Vulnerabilities > CVE-2008-5510 - Remote vulnerability in Mozilla Firefox/Thunderbird/SeaMonkey
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines.
Vulnerable Configurations
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2008-11490.NASL description Update to new upstream release 1.1.14 fixing multiple security issues: http://www.mozilla.org/security/known- vulnerabilities/seamonkey11.html#seamonkey1.1.14 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 38006 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38006 title Fedora 10 : seamonkey-1.1.14-1.fc10 (2008-11490) NASL family SuSE Local Security Checks NASL id SUSE_11_1_SEAMONKEY-081218.NASL description The Mozilla SeaMonkey browser suite was updated to version 1.1.14. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher moz_bug_r_a4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute arbitrary JavaScript within the context of a different website. moz_bug_r_a4 also reported two vulnerabilities by which page content can pollute XPCNativeWrappers and run arbitary JavaScript with chrome priviliges. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. MFSA 2008-67 / CVE-2008-5510: Kojima Hajime reported that unlike literal null characters which were handled correctly, the escaped form last seen 2020-06-01 modified 2020-06-02 plugin id 40308 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40308 title openSUSE Security Update : seamonkey (seamonkey-380) NASL family Windows NASL id MOZILLA_THUNDERBIRD_20019.NASL description The installed version of Thunderbird is earlier than 2.0.0.19. Such versions are potentially affected by the following security issues : - There are several stability bugs in the browser engine that could lead to crashes with evidence of memory corruption. (MFSA 2008-60) - XBL bindings can be used to read data from other domains. (MFSA 2008-61) - Sensitive data could be disclosed in an XHR response when an XMLHttpRequest is made to a same-origin resource, which 302 redirects to a resource in a different domain. (MFSA 2008-64) - A website may be able to access a limited amount of data from a different domain by loading a same-domain JavaScript URL, which redirects to an off-domain target resource containing data that is not parsable as JavaScript. (MFSA 2008-65) - Errors arise when parsing URLs with leading whitespace and control characters. (MFSA 2008-66) - An escaped null byte is ignored by the CSS parser and treated as if it was not present in the CSS input string. (MFSA 2008-67) - XSS and JavaScript privilege escalation are possible. (MFSA 2008-68) last seen 2020-06-01 modified 2020-06-02 plugin id 35287 published 2009-01-02 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35287 title Mozilla Thunderbird < 2.0.0.19 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_0_MOZILLATHUNDERBIRD-090108.NASL description The Mozilla Thunderbird E-Mail client was updated to version 2.0.0.19. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher moz_bug_r_a4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute arbitrary JavaScript within the context of a different website. moz_bug_r_a4 also reported two vulnerabilities by which page content can pollute XPCNativeWrappers and run arbitary JavaScript with chrome priviliges. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. MFSA 2008-67 / CVE-2008-5510: Kojima Hajime reported that unlike literal null characters which were handled correctly, the escaped form last seen 2020-06-01 modified 2020-06-02 plugin id 39895 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39895 title openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-401) NASL family SuSE Local Security Checks NASL id SUSE9_12326.NASL description The Mozilla Browser received backports for security problems in 1.8.1.14. The following security issues were fixed : - Mozilla security researcher moz_bug_r_a4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute arbitrary JavaScript within the context of a different website. moz_bug_r_a4 also reported two vulnerabilities by which page content can pollute XPCNativeWrappers and run arbitary JavaScript with chrome priviliges. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. (MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511) - Kojima Hajime reported that unlike literal null characters which were handled correctly, the escaped form last seen 2020-06-01 modified 2020-06-02 plugin id 41265 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41265 title SuSE9 Security Update : Epiphany (YOU Patch Number 12326) NASL family Scientific Linux Local Security Checks NASL id SL_20081216_FIREFOX_ON_SL4_X.NASL description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-5506, CVE-2008-5507) A flaw was found in the way Firefox stored attributes in XML User Interface Language (XUL) elements. A website could use this flaw to track users across browser sessions, even if users did not allow the site to store cookies in the victim last seen 2020-06-01 modified 2020-06-02 plugin id 60506 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60506 title Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-690-1.NASL description Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502) It was discovered that Firefox did not properly handle persistent cookie data. If a user were tricked into opening a malicious website, an attacker could write persistent data in the user last seen 2020-06-01 modified 2020-06-02 plugin id 36262 published 2009-04-23 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36262 title Ubuntu 8.04 LTS / 8.10 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-690-1) NASL family SuSE Local Security Checks NASL id SUSE_11_0_MOZILLAFIREFOX-081218.NASL description The Mozilla Firefox browser was updated to version 3.0.5, fixing various security issues and stability problems. The following security issues were fixed : MFSA 2008-69 / CVE-2008-5513: Mozilla security researcher moz_bug_r_a4 reported vulnerabilities in the session-restore feature by which content could be injected into an incorrect document storage location, including storage locations for other domains. An attacker could utilize these issues to violate the browser last seen 2020-06-01 modified 2020-06-02 plugin id 39885 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39885 title openSUSE Security Update : MozillaFirefox (MozillaFirefox-381) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-717-3.NASL description Kojima Hajime discovered that Firefox did not properly handle an escaped null character. An attacker may be able to exploit this flaw to bypass script sanitization. (CVE-2008-5510) Wladimir Palant discovered that Firefox did not restrict access to cookies in HTTP response headers. If a user were tricked into opening a malicious web page, a remote attacker could view sensitive information. (CVE-2009-0357). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 65114 published 2013-03-09 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65114 title Ubuntu 6.06 LTS : firefox vulnerabilities (USN-717-3) NASL family Fedora Local Security Checks NASL id FEDORA_2008-11551.NASL description Update to the new upstream Firefox release 2.0.0.19 fixing multiple security issues: http://www.mozilla.org/security/known- vulnerabilities/firefox20.html#firefox2.0.0.19 This update also contains new builds of all applications depending on Gecko libraries, built against the new version. Note: after the updated packages are installed, Firefox must be restarted for the update to take effect. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 35233 published 2008-12-21 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35233 title Fedora 8 : Miro-1.2.7-3.fc8 / blam-1.8.3-20.fc8 / cairo-dock-1.6.3.1-1.fc8.2 / chmsee-1.0.0-6.31.fc8 / etc (2008-11551) NASL family SuSE Local Security Checks NASL id SUSE_EPIPHANY-5889.NASL description The Mozilla XULRunner 1.8.1 engine received backports for security problems in 1.9.0.5. The following security issues were fixed : - Mozilla security researcher moz_bug_r_a4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute arbitrary JavaScript within the context of a different website. moz_bug_r_a4 also reported two vulnerabilities by which page content can pollute XPCNativeWrappers and run arbitary JavaScript with chrome priviliges. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. (MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511) - Kojima Hajime reported that unlike literal null characters which were handled correctly, the escaped form last seen 2020-06-01 modified 2020-06-02 plugin id 41504 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/41504 title SuSE 10 Security Update : Epiphany (ZYPP Patch Number 5889) NASL family Windows NASL id SEAMONKEY_1114.NASL description The installed version of SeaMonkey is earlier than 1.1.14. Such versions are potentially affected by the following security issues : - There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption. (MFSA 2008-60) - XBL bindings can be used to read data from other domains. (MFSA 2008-61) - Sensitive data may be disclosed in an XHR response when an XMLHttpRequest is made to a same-origin resource, which 302 redirects to a resource in a different domain. (MFSA 2008-64) - A website may be able to access a limited amount of data from a different domain by loading a same-domain JavaScript URL which redirects to an off-domain target resource containing data which is not parsable as JavaScript. (MFSA 2008-65) - Errors arise when parsing URLs with leading whitespace and control characters. (MFSA 2008-66) - An escaped null byte is ignored by the CSS parser and treated as if it was not present in the CSS input string. (MFSA 2008-67) - XSS and JavaScript privilege escalation are possible. (MFSA 2008-68) last seen 2020-06-01 modified 2020-06-02 plugin id 35220 published 2008-12-17 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35220 title SeaMonkey < 1.1.14 Multiple Vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2008-11511.NASL description Update to the new upstream Firefox 3.0.5 / XULRunner 1.9.0.5 fixing multiple security issues: http://www.mozilla.org/security/known- vulnerabilities/firefox30.html#firefox3.0.5 This update also contains new builds of all applications depending on Gecko libraries, built against new version. Note: after the updated packages are installed, Firefox must be restarted for the update to take effect. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37149 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37149 title Fedora 10 : Miro-1.2.7-3.fc10 / blam-1.8.5-5.fc10 / devhelp-0.22-2.fc10 / epiphany-2.24.1-3.fc10 / etc (2008-11511) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-690-2.NASL description Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. (CVE-2008-5500) Boris Zbarsky discovered that the same-origin check in Firefox could be bypassed by utilizing XBL-bindings. An attacker could exploit this to read data from other domains. (CVE-2008-5503) Several problems were discovered in the JavaScript engine. An attacker could exploit feed preview vulnerabilities to execute scripts from page content with chrome privileges. (CVE-2008-5504) Marius Schilder discovered that Firefox did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. It last seen 2020-06-01 modified 2020-06-02 plugin id 36225 published 2009-04-23 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36225 title Ubuntu 7.10 : firefox vulnerabilities (USN-690-2) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-1036.NASL description An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-5506, CVE-2008-5507) A flaw was found in the way Firefox stored attributes in XML User Interface Language (XUL) elements. A website could use this flaw to track users across browser sessions, even if users did not allow the site to store cookies in the victim last seen 2020-06-01 modified 2020-06-02 plugin id 43721 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43721 title CentOS 4 / 5 : firefox (CESA-2008:1036) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1707.NASL description Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-5500 Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. (MFSA 2008-60) - CVE-2008-5503 Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. (MFSA 2008-61) - CVE-2008-5504 It was discovered that attackers could run arbitrary JavaScript with chrome privileges via vectors related to the feed preview. (MFSA 2008-62) - CVE-2008-5506 Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. (MFSA 2008-64) - CVE-2008-5507 Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. (MFSA 2008-65) - CVE-2008-5508 Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. (MFSA 2008-66) - CVE-2008-5510 Kojima Hajime and Jun Muto discovered that escaped null characters were ignored by the CSS parser and could lead to the bypass of protection mechanisms (MFSA 2008-67) - CVE-2008-5511 It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an last seen 2020-06-01 modified 2020-06-02 plugin id 35384 published 2009-01-16 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35384 title Debian DSA-1707-1 : iceweasel - several vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_1_MOZILLATHUNDERBIRD-090108.NASL description The Mozilla Thunderbird E-Mail client was updated to version 2.0.0.19. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher moz_bug_r_a4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute arbitrary JavaScript within the context of a different website. moz_bug_r_a4 also reported two vulnerabilities by which page content can pollute XPCNativeWrappers and run arbitary JavaScript with chrome priviliges. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. MFSA 2008-67 / CVE-2008-5510: Kojima Hajime reported that unlike literal null characters which were handled correctly, the escaped form last seen 2020-06-01 modified 2020-06-02 plugin id 40175 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40175 title openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-401) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLA-XULRUNNER181-5881.NASL description The Mozilla XULRunner 1.8.1 engine received backports for security problems in 1.9.0.5. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher moz_bug_r_a4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute arbitrary JavaScript within the context of a different website. moz_bug_r_a4 also reported two vulnerabilities by which page content can pollute XPCNativeWrappers and run arbitary JavaScript with chrome priviliges. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. MFSA 2008-67 / CVE-2008-5510: Kojima Hajime reported that unlike literal null characters which were handled correctly, the escaped form last seen 2020-06-01 modified 2020-06-02 plugin id 35307 published 2009-01-07 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35307 title openSUSE 10 Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-5881) NASL family Windows NASL id MOZILLA_FIREFOX_20019.NASL description The installed version of Firefox is earlier than 2.0.0.19. Such versions are potentially affected by the following security issues : - There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption. (MFSA 2008-60) - XBL bindings can be used to read data from other domains. (MFSA 2008-61) - The feed preview still allows for JavaScript privilege escalation. (MFSA 2008-62) - Sensitive data may be disclosed in an XHR response when an XMLHttpRequest is made to a same-origin resource, which 302 redirects to a resource in a different domain. (MFSA 2008-64) - A website may be able to access a limited amount of data from a different domain by loading a same-domain JavaScript URL which redirects to an off-domain target resource containing data which is not parsable as JavaScript. (MFSA 2008-65) - Errors arise when parsing URLs with leading whitespace and control characters. (MFSA 2008-66) - An escaped null byte is ignored by the CSS parser and treated as if it was not present in the CSS input string. (MFSA 2008-67) - Cross-site scripting and JavaScript privilege escalation are possible. (MFSA 2008-68) - Cross-site scripting vulnerabilities in SessionStore may allow for violating the browser last seen 2020-06-01 modified 2020-06-02 plugin id 35218 published 2008-12-17 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35218 title Firefox < 2.0.0.19 / 3.0.5 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_1_MOZILLA-XULRUNNER181-081219.NASL description The Mozilla XULRunner 1.8.1 engine received backports for security problems in 1.9.0.5. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher moz_bug_r_a4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute arbitrary JavaScript within the context of a different website. moz_bug_r_a4 also reported two vulnerabilities by which page content can pollute XPCNativeWrappers and run arbitary JavaScript with chrome priviliges. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. MFSA 2008-67 / CVE-2008-5510: Kojima Hajime reported that unlike literal null characters which were handled correctly, the escaped form last seen 2020-06-01 modified 2020-06-02 plugin id 40278 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40278 title openSUSE Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-383) NASL family SuSE Local Security Checks NASL id SUSE_11_0_MOZILLA-XULRUNNER190-081218.NASL description The Mozilla XULRunner engine was updated to version 1.9.0.5. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher moz_bug_r_a4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute arbitrary JavaScript within the context of a different website. moz_bug_r_a4 also reported two vulnerabilities by which page content can pollute XPCNativeWrappers and run arbitary JavaScript with chrome priviliges. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. MFSA 2008-67 / CVE-2008-5510: Kojima Hajime reported that unlike literal null characters which were handled correctly, the escaped form last seen 2020-06-01 modified 2020-06-02 plugin id 40075 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40075 title openSUSE Security Update : mozilla-xulrunner190 (mozilla-xulrunner190-382) NASL family Windows NASL id MOZILLA_FIREFOX_305.NASL description The installed version of Firefox 3.0 is earlier than 3.0.5. Such versions are potentially affected by the following security issues : - There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption. (MFSA 2008-60) - The last seen 2020-06-01 modified 2020-06-02 plugin id 35219 published 2008-12-17 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35219 title Firefox 3.0.x < 3.0.5 Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-1036.NASL description An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-5506, CVE-2008-5507) A flaw was found in the way Firefox stored attributes in XML User Interface Language (XUL) elements. A website could use this flaw to track users across browser sessions, even if users did not allow the site to store cookies in the victim last seen 2020-06-01 modified 2020-06-02 plugin id 35191 published 2008-12-17 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35191 title RHEL 4 / 5 : firefox (RHSA-2008:1036) NASL family SuSE Local Security Checks NASL id SUSE_11_0_MOZILLA-XULRUNNER181-081218.NASL description The Mozilla XULRunner 1.8.1 engine received backports for security problems in 1.9.0.5. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher moz_bug_r_a4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute arbitrary JavaScript within the context of a different website. moz_bug_r_a4 also reported two vulnerabilities by which page content can pollute XPCNativeWrappers and run arbitary JavaScript with chrome priviliges. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. MFSA 2008-67 / CVE-2008-5510: Kojima Hajime reported that unlike literal null characters which were handled correctly, the escaped form last seen 2020-06-01 modified 2020-06-02 plugin id 40073 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40073 title openSUSE Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-383) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-5890.NASL description The Mozilla Firefox browser was updated to version 2.0.0.19, fixing various security issues and stability problems. The following security issues were fixed : - Mozilla security researcher moz_bug_r_a4 reported vulnerabilities in the session-restore feature by which content could be injected into an incorrect document storage location, including storage locations for other domains. An attacker could utilize these issues to violate the browser last seen 2020-06-01 modified 2020-06-02 plugin id 41466 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/41466 title SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5890) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-701-1.NASL description Several flaws were discovered in the browser engine. If a user had JavaScript enabled, these problems could allow an attacker to crash Thunderbird and possibly execute arbitrary code with user privileges. (CVE-2008-5500) Boris Zbarsky discovered that the same-origin check in Thunderbird could be bypassed by utilizing XBL-bindings. If a user had JavaScript enabled, an attacker could exploit this to read data from other domains. (CVE-2008-5503) Marius Schilder discovered that Thunderbird did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. When JavaScript is enabled, it last seen 2020-06-01 modified 2020-06-02 plugin id 37974 published 2009-04-23 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37974 title Ubuntu 7.10 / 8.04 LTS / 8.10 : thunderbird vulnerabilities (USN-701-1) NASL family SuSE Local Security Checks NASL id SUSE_SEAMONKEY-5880.NASL description The Mozilla SeaMonkey browser suite was updated to version 1.1.14. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher moz_bug_r_a4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute arbitrary JavaScript within the context of a different website. moz_bug_r_a4 also reported two vulnerabilities by which page content can pollute XPCNativeWrappers and run arbitary JavaScript with chrome priviliges. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. MFSA 2008-67 / CVE-2008-5510: Kojima Hajime reported that unlike literal null characters which were handled correctly, the escaped form last seen 2020-06-01 modified 2020-06-02 plugin id 35250 published 2008-12-21 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35250 title openSUSE 10 Security Update : seamonkey (seamonkey-5880) NASL family SuSE Local Security Checks NASL id SUSE_11_1_MOZILLAFIREFOX-081218.NASL description The Mozilla Firefox browser was updated to version 3.0.5, fixing various security issues and stability problems. The following security issues were fixed : MFSA 2008-69 / CVE-2008-5513: Mozilla security researcher moz_bug_r_a4 reported vulnerabilities in the session-restore feature by which content could be injected into an incorrect document storage location, including storage locations for other domains. An attacker could utilize these issues to violate the browser last seen 2020-06-01 modified 2020-06-02 plugin id 40168 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40168 title openSUSE Security Update : MozillaFirefox (MozillaFirefox-381) NASL family SuSE Local Security Checks NASL id SUSE_11_0_SEAMONKEY-081218.NASL description The Mozilla SeaMonkey browser suite was updated to version 1.1.14. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher moz_bug_r_a4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute arbitrary JavaScript within the context of a different website. moz_bug_r_a4 also reported two vulnerabilities by which page content can pollute XPCNativeWrappers and run arbitary JavaScript with chrome priviliges. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. MFSA 2008-67 / CVE-2008-5510: Kojima Hajime reported that unlike literal null characters which were handled correctly, the escaped form last seen 2020-06-01 modified 2020-06-02 plugin id 40132 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40132 title openSUSE Security Update : seamonkey (seamonkey-380) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-245.NASL description Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 3.x, version 3.0.5 (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5505, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513). This update provides the latest Mozilla Firefox 3.x to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36473 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36473 title Mandriva Linux Security Advisory : firefox (MDVSA-2008:245) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-012.NASL description A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.19 (CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512). This update provides the latest Thunderbird to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36513 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36513 title Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2009:012) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201301-01.NASL description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 63402 published 2013-01-08 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63402 title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-5885.NASL description The Mozilla Firefox browser was updated to version 2.0.0.19, fixing various security issues and stability problems. The following security issues were fixed : MFSA 2008-69 / CVE-2008-5513: Mozilla security researcher moz_bug_r_a4 reported vulnerabilities in the session-restore feature by which content could be injected into an incorrect document storage location, including storage locations for other domains. An attacker could utilize these issues to violate the browser last seen 2020-06-01 modified 2020-06-02 plugin id 35303 published 2009-01-07 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35303 title openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-5885) NASL family Fedora Local Security Checks NASL id FEDORA_2008-11598.NASL description Update to the new upstream Firefox 3.0.5 / XULRunner 1.9.0.5 fixing multiple security issues: http://www.mozilla.org/security/known- vulnerabilities/firefox30.html#firefox3.0.5 This update also contains new builds of all applications depending on Gecko libraries, built against thenew version. Note: after the updated packages are installed, Firefox must be restarted for the update to take effect. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 35238 published 2008-12-21 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35238 title Fedora 9 : Miro-1.2.7-3.fc9 / blam-1.8.5-4.fc9.1 / cairo-dock-1.6.3.1-1.fc9.2 / chmsee-1.0.1-7.fc9 / etc (2008-11598) NASL family Fedora Local Security Checks NASL id FEDORA_2008-11534.NASL description Update to new upstream release 1.1.14 fixing multiple security issues: http://www.mozilla.org/security/known- vulnerabilities/seamonkey11.html#seamonkey1.1.14 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 35230 published 2008-12-21 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35230 title Fedora 8 : seamonkey-1.1.14-1.fc8 (2008-11534) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-244.NASL description Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 2.x, version 2.0.0.19 (CVE-2008-5500, CVE-2008-5503, CVE-2008-5504, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513). This update provides the latest Mozilla Firefox 2.x to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36462 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36462 title Mandriva Linux Security Advisory : mozilla-firefox (MDVSA-2008:244) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_29F5BFC5CE0411DDA7210030843D3802.NASL description The Mozilla Foundation reports : MFSA 2008-69 XSS vulnerabilities in SessionStore MFSA 2008-68 XSS and JavaScript privilege escalation MFSA 2008-67 Escaped null characters ignored by CSS parser MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters MFSA 2008-65 Cross-domain data theft via script redirect error message MFSA 2008-64 XMLHttpRequest 302 response disclosure MFSA 2008-62 Additional XSS attack vectors in feed preview MFSA 2008-61 Information stealing via loadBindingDocument MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19) last seen 2020-06-01 modified 2020-06-02 plugin id 35241 published 2008-12-21 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35241 title FreeBSD : mozilla -- multiple vulnerabilities (29f5bfc5-ce04-11dd-a721-0030843d3802) NASL family SuSE Local Security Checks NASL id SUSE_11_1_MOZILLA-XULRUNNER190-081218.NASL description The Mozilla XULRunner engine was updated to version 1.9.0.5. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher moz_bug_r_a4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute arbitrary JavaScript within the context of a different website. moz_bug_r_a4 also reported two vulnerabilities by which page content can pollute XPCNativeWrappers and run arbitary JavaScript with chrome priviliges. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. MFSA 2008-67 / CVE-2008-5510: Kojima Hajime reported that unlike literal null characters which were handled correctly, the escaped form last seen 2020-06-01 modified 2020-06-02 plugin id 40279 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40279 title openSUSE Security Update : mozilla-xulrunner190 (mozilla-xulrunner190-382) NASL family Fedora Local Security Checks NASL id FEDORA_2008-11586.NASL description Update to new upstream release 1.1.14 fixing multiple security issues: http://www.mozilla.org/security/known- vulnerabilities/seamonkey11.html#seamonkey1.1.14 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 35237 published 2008-12-21 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35237 title Fedora 9 : seamonkey-1.1.14-1.fc9 (2008-11586) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLATHUNDERBIRD-5900.NASL description The Mozilla Thunderbird E-Mail client was updated to version 2.0.0.19. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher moz_bug_r_a4 reported that an XBL binding, when attached to an unloaded document, can be used to violate the same-origin policy and execute arbitrary JavaScript within the context of a different website. moz_bug_r_a4 also reported two vulnerabilities by which page content can pollute XPCNativeWrappers and run arbitary JavaScript with chrome priviliges. Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Workaround Disable JavaScript until a version containing these fixes can be installed. MFSA 2008-67 / CVE-2008-5510: Kojima Hajime reported that unlike literal null characters which were handled correctly, the escaped form last seen 2020-06-01 modified 2020-06-02 plugin id 35325 published 2009-01-09 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35325 title openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-5900) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-1036.NASL description From Red Hat Security Advisory 2008:1036 : An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-5506, CVE-2008-5507) A flaw was found in the way Firefox stored attributes in XML User Interface Language (XUL) elements. A website could use this flaw to track users across browser sessions, even if users did not allow the site to store cookies in the victim last seen 2020-06-01 modified 2020-06-02 plugin id 67777 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67777 title Oracle Linux 4 / 5 : firefox (ELSA-2008-1036) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-690-3.NASL description Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. (CVE-2008-5500) Boris Zbarsky discovered that the same-origin check in Firefox could be bypassed by utilizing XBL-bindings. An attacker could exploit this to read data from other domains. (CVE-2008-5503) Marius Schilder discovered that Firefox did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. It last seen 2020-06-01 modified 2020-06-02 plugin id 65111 published 2013-03-09 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65111 title Ubuntu 6.06 LTS : firefox vulnerabilities (USN-690-3)
Oval
| accepted | 2013-04-29T04:21:09.142-04:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||
| description | The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines. | ||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:9662 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||
| title | The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines. | ||||||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://secunia.com/advisories/33184
- http://secunia.com/advisories/33188
- http://secunia.com/advisories/33203
- http://secunia.com/advisories/33204
- http://secunia.com/advisories/33205
- http://secunia.com/advisories/33216
- http://secunia.com/advisories/33231
- http://secunia.com/advisories/33408
- http://secunia.com/advisories/33523
- http://secunia.com/advisories/34501
- http://secunia.com/advisories/35080
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1
- http://www.debian.org/security/2009/dsa-1707
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:244
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:245
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:012
- http://www.mozilla.org/security/announce/2008/mfsa2008-67.html
- http://www.redhat.com/support/errata/RHSA-2008-1036.html
- http://www.securityfocus.com/bid/32882
- http://www.securitytracker.com/id?1021425
- http://www.ubuntu.com/usn/usn-690-2
- http://www.ubuntu.com/usn/usn-701-1
- http://www.vupen.com/english/advisories/2009/0977
- https://bugzilla.mozilla.org/show_bug.cgi?id=228856
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47415
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9662
- https://usn.ubuntu.com/690-1/