020-06-01 modified 2020-06-02 plugin id 39884 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39884 title openSUSE Security Update : MozillaFirefox (MozillaFirefox-334) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-5786.NASL description This update brings the Mozilla Firefox browser to version 2.0.0.18. It fixes following security issues : - The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. (CVE-2008-0017 / MFSA 2008-54) - Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. (CVE-2008-5012 / MFSA 2008-48) - Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that last seen 2020-06-01 modified 2020-06-02 plugin id 34941 published 2008-11-24 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34941 title SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5786) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0978.NASL description An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-0017, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021) Several flaws were found in the way malformed content was processed. A web site containing specially crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-5022, CVE-2008-5023, CVE-2008-5024) A flaw was found in the way Firefox opened last seen 2020-06-01 modified 2020-06-02 plugin id 43715 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43715 title CentOS 4 / 5 : firefox (CESA-2008:0978) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-230.NASL description Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 3.x, version 3.0.4 (CVE-2008-0017, CVE-2008-5014, CVE-2008-5015, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024). This update provides the latest Mozilla Firefox 3.x to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37572 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37572 title Mandriva Linux Security Advisory : firefox (MDVSA-2008:230) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-235.NASL description A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.18 (CVE-2008-5012, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5021, CVE-2008-5022, CVE-2008-5024, CVE-2008-5052). This update provides the latest Thunderbird to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37099 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37099 title Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2008:235) NASL family Windows NASL id MOZILLA_FIREFOX_304.NASL description The installed version of Firefox 3.0 is earlier than 3.0.4. Such versions are potentially affected by the following security issues : - Locally saved last seen 2020-06-01 modified 2020-06-02 plugin id 34767 published 2008-11-13 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34767 title Firefox 3.0.x < 3.0.4 Multiple Vulnerabilities NASL family Windows NASL id MOZILLA_THUNDERBIRD_20018.NASL description The installed version of Thunderbird is earlier than 2.0.0.18. Such versions are potentially affected by the following security issues : - The canvas element can be used in conjunction with an HTTP redirect to bypass same-origin restrictions and gain access to the content in arbitrary images from other domains. (MFSA 2008-48) - By tampering with the window.__proto__.__proto__ object, one can cause the browser to place a lock on a non- native object, leading to a crash and possible code execution. (MFSA 2008-50) - There are several stability bugs in the browser engine that could lead to crashes with evidence of memory corruption. (MFSA 2008-52) - Crashes and remote code execution in nsFrameManager are possible by modifying certain properties of a file input element before it has finished initializing. (MFSA 2008-55) - The same-origin check in last seen 2020-06-01 modified 2020-06-02 plugin id 34819 published 2008-11-20 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34819 title Mozilla Thunderbird < 2.0.0.18 Multiple Vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0978.NASL description From Red Hat Security Advisory 2008:0978 : An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-0017, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021) Several flaws were found in the way malformed content was processed. A web site containing specially crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-5022, CVE-2008-5023, CVE-2008-5024) A flaw was found in the way Firefox opened last seen 2020-06-01 modified 2020-06-02 plugin id 67766 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67766 title Oracle Linux 5 : firefox (ELSA-2008-0978) NASL family SuSE Local Security Checks NASL id SUSE_11_0_MOZILLA-XULRUNNER181-081122.NASL description This update backports security fixes to the Mozilla XULRunner engine. It fixes following security issues : CVE-2008-0017 / MFSA 2008-54: The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. CVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. CVE-2008-5013 / MFSA 2008-49: Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that last seen 2020-06-01 modified 2020-06-02 plugin id 40072 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40072 title openSUSE Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-329) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0978.NASL description An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-0017, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021) Several flaws were found in the way malformed content was processed. A web site containing specially crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-5022, CVE-2008-5023, CVE-2008-5024) A flaw was found in the way Firefox opened last seen 2020-06-01 modified 2020-06-02 plugin id 34764 published 2008-11-13 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34764 title RHEL 4 / 5 : firefox (RHSA-2008:0978) NASL family SuSE Local Security Checks NASL id SUSE_GECKO-SDK-5813.NASL description This update backports the latest security fixes to the Mozilla XULRunner engine. It fixes following security issues : - The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. (CVE-2008-0017 / MFSA 2008-54) - Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. (CVE-2008-5012 / MFSA 2008-48) - Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that last seen 2020-06-01 modified 2020-06-02 plugin id 41511 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/41511 title SuSE 10 Security Update : gecko-sdk and mozilla-xulrunner (ZYPP Patch Number 5813) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLA-XULRUNNER181-5820.NASL description This update backports security fixes to the Mozilla XULRunner engine. It fixes following security issues : CVE-2008-0017 / MFSA 2008-54: The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. CVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. CVE-2008-5013 / MFSA 2008-49: Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that last seen 2020-06-01 modified 2020-06-02 plugin id 34960 published 2008-11-25 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34960 title openSUSE 10 Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-5820) NASL family Windows NASL id MOZILLA_FIREFOX_20018.NASL description The installed version of Firefox is earlier than 2.0.0.18. Such versions are potentially affected by the following security issues : - Locally saved last seen 2020-06-01 modified 2020-06-02 plugin id 34766 published 2008-11-13 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34766 title Firefox < 2.0.0.18 Multiple Vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2008-9901.NASL description This update update upgrades thunderbird packages to upstream version 2.0.0.18, which fixes multiple security issues detailed in upstream security advisories: http://www.mozilla.org/security/known- vulnerabilities/thunderbird20.html#thunderbird2.0.0.18 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37735 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37735 title Fedora 10 : thunderbird-2.0.0.18-1.fc10 (2008-9901) NASL family Fedora Local Security Checks NASL id FEDORA_2008-9669.NASL description Updated firefox and xulrunner packages that fix various security issues are now available for Fedora Core 9. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-0017, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-5022, CVE-2008-5023, CVE-2008-5024) A flaw was found in the way Firefox opened last seen 2020-06-01 modified 2020-06-02 plugin id 34778 published 2008-11-16 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34778 title Fedora 9 : Miro-1.2.7-2.fc9 / cairo-dock-1.6.3.1-1.fc9.1 / chmsee-1.0.1-6.fc9 / devhelp-0.19.1-6.fc9 / etc (2008-9669) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201301-01.NASL description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 63402 published 2013-01-08 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63402 title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0976.NASL description Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5021) Several flaws were found in the way malformed HTML mail content was processed. An HTML mail message containing specially crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2008-5012, CVE-2008-5022, CVE-2008-5024) All Thunderbird users should upgrade to these updated packages, which resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34842 published 2008-11-21 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34842 title RHEL 4 / 5 : thunderbird (RHSA-2008:0976) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0977.NASL description Updated SeaMonkey packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-0017, CVE-2008-5013, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021) Several flaws were found in the way malformed content was processed. A web site containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-5012, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024) All SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36485 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36485 title CentOS 3 / 4 : seamonkey (CESA-2008:0977) NASL family Fedora Local Security Checks NASL id FEDORA_2008-9807.NASL description This update update upgrades thunderbird packages to upstream version 2.0.0.18, which fixes multiple security issues detailed in upstream security advisories: http://www.mozilla.org/security/known- vulnerabilities/thunderbird20.html#thunderbird2.0.0.17 http://www.mozilla.org/security/known- vulnerabilities/thunderbird20.html#thunderbird2.0.0.18 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34836 published 2008-11-21 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34836 title Fedora 8 : thunderbird-2.0.0.18-1.fc8 (2008-9807) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-667-1.NASL description Liu Die Yu discovered an information disclosure vulnerability in Firefox when using saved .url shortcut files. If a user were tricked into downloading a crafted .url file and a crafted HTML file, an attacker could steal information from the user last seen 2020-06-01 modified 2020-06-02 plugin id 36711 published 2009-04-23 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36711 title Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : firefox, firefox-3.0, xulrunner-1.9 vulnerabilities (USN-667-1) NASL family SuSE Local Security Checks NASL id SUSE_11_0_MOZILLATHUNDERBIRD-081124.NASL description This update brings the Mozilla Thunderbird E-Mail program to version 2.0.0.18. It fixes following security problems : CVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. CVE-2008-5014 / MFSA 2008-50 jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function. CVE-2008-5016 / MFSA 2008-52 : The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences. CVE-2008-5017 / MFSA 2008-52: Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors. CVE-2008-5018 / MFSA 2008-52: The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to last seen 2020-06-01 modified 2020-06-02 plugin id 39894 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39894 title openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-333) NASL family Scientific Linux Local Security Checks NASL id SL_20081119_THUNDERBIRD_ON_SL4_X.NASL description Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5021) Several flaws were found in the way malformed HTML mail content was processed. An HTML mail message containing specially crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2008-5012, CVE-2008-5022, CVE-2008-5024) last seen 2020-06-01 modified 2020-06-02 plugin id 60498 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60498 title Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_GECKO-SDK-5811.NASL description This update backports the latest security fixes to the Mozilla XULRunner engine. It fixes following security issues : - The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. (CVE-2008-0017 / MFSA 2008-54) - Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. (CVE-2008-5012 / MFSA 2008-48) - Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that last seen 2020-06-01 modified 2020-06-02 plugin id 34967 published 2008-11-26 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34967 title SuSE 10 Security Update : gecko-sdk and mozilla-xulrunner (ZYPP Patch Number 5811) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-668-1.NASL description Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the same-origin check in Thunderbird could be bypassed. If a user were tricked into opening a malicious website, an attacker could obtain private information from data stored in the images, or discover information about software on the user last seen 2020-06-01 modified 2020-06-02 plugin id 37649 published 2009-04-23 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37649 title Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : mozilla-thunderbird, thunderbird vulnerabilities (USN-668-1) NASL family Fedora Local Security Checks NASL id FEDORA_2008-9859.NASL description This update update upgrades thunderbird packages to upstream version 2.0.0.18, which fixes multiple security issues detailed in upstream security advisories: http://www.mozilla.org/security/known- vulnerabilities/thunderbird20.html#thunderbird2.0.0.17 http://www.mozilla.org/security/known- vulnerabilities/thunderbird20.html#thunderbird2.0.0.18 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34837 published 2008-11-21 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34837 title Fedora 9 : thunderbird-2.0.0.18-1.fc9 (2008-9859)
Oval
| accepted | 2013-04-29T04:13:29.630-04:00 | ||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||
| description | The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences. | ||||||||||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:11356 | ||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
| title | The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences. | ||||||||||||||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||
| rpms |
|
References
- http://www.mozilla.org/security/announce/2008/mfsa2008-52.html
- http://www.securityfocus.com/bid/32281
- http://secunia.com/advisories/32721
- https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html
- http://www.us-cert.gov/cas/techalerts/TA08-319A.html
- http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:235
- http://www.redhat.com/support/errata/RHSA-2008-0978.html
- http://secunia.com/advisories/32695
- http://secunia.com/advisories/32694
- http://www.redhat.com/support/errata/RHSA-2008-0977.html
- http://www.vupen.com/english/advisories/2009/0977
- http://secunia.com/advisories/34501
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
- http://www.securitytracker.com/id?1021183
- http://www.vupen.com/english/advisories/2008/3146
- http://secunia.com/advisories/32798
- http://secunia.com/advisories/32684
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:230
- http://secunia.com/advisories/32713
- http://ubuntu.com/usn/usn-667-1
- http://www.redhat.com/support/errata/RHSA-2008-0976.html
- https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html
- http://secunia.com/advisories/32778
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11356
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=439206%2C453406%2C458637%2C444864%2C452157%2C449111%2C444260%2C457375%2C433429%2C443528%2C430394