Vulnerabilities > CVE-2009-0352 - Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
mozilla
CWE-399
critical
nessus

Summary

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and destruction of arbitrary layout objects by the nsViewManager::Composite function.

Vulnerable Configurations

Part Description Count
Application
Mozilla
105

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1830.NASL
    descriptionSeveral remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0040 The execution of arbitrary code might be possible via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. (MFSA 2009-10) - CVE-2009-0352 It is possible to execute arbitrary code via vectors related to the layout engine. (MFSA 2009-01) - CVE-2009-0353 It is possible to execute arbitrary code via vectors related to the JavaScript engine. (MFSA 2009-01) - CVE-2009-0652 Bjoern Hoehrmann and Moxie Marlinspike discovered a possible spoofing attack via Unicode box drawing characters in internationalized domain names. (MFSA 2009-15) - CVE-2009-0771 Memory corruption and assertion failures have been discovered in the layout engine, leading to the possible execution of arbitrary code. (MFSA 2009-07) - CVE-2009-0772 The layout engine allows the execution of arbitrary code in vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection. (MFSA 2009-07) - CVE-2009-0773 The JavaScript engine is prone to the execution of arbitrary code via several vectors. (MFSA 2009-07) - CVE-2009-0774 The layout engine allows the execution of arbitrary code via vectors related to gczeal. (MFSA 2009-07) - CVE-2009-0776 Georgi Guninski discovered that it is possible to obtain xml data via an issue related to the nsIRDFService. (MFSA 2009-09) - CVE-2009-1302 The browser engine is prone to a possible memory corruption via several vectors. (MFSA 2009-14) - CVE-2009-1303 The browser engine is prone to a possible memory corruption via the nsSVGElement::BindToTree function. (MFSA 2009-14) - CVE-2009-1307 Gregory Fleischer discovered that it is possible to bypass the Same Origin Policy when opening a Flash file via the view-source: scheme. (MFSA 2009-17) - CVE-2009-1832 The possible arbitrary execution of code was discovered via vectors involving
    last seen2020-06-01
    modified2020-06-02
    plugin id44695
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44695
    titleDebian DSA-1830-1 : icedove - several vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-3161.NASL
    descriptionhttp://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37911
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37911
    titleFedora 10 : seamonkey-1.1.15-3.fc10 (2009-3161)
  • NASL familyWindows
    NASL idSEAMONKEY_1115.NASL
    descriptionThe installed version of SeaMonkey is earlier than 1.1.15. Such versions are potentially affected by the following security issues : - There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption. (MFSA 2009-01) - Cookies marked HTTPOnly are readable by JavaScript via the
    last seen2020-06-01
    modified2020-06-02
    plugin id35978
    published2009-03-20
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35978
    titleSeaMonkey < 1.1.15 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-6187.NASL
    descriptionThe Mozilla Firefox Browser was refreshed to the current MOZILLA_1_8 branch state around fix level 2.0.0.22. Security issues identified as being fixed are: MFSA 2009-01 / CVE-2009-0352 / CVE-2009-0353: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2009-07 / CVE-2009-0772 / CVE-2009-0774) - Mozilla security researcher Georgi Guninski reported that a website could use nsIRDFService and a cross-domain redirect to steal arbitrary XML data from another domain, a violation of the same-origin policy. This vulnerability could be used by a malicious website to steal private data from users authenticated to the redirected website. (MFSA 2009-09 / CVE-2009-0776) - Google security researcher Tavis Ormandy reported several memory safety hazards to the libpng project, an external library used by Mozilla to render PNG images. These vulnerabilities could be used by a malicious website to crash a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id41467
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/41467
    titleSuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 6187)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-0258.NASL
    descriptionAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775) Several flaws were found in the way malformed content was processed. An HTML mail message containing specially crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2009-0355, CVE-2009-0776) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id38891
    published2009-05-26
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38891
    titleCentOS 4 / 5 : thunderbird (CESA-2009:0258)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-0258.NASL
    descriptionAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775) Several flaws were found in the way malformed content was processed. An HTML mail message containing specially crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2009-0355, CVE-2009-0776) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id36014
    published2009-03-25
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36014
    titleRHEL 4 / 5 : thunderbird (RHSA-2009:0258)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_SEAMONKEY-090617.NASL
    descriptionThe Mozilla SeaMonkey browser suite was updated to version 1.1.16, fixing various bugs and security issues : - Security update to 1.1.16 - MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217) Crash and remote code execution in XSL transformation - MFSA 2009-14/CVE-2009-1303/CVE-2009-1305 Crashes with evidence of memory corruption (rv:1.9.0.9) - Security update to 1.1.15 - MFSA 2009-15/CVE-2009-0652 URL spoofing with box drawing character - MFSA 2009-07/CVE-2009-0771, CVE-2009-0772, CVE-2009-0773 CVE-2009-0774: Crashes with evidence of memory corruption (rv:1.9.0.7) - MFSA 2009-09/CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect - MFSA 2009-10/CVE-2009-0040: Upgrade PNG library to fix memory safety hazards - MFSA 2009-01/CVE-2009-0352 Crashes with evidence of memory corruption (rv:1.9.0.6) - MFSA 2009-05/CVE-2009-0357 XMLHttpRequest allows reading HTTPOnly cookies Please note that the java openjdk plugin might not work after installing this update.
    last seen2020-06-01
    modified2020-06-02
    plugin id40133
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40133
    titleopenSUSE Security Update : seamonkey (seamonkey-1014)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-083.NASL
    descriptionA number of security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Thunderbird program, version 2.0.0.21 (CVE-2009-0040, CVE-2009-0776, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0352, CVE-2009-0353). This update provides the latest Thunderbird to correct these issues. Additionally, Mozilla Thunderbird released with Mandriva Linux 2009.0, when used with Enigmail extension on x86_64 architecture, would freeze whenever any Enigmail function was used (bug #45001). Also, when used on i586 architecture, Thunderbird would crash when sending an email, if a file with an unknown extension was attached to it. (bug #46107) This update also fixes those issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36318
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36318
    titleMandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2009:083)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_8B491182F84211DD94D90030843D3802.NASL
    descriptionMozilla Foundation reports : MFSA 2009-06: Directives to not cache pages ignored MFSA 2009-05: XMLHttpRequest allows reading HTTPOnly cookies MFSA 2009-04: Chrome privilege escalation via local .desktop files MFSA 2009-03: Local file stealing with SessionStore MFSA 2009-02: XSS using a chrome XBL method and window.eval MFSA 2009-01: Crashes with evidence of memory corruption (rv:1.9.0.6)
    last seen2020-06-01
    modified2020-06-02
    plugin id35640
    published2009-02-12
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35640
    titleFreeBSD : firefox -- multiple vulnerabilities (8b491182-f842-11dd-94d9-0030843d3802)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-1399.NASL
    descriptionUpdate to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing multiple security issues: http://www.mozilla.org/security/known- vulnerabilities/firefox30.html#firefox3.0.6 This update also contains new builds of all applications depending on Gecko libraries, built against the new version. Note: after the updated packages are installed, Firefox must be restarted for the update to take effect. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id35604
    published2009-02-06
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35604
    titleFedora 9 : Miro-1.2.7-4.fc9 / blam-1.8.5-5.fc9.1 / cairo-dock-1.6.3.1-1.fc9.3 / chmsee-1.0.1-8.fc9 / etc (2009-1399)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-044.NASL
    descriptionSecurity vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 3.x, version 3.0.5 (CVE-2009-0352, CVE-2009-0353, CVE-2009-0354, CVE-2009-0355, CVE-2009-0356, CVE-2009-0357, CVE-2009-0358). This update provides the latest Mozilla Firefox 3.x to correct these issues. As Mozilla Firefox 2.x has been phased out, version 3.x is also being provided for Mandriva Linux 2008 Spring.
    last seen2020-06-01
    modified2020-06-02
    plugin id37673
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37673
    titleMandriva Linux Security Advisory : firefox (MDVSA-2009:044)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-3101.NASL
    descriptionhttp://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36054
    published2009-03-31
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36054
    titleFedora 9 : seamonkey-1.1.15-3.fc9 (2009-3101)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-2884.NASL
    descriptionSeveral flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-0040, CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775) Several flaws were found in the way malformed content was processed. An HTML mail message containing specially crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2009-0355, CVE-2009-0776) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id35984
    published2009-03-22
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35984
    titleFedora 9 : thunderbird-2.0.0.21-1.fc9 (2009-2884)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-1398.NASL
    descriptionUpdate to the new upstream Firefox 3.0.6 / XULRunner 1.9.0.6 fixing multiple security issues: http://www.mozilla.org/security/known- vulnerabilities/firefox30.html#firefox3.0.6 This update also contains new builds of all applications depending on Gecko libraries, built against the new version, including the latest google gadgets upstream release. See http://code.google.com/p/google-gadgets-for- linux/source/browse/trunk/ChangeLog?spec=svn1087&r=1087 for details. Note: after the updated packages are installed, Firefox must be restarted for the update to take effect. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37378
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37378
    titleFedora 10 : Miro-1.2.8-2.fc10 / blam-1.8.5-6.fc10 / devhelp-0.22-3.fc10 / epiphany-2.24.3-2.fc10 / etc (2009-1398)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090204_FIREFOX_ON_SL4_X.NASL
    descriptionSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-0352, CVE-2009-0353, CVE-2009-0356) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2009-0354, CVE-2009-0355) A flaw was found in the way Firefox treated HTTPOnly cookies. An attacker able to execute arbitrary JavaScript on a target site using HTTPOnly cookies may be able to use this flaw to steal the cookie. (CVE-2009-0357) A flaw was found in the way Firefox treated certain HTTP page caching directives. A local attacker could steal the contents of sensitive pages which the page author did not intend to be cached. (CVE-2009-0358) After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id60527
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60527
    titleScientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090324_THUNDERBIRD_ON_SL4_X.NASL
    descriptionSeveral flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775) Several flaws were found in the way malformed content was processed. An HTML mail message containing specially crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2009-0355, CVE-2009-0776) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id60553
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60553
    titleScientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2009-083-02.NASL
    descriptionNew seamonkey packages are available for Slackware 11.0, 12.0, 12.1, 12.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36010
    published2009-03-25
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36010
    titleSlackware 11.0 / 12.0 / 12.1 / 12.2 / current : seamonkey (SSA:2009-083-02)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-717-1.NASL
    descriptionSeveral flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. (CVE-2009-0352, CVE-2009-0353) A flaw was discovered in the JavaScript engine. An attacker could bypass the same-origin policy in Firefox by utilizing a chrome XBL method and execute arbitrary JavaScript within the context of another website. (CVE-2009-0354) A flaw was discovered in the browser engine when restoring closed tabs. If a user were tricked into restoring a tab to a malicious website with form input controls, an attacker could steal local files on the user
    last seen2020-06-01
    modified2020-06-02
    plugin id37217
    published2009-04-23
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37217
    titleUbuntu 8.04 LTS / 8.10 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-717-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SEAMONKEY-6310.NASL
    descriptionThe Mozilla SeaMonkey browser suite was updated to version 1.1.16, fixing various bugs and security issues : - Security update to 1.1.16 - MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217) Crash and remote code execution in XSL transformation - MFSA 2009-14/CVE-2009-1303/CVE-2009-1305 Crashes with evidence of memory corruption (rv:1.9.0.9) - Security update to 1.1.15 - MFSA 2009-15/CVE-2009-0652 URL spoofing with box drawing character - MFSA 2009-07/CVE-2009-0771, CVE-2009-0772, CVE-2009-0773 CVE-2009-0774: Crashes with evidence of memory corruption (rv:1.9.0.7) - MFSA 2009-09/CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect - MFSA 2009-10/CVE-2009-0040: Upgrade PNG library to fix memory safety hazards - MFSA 2009-01/CVE-2009-0352 Crashes with evidence of memory corruption (rv:1.9.0.6) - MFSA 2009-05/CVE-2009-0357 XMLHttpRequest allows reading HTTPOnly cookies Please note that the java openjdk plugin might not work after installing this update.
    last seen2020-06-01
    modified2020-06-02
    plugin id39462
    published2009-06-19
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/39462
    titleopenSUSE 10 Security Update : seamonkey (seamonkey-6310)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_20021.NASL
    descriptionThe installed version of Thunderbird is earlier than 2.0.0.21. Such versions are potentially affected by the following security issues : - There are several stability bugs in the browser engine that could lead to crashes with evidence of memory corruption. (MFSA 2009-01) - By exploiting stability bugs in the browser engine, it might be possible for an attacker to execute arbitrary code on the remote system under certain conditions. (MFSA 2009-07) - It might be possible for a website to read arbitrary XML data from another domain by using nsIRDFService and a cross-domain redirect. (MFSA 2009-09) - Vulnerabilities in the PNG libraries used by Mozilla could be exploited to execute arbitrary code on the remote system. (MFSA 2009-10) - A URI-spoofing vulnerability exists because the application fails to adequately handle specific characters in IDN subdomains. (MFSA 2009-15)
    last seen2020-06-01
    modified2020-06-02
    plugin id35977
    published2009-03-20
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35977
    titleMozilla Thunderbird < 2.0.0.21 Multiple Vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-2882.NASL
    descriptionSeveral flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-0040, CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775) Several flaws were found in the way malformed content was processed. An HTML mail message containing specially crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2009-0355, CVE-2009-0776) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36827
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36827
    titleFedora 10 : thunderbird-2.0.0.21-1.fc10 (2009-2882)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_MOZILLAFIREFOX-090206.NASL
    descriptionThe Mozilla Firefox browser is updated to version 3.0.6 fixing various security and stability issues. MFSA 2009-01 / CVE-2009-0352 / CVE-2009-0353: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2009-02 / CVE-2009-0354: Mozilla security researcher moz_bug_r_a4 reported that a chrome XBL method can be used in conjuction with window.eval to execute arbitrary JavaScript within the context of another website, violating the same origin policy. Firefox 2 releases are not affected. MFSA 2009-03 / CVE-2009-0355: Mozilla security researcher moz_bug_r_a4 reported that a form input control
    last seen2020-06-01
    modified2020-06-02
    plugin id39886
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39886
    titleopenSUSE Security Update : MozillaFirefox (MozillaFirefox-509)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-0258.NASL
    descriptionFrom Red Hat Security Advisory 2009:0258 : An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775) Several flaws were found in the way malformed content was processed. An HTML mail message containing specially crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2009-0355, CVE-2009-0776) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id67797
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67797
    titleOracle Linux 4 : thunderbird (ELSA-2009-0258)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-0257.NASL
    descriptionUpdated SeaMonkey packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-0352, CVE-2009-0353) A flaw was found in the way malformed content was processed. A website containing specially crafted content could, potentially, trick a SeaMonkey user into uploading a local file. (CVE-2009-0355) A flaw was found in the way SeaMonkey treated HTTPOnly cookies. An attacker able to execute arbitrary JavaScript on a target site using HTTPOnly cookies may be able to use this flaw to steal the cookie. (CVE-2009-0357) All SeaMonkey users should upgrade to these updated packages, which contain backported patches that correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id35586
    published2009-02-04
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35586
    titleRHEL 2.1 / 3 / 4 : seamonkey (RHSA-2009:0257)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-0256.NASL
    descriptionAn updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-0352, CVE-2009-0353, CVE-2009-0356) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2009-0354, CVE-2009-0355) A flaw was found in the way Firefox treated HTTPOnly cookies. An attacker able to execute arbitrary JavaScript on a target site using HTTPOnly cookies may be able to use this flaw to steal the cookie. (CVE-2009-0357) A flaw was found in the way Firefox treated certain HTTP page caching directives. A local attacker could steal the contents of sensitive pages which the page author did not intend to be cached. (CVE-2009-0358) For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.6. You can find a link to the Mozilla advisories in the References section. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.6, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id35590
    published2009-02-05
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35590
    titleCentOS 4 / 5 : firefox (CESA-2009:0256)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-0256.NASL
    descriptionAn updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-0352, CVE-2009-0353, CVE-2009-0356) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2009-0354, CVE-2009-0355) A flaw was found in the way Firefox treated HTTPOnly cookies. An attacker able to execute arbitrary JavaScript on a target site using HTTPOnly cookies may be able to use this flaw to steal the cookie. (CVE-2009-0357) A flaw was found in the way Firefox treated certain HTTP page caching directives. A local attacker could steal the contents of sensitive pages which the page author did not intend to be cached. (CVE-2009-0358) For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.6. You can find a link to the Mozilla advisories in the References section. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.6, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id35585
    published2009-02-04
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35585
    titleRHEL 4 / 5 : firefox (RHSA-2009:0256)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090204_SEAMONKEY_ON_SL3_X.NASL
    descriptionSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-0352, CVE-2009-0353) A flaw was found in the way malformed content was processed. A website containing specially crafted content could, potentially, trick a SeaMonkey user into uploading a local file. (CVE-2009-0355) A flaw was found in the way SeaMonkey treated HTTPOnly cookies. An attacker able to execute arbitrary JavaScript on a target site using HTTPOnly cookies may be able to use this flaw to steal the cookie. (CVE-2009-0357) After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id60528
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60528
    titleScientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201301-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id63402
    published2013-01-08
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63402
    titleGLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-0256.NASL
    descriptionFrom Red Hat Security Advisory 2009:0256 : An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-0352, CVE-2009-0353, CVE-2009-0356) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2009-0354, CVE-2009-0355) A flaw was found in the way Firefox treated HTTPOnly cookies. An attacker able to execute arbitrary JavaScript on a target site using HTTPOnly cookies may be able to use this flaw to steal the cookie. (CVE-2009-0357) A flaw was found in the way Firefox treated certain HTTP page caching directives. A local attacker could steal the contents of sensitive pages which the page author did not intend to be cached. (CVE-2009-0358) For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.6. You can find a link to the Mozilla advisories in the References section. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.6, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id67795
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67795
    titleOracle Linux 4 / 5 : firefox (ELSA-2009-0256)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_MOZILLAFIREFOX-090206.NASL
    descriptionThe Mozilla Firefox browser is updated to version 3.0.6 fixing various security and stability issues. MFSA 2009-01 / CVE-2009-0352 / CVE-2009-0353: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2009-02 / CVE-2009-0354: Mozilla security researcher moz_bug_r_a4 reported that a chrome XBL method can be used in conjuction with window.eval to execute arbitrary JavaScript within the context of another website, violating the same origin policy. Firefox 2 releases are not affected. MFSA 2009-03 / CVE-2009-0355: Mozilla security researcher moz_bug_r_a4 reported that a form input control
    last seen2020-06-01
    modified2020-06-02
    plugin id40169
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40169
    titleopenSUSE Security Update : MozillaFirefox (MozillaFirefox-509)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-741-1.NASL
    descriptionSeveral flaws were discovered in the browser engine. If JavaScript were enabled, an attacker could exploit these flaws to crash Thunderbird and possibly execute arbitrary code with user privileges. (CVE-2009-0352) Jesse Ruderman and Gary Kwong discovered flaws in the browser engine. If a user had JavaScript enabled, these problems could allow a remote attacker to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0772, CVE-2009-0774) Georgi Guninski discovered a flaw when Thunderbird performed a cross-domain redirect. If a user had JavaScript enabled, an attacker could bypass the same-origin policy in Thunderbird by utilizing nsIRDFService and steal private data from users authenticated to the redirected website. (CVE-2009-0776). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37220
    published2009-04-23
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37220
    titleUbuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : mozilla-thunderbird, thunderbird vulnerabilities (USN-741-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_SEAMONKEY-090617.NASL
    descriptionThe Mozilla SeaMonkey browser suite was updated to version 1.1.16, fixing various bugs and security issues : - Security update to 1.1.16 - MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217) Crash and remote code execution in XSL transformation - MFSA 2009-14/CVE-2009-1303/CVE-2009-1305 Crashes with evidence of memory corruption (rv:1.9.0.9) - Security update to 1.1.15 - MFSA 2009-15/CVE-2009-0652 URL spoofing with box drawing character - MFSA 2009-07/CVE-2009-0771, CVE-2009-0772, CVE-2009-0773 CVE-2009-0774: Crashes with evidence of memory corruption (rv:1.9.0.7) - MFSA 2009-09/CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect - MFSA 2009-10/CVE-2009-0040: Upgrade PNG library to fix memory safety hazards - MFSA 2009-01/CVE-2009-0352 Crashes with evidence of memory corruption (rv:1.9.0.6) - MFSA 2009-05/CVE-2009-0357 XMLHttpRequest allows reading HTTPOnly cookies Please note that the java openjdk plugin might not work after installing this update.
    last seen2020-06-01
    modified2020-06-02
    plugin id40309
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40309
    titleopenSUSE Security Update : seamonkey (seamonkey-1014)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-6194.NASL
    descriptionThe Mozilla Firefox Browser was refreshed to the current MOZILLA_1_8 branch state around fix level 2.0.0.22. Security issues identified as being fixed are: MFSA 2009-01 / CVE-2009-0352 / CVE-2009-0353: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2009-07 / CVE-2009-0772 / CVE-2009-0774: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2009-09 / CVE-2009-0776: Mozilla security researcher Georgi Guninski reported that a website could use nsIRDFService and a cross-domain redirect to steal arbitrary XML data from another domain, a violation of the same-origin policy. This vulnerability could be used by a malicious website to steal private data from users authenticated to the redirected website. MFSA 2009-10 / CVE-2009-0040: Google security researcher Tavis Ormandy reported several memory safety hazards to the libpng project, an external library used by Mozilla to render PNG images. These vulnerabilities could be used by a malicious website to crash a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id36199
    published2009-04-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36199
    titleopenSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-6194)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_306.NASL
    descriptionThe installed version of Firefox 3.0.x is earlier than 3.0.6. Such versions are potentially affected by the following security issues : - There are several stability bugs in the browser engine that could lead to crashes with evidence of memory corruption. (MFSA 2009-01) - A chrome XBL method can be used in conjunction with
    last seen2020-06-01
    modified2020-06-02
    plugin id35581
    published2009-02-04
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35581
    titleFirefox 3.0.x < 3.0.6 Multiple Vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-0257.NASL
    descriptionUpdated SeaMonkey packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-0352, CVE-2009-0353) A flaw was found in the way malformed content was processed. A website containing specially crafted content could, potentially, trick a SeaMonkey user into uploading a local file. (CVE-2009-0355) A flaw was found in the way SeaMonkey treated HTTPOnly cookies. An attacker able to execute arbitrary JavaScript on a target site using HTTPOnly cookies may be able to use this flaw to steal the cookie. (CVE-2009-0357) All SeaMonkey users should upgrade to these updated packages, which contain backported patches that correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id35591
    published2009-02-05
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35591
    titleCentOS 3 / 4 : seamonkey (CESA-2009:0257)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-0257.NASL
    descriptionFrom Red Hat Security Advisory 2009:0257 : Updated SeaMonkey packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-0352, CVE-2009-0353) A flaw was found in the way malformed content was processed. A website containing specially crafted content could, potentially, trick a SeaMonkey user into uploading a local file. (CVE-2009-0355) A flaw was found in the way SeaMonkey treated HTTPOnly cookies. An attacker able to execute arbitrary JavaScript on a target site using HTTPOnly cookies may be able to use this flaw to steal the cookie. (CVE-2009-0357) All SeaMonkey users should upgrade to these updated packages, which contain backported patches that correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id67796
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67796
    titleOracle Linux 3 / 4 : seamonkey (ELSA-2009-0257)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2009-083-03.NASL
    descriptionNew mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36011
    published2009-03-25
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36011
    titleSlackware 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / current : mozilla-thunderbird (SSA:2009-083-03)

Oval

accepted2013-04-29T04:07:52.549-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionMultiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and destruction of arbitrary layout objects by the nsViewManager::Composite function.
familyunix
idoval:org.mitre.oval:def:10699
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleMultiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and destruction of arbitrary layout objects by the nsViewManager::Composite function.
version27

Redhat

advisories
  • rhsa
    idRHSA-2009:0256
  • rhsa
    idRHSA-2009:0257
  • rhsa
    idRHSA-2009:0258
rpms
  • firefox-0:3.0.6-1.el4
  • firefox-0:3.0.6-1.el5
  • firefox-debuginfo-0:3.0.6-1.el4
  • firefox-debuginfo-0:3.0.6-1.el5
  • nss-0:3.12.2.0-3.el4
  • nss-0:3.12.2.0-4.el5
  • nss-debuginfo-0:3.12.2.0-3.el4
  • nss-debuginfo-0:3.12.2.0-4.el5
  • nss-devel-0:3.12.2.0-3.el4
  • nss-devel-0:3.12.2.0-4.el5
  • nss-pkcs11-devel-0:3.12.2.0-4.el5
  • nss-tools-0:3.12.2.0-3.el4
  • nss-tools-0:3.12.2.0-4.el5
  • xulrunner-0:1.9.0.6-1.el5
  • xulrunner-debuginfo-0:1.9.0.6-1.el5
  • xulrunner-devel-0:1.9.0.6-1.el5
  • xulrunner-devel-unstable-0:1.9.0.6-1.el5
  • seamonkey-0:1.0.9-0.27.el2
  • seamonkey-0:1.0.9-0.32.el3
  • seamonkey-0:1.0.9-35.el4
  • seamonkey-chat-0:1.0.9-0.27.el2
  • seamonkey-chat-0:1.0.9-0.32.el3
  • seamonkey-chat-0:1.0.9-35.el4
  • seamonkey-debuginfo-0:1.0.9-0.32.el3
  • seamonkey-debuginfo-0:1.0.9-35.el4
  • seamonkey-devel-0:1.0.9-0.27.el2
  • seamonkey-devel-0:1.0.9-0.32.el3
  • seamonkey-devel-0:1.0.9-35.el4
  • seamonkey-dom-inspector-0:1.0.9-0.27.el2
  • seamonkey-dom-inspector-0:1.0.9-0.32.el3
  • seamonkey-dom-inspector-0:1.0.9-35.el4
  • seamonkey-js-debugger-0:1.0.9-0.27.el2
  • seamonkey-js-debugger-0:1.0.9-0.32.el3
  • seamonkey-js-debugger-0:1.0.9-35.el4
  • seamonkey-mail-0:1.0.9-0.27.el2
  • seamonkey-mail-0:1.0.9-0.32.el3
  • seamonkey-mail-0:1.0.9-35.el4
  • seamonkey-nspr-0:1.0.9-0.27.el2
  • seamonkey-nspr-0:1.0.9-0.32.el3
  • seamonkey-nspr-devel-0:1.0.9-0.27.el2
  • seamonkey-nspr-devel-0:1.0.9-0.32.el3
  • seamonkey-nss-0:1.0.9-0.27.el2
  • seamonkey-nss-0:1.0.9-0.32.el3
  • seamonkey-nss-devel-0:1.0.9-0.27.el2
  • seamonkey-nss-devel-0:1.0.9-0.32.el3
  • thunderbird-0:1.5.0.12-19.el4
  • thunderbird-0:2.0.0.21-1.el5
  • thunderbird-debuginfo-0:1.5.0.12-19.el4
  • thunderbird-debuginfo-0:2.0.0.21-1.el5

References