Vulnerabilities > CVE-2009-0689 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | Mozilla
| 19 |
| OS | 10 | |
| OS | 1 | |
| OS | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Exploit-Db
description MATLAB R2009b 'dtoa' Implementation Memory Corruption Vulnerability. CVE-2009-0689. Dos exploit for linux platform id EDB-ID:33480 last seen 2016-02-03 modified 2010-01-08 published 2010-01-08 reporter Maksymilian Arciemowicz source https://www.exploit-db.com/download/33480/ title MATLAB R2009b - 'dtoa' Implementation Memory Corruption Vulnerability description Mozilla Firefox 3.5.3 Floating Point Conversion Heap Overflow Vulnerability. CVE-2009-0689. Dos exploit for linux platform id EDB-ID:33312 last seen 2016-02-03 modified 2009-10-27 published 2009-10-27 reporter Alin Rad Pop source https://www.exploit-db.com/download/33312/ title Mozilla Firefox <= 3.5.3 - Floating Point Conversion Heap Overflow Vulnerability description Opera Web Browser 10.01 'dtoa()' Remote Code Execution Vulnerability. CVE-2009-0689. Remote exploits for multiple platform id EDB-ID:33363 last seen 2016-02-03 modified 2009-11-20 published 2009-11-20 reporter Maksymilian Arciemowicz source https://www.exploit-db.com/download/33363/ title Opera Web Browser 10.01 - 'dtoa' Remote Code Execution Vulnerability description SeaMonkey 1.1.8 Remote Array Overrun. CVE-2009-0689. Dos exploit for bsd platform id EDB-ID:10185 last seen 2016-02-01 modified 2009-11-19 published 2009-11-19 reporter Maksymilian Arciemowicz and sp3x source https://www.exploit-db.com/download/10185/ title SeaMonkey 1.1.8 - Remote Array Overrun description Multiple BSD Distributions 'gdtoa/misc.c' Memory Corruption Vulnerability. CVE-2009-0689. Dos exploits for multiple platform id EDB-ID:33058 last seen 2016-02-03 modified 2009-05-26 published 2009-05-26 reporter Maksymilian Arciemowicz source https://www.exploit-db.com/download/33058/ title Multiple BSD Distributions 'gdtoa/misc.c' Memory Corruption Vulnerability description KDE 4.3.3 KDELibs 'dtoa()' Remote Code Execution Vulnerability. CVE-2009-0689. Remote exploit for linux platform id EDB-ID:33364 last seen 2016-02-03 modified 2009-11-20 published 2009-11-20 reporter Maksymilian Arciemowicz source https://www.exploit-db.com/download/33364/ title KDE 4.3.3 KDELibs 'dtoa' Remote Code Execution Vulnerability description Sunbird 0.9 Array Overrun (code execution) 0day. CVE-2009-0689. Remote exploit for windows platform id EDB-ID:10380 last seen 2016-02-01 modified 2009-12-11 published 2009-12-11 reporter Maksymilian Arciemowicz and sp3x source https://www.exploit-db.com/download/10380/ title Sunbird 0.9 - Array Overrun Code Execution 0day description K-Meleon 1.5.3 Remote Array Overrun. CVE-2009-0689. Dos exploit for bsd platform id EDB-ID:10186 last seen 2016-02-01 modified 2009-11-19 published 2009-11-19 reporter Maksymilian Arciemowicz and sp3x source https://www.exploit-db.com/download/10186/ title K-Meleon 1.5.3 - Remote Array Overrun description KDE KDELibs 4.3.3 Remote Array Overrun. CVE-2009-0689. Dos exploit for linux platform id EDB-ID:10184 last seen 2016-02-01 modified 2009-11-19 published 2009-11-19 reporter Maksymilian Arciemowicz and sp3x source https://www.exploit-db.com/download/10184/ title KDE KDELibs 4.3.3 - Remote Array Overrun description Opera 10.01 Remote Array Overrun. CVE-2009-0689. Dos exploit for bsd platform id EDB-ID:10187 last seen 2016-02-01 modified 2009-11-19 published 2009-11-19 reporter Maksymilian Arciemowicz and sp3x source https://www.exploit-db.com/download/10187/ title Opera 10.01 - Remote Array Overrun description Mac OS X 10.x 'libc/strtod(3)' Memory Corruption Vulnerability. CVE-2009-0689. Dos exploit for osx platform id EDB-ID:33479 last seen 2016-02-03 modified 2010-01-08 published 2010-01-08 reporter Maksymilian Arciemowicz source https://www.exploit-db.com/download/33479/ title Mac OS X 10.x - 'libc/strtod3' Memory Corruption Vulnerability
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_MOZILLA-XULRUNNER190-6617.NASL description The Mozilla XULRunner engine was updated to version 1.9.0.15 to fix various bugs and security issues. The following security issues have been fixed : - Security researcher Paul Stone reported that a user last seen 2020-06-01 modified 2020-06-02 plugin id 49897 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49897 title SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6617) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(49897); script_version ("1.13"); script_cvs_date("Date: 2019/10/25 13:36:36"); script_cve_id("CVE-2009-0689", "CVE-2009-3274", "CVE-2009-3370", "CVE-2009-3371", "CVE-2009-3372", "CVE-2009-3373", "CVE-2009-3374", "CVE-2009-3375", "CVE-2009-3376", "CVE-2009-3380", "CVE-2009-3381", "CVE-2009-3382", "CVE-2009-3383"); script_name(english:"SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6617)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "The Mozilla XULRunner engine was updated to version 1.9.0.15 to fix various bugs and security issues. The following security issues have been fixed : - Security researcher Paul Stone reported that a user's form history, both from web content as well as the smart location bar, was vulnerable to theft. A malicious web page could synthesize events such as mouse focus and key presses on behalf of the victim and trick the browser into auto-filling the form fields with history entries and then reading the entries. (MFSA 2009-52 / CVE-2009-3370) - Security researcher Jeremy Brown reported that the file naming scheme used for downloading a file which already exists in the downloads folder is predictable. If an attacker had local access to a victim's computer and knew the name of a file the victim intended to open through the Download Manager, he could use this vulnerability to place a malicious file in the world-writable directory used to save temporary downloaded files and cause the browser to choose the incorrect file when opening it. Since this attack requires local access to the victim's machine, the severity of this vulnerability was determined to be low. (MFSA 2009-53 / CVE-2009-3274) - Security researcher Orlando Berrera of Sec Theory reported that recursive creation of JavaScript web-workers can be used to create a set of objects whose memory could be freed prior to their use. These conditions often result in a crash which could potentially be used by an attacker to run arbitrary code on a victim's computer. (MFSA 2009-54 / CVE-2009-3371) - Security researcher Marco C. reported a flaw in the parsing of regular expressions used in Proxy Auto-configuration (PAC) files. In certain cases this flaw could be used by an attacker to crash a victim's browser and run arbitrary code on their computer. Since this vulnerability requires the victim to have PAC configured in their environment with specific regular expresssions which can trigger the crash, the severity of the issue was determined to be moderate. (MFSA 2009-55 / CVE-2009-3372) - Security research firm iDefense reported that researcher regenrecht discovered a heap-based buffer overflow in Mozilla's GIF image parser. This vulnerability could potentially be used by an attacker to crash a victim's browser and run arbitrary code on their computer. (MFSA 2009-56 / CVE-2009-3373) - Mozilla security researcher moz_bug_r_a4 reported that the XPCOM utility XPCVariant::VariantDataToJS unwrapped doubly-wrapped objects before returning them to chrome callers. This could result in chrome privileged code calling methods on an object which had previously been created or modified by web content, potentially executing malicious JavaScript code with chrome privileges. (MFSA 2009-57 / CVE-2009-3374) - Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla's string to floating point number conversion routines. Using this vulnerability an attacker could craft some malicious JavaScript code containing a very long string to be converted to a floating point number which would result in improper memory allocation and the execution of an arbitrary memory location. This vulnerability could thus be leveraged by the attacker to run arbitrary code on a victim's computer. (MFSA 2009-59 / CVE-2009-1563) - Security researcher Gregory Fleischer reported that text within a selection on a web page can be read by JavaScript in a different domain using the document.getSelection function, violating the same-origin policy. Since this vulnerability requires user interaction to exploit, its severity was determined to be moderate. (MFSA 2009-61 / CVE-2009-3375) - Mozilla security researchers Jesse Ruderman and Sid Stamm reported that when downloading a file containing a right-to-left override character (RTL) in the filename, the name displayed in the dialog title bar conflicts with the name of the file shown in the dialog body. An attacker could use this vulnerability to obfuscate the name and file extension of a file to be downloaded and opened, potentially causing a user to run an executable file when they expected to open a non-executable file. (MFSA 2009-62 / CVE-2009-3376) - Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2009-64 / CVE-2009-3380 / CVE-2009-3381 / CVE-2009-3382 / CVE-2009-3383)" ); # http://www.mozilla.org/security/announce/2009/mfsa2009-52.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-52/" ); # http://www.mozilla.org/security/announce/2009/mfsa2009-53.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-53/" ); # http://www.mozilla.org/security/announce/2009/mfsa2009-54.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-54/" ); # http://www.mozilla.org/security/announce/2009/mfsa2009-55.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-55/" ); # http://www.mozilla.org/security/announce/2009/mfsa2009-56.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-56/" ); # http://www.mozilla.org/security/announce/2009/mfsa2009-57.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-57/" ); # http://www.mozilla.org/security/announce/2009/mfsa2009-59.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-59/" ); # http://www.mozilla.org/security/announce/2009/mfsa2009-61.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-61/" ); # http://www.mozilla.org/security/announce/2009/mfsa2009-62.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-62/" ); # http://www.mozilla.org/security/announce/2009/mfsa2009-64.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-64/" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1563.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-3274.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-3370.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-3371.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-3372.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-3373.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-3374.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-3375.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-3376.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-3380.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-3381.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-3382.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-3383.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 6617."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(16, 119, 264, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/09/21"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:3, reference:"mozilla-xulrunner190-1.9.0.15-0.4.2")) flag++; if (rpm_check(release:"SLED10", sp:3, reference:"mozilla-xulrunner190-gnomevfs-1.9.0.15-0.4.2")) flag++; if (rpm_check(release:"SLED10", sp:3, reference:"mozilla-xulrunner190-translations-1.9.0.15-0.4.2")) flag++; if (rpm_check(release:"SLED10", sp:3, cpu:"x86_64", reference:"mozilla-xulrunner190-32bit-1.9.0.15-0.4.2")) flag++; if (rpm_check(release:"SLED10", sp:3, cpu:"x86_64", reference:"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.15-0.4.2")) flag++; if (rpm_check(release:"SLED10", sp:3, cpu:"x86_64", reference:"mozilla-xulrunner190-translations-32bit-1.9.0.15-0.4.2")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"mozilla-xulrunner190-1.9.0.15-0.4.2")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"mozilla-xulrunner190-gnomevfs-1.9.0.15-0.4.2")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"mozilla-xulrunner190-translations-1.9.0.15-0.4.2")) flag++; if (rpm_check(release:"SLES10", sp:3, cpu:"x86_64", reference:"mozilla-xulrunner190-32bit-1.9.0.15-0.4.2")) flag++; if (rpm_check(release:"SLES10", sp:3, cpu:"x86_64", reference:"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.15-0.4.2")) flag++; if (rpm_check(release:"SLES10", sp:3, cpu:"x86_64", reference:"mozilla-xulrunner190-translations-32bit-1.9.0.15-0.4.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family SuSE Local Security Checks NASL id SUSE_11_KDELIBS3-091202.NASL description KDE KDELibs Remote Array Overrun (Arbitrary code execution), CVE-2009-0689 last seen 2020-06-01 modified 2020-06-02 plugin id 43056 published 2009-12-08 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/43056 title SuSE 11 Security Update : kdelibs3 (SAT Patch Number 1639) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(43056); script_version("1.12"); script_cvs_date("Date: 2019/10/25 13:36:35"); script_cve_id("CVE-2009-0689"); script_name(english:"SuSE 11 Security Update : kdelibs3 (SAT Patch Number 1639)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "KDE KDELibs Remote Array Overrun (Arbitrary code execution), CVE-2009-0689" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=557126" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-0689.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 1639."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kdelibs3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kdelibs3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kdelibs3-default-style"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kdelibs3-default-style-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2009/12/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (pl) audit(AUDIT_OS_NOT, "SuSE 11.0"); flag = 0; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"kdelibs3-3.5.10-23.27.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"kdelibs3-default-style-3.5.10-23.27.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"kdelibs3-3.5.10-23.27.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"kdelibs3-default-style-3.5.10-23.27.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"kdelibs3-3.5.10-23.27.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"kdelibs3-default-style-3.5.10-23.27.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"kdelibs3-32bit-3.5.10-23.27.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"kdelibs3-default-style-32bit-3.5.10-23.27.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"kdelibs3-32bit-3.5.10-23.27.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"kdelibs3-default-style-32bit-3.5.10-23.27.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Scientific Linux Local Security Checks NASL id SL_20091124_KDELIBS_ON_SL4_X.NASL description CVE-2009-0689 kdelibs remote array overrun A buffer overflow flaw was found in the kdelibs string to floating point conversion routines. A web page containing malicious JavaScript could crash Konqueror or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-0689) The desktop must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60696 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60696 title Scientific Linux Security Update : kdelibs on SL4.x, SL5.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(60696); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:18"); script_cve_id("CVE-2009-0689"); script_name(english:"Scientific Linux Security Update : kdelibs on SL4.x, SL5.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "CVE-2009-0689 kdelibs remote array overrun A buffer overflow flaw was found in the kdelibs string to floating point conversion routines. A web page containing malicious JavaScript could crash Konqueror or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-0689) The desktop must be restarted (log out, then log back in) for this update to take effect." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0911&L=scientific-linux-errata&T=0&P=2933 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5c44d618" ); script_set_attribute( attribute:"solution", value: "Update the affected kdelibs, kdelibs-apidocs and / or kdelibs-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL4", reference:"kdelibs-3.3.1-17.el4_8.1")) flag++; if (rpm_check(release:"SL4", reference:"kdelibs-devel-3.3.1-17.el4_8.1")) flag++; if (rpm_check(release:"SL5", reference:"kdelibs-3.5.4-25.el5_4.1")) flag++; if (rpm_check(release:"SL5", reference:"kdelibs-apidocs-3.5.4-25.el5_4.1")) flag++; if (rpm_check(release:"SL5", reference:"kdelibs-devel-3.5.4-25.el5_4.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1531.NASL description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey creates temporary file names for downloaded files. If a local attacker knows the name of a file SeaMonkey is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A heap-based buffer overflow flaw was found in the SeaMonkey string to floating point conversion routines. A web page containing malicious JavaScript could crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-1563) A flaw was found in the way SeaMonkey handles text selection. A malicious website may be able to read highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-origin policy. (CVE-2009-3375) A flaw was found in the way SeaMonkey displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. (CVE-2009-3376) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3380) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 42296 published 2009-10-29 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42296 title CentOS 3 / 4 : seamonkey (CESA-2009:1531) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:1531 and # CentOS Errata and Security Advisory 2009:1531 respectively. # include("compat.inc"); if (description) { script_id(42296); script_version("1.18"); script_cvs_date("Date: 2019/10/25 13:36:05"); script_cve_id("CVE-2009-0689", "CVE-2009-3274", "CVE-2009-3372", "CVE-2009-3373", "CVE-2009-3375", "CVE-2009-3376", "CVE-2009-3380", "CVE-2009-3384", "CVE-2009-3385"); script_xref(name:"RHSA", value:"2009:1531"); script_name(english:"CentOS 3 / 4 : seamonkey (CESA-2009:1531)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey creates temporary file names for downloaded files. If a local attacker knows the name of a file SeaMonkey is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A heap-based buffer overflow flaw was found in the SeaMonkey string to floating point conversion routines. A web page containing malicious JavaScript could crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-1563) A flaw was found in the way SeaMonkey handles text selection. A malicious website may be able to read highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-origin policy. (CVE-2009-3375) A flaw was found in the way SeaMonkey displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. (CVE-2009-3376) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3380) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect." ); # https://lists.centos.org/pipermail/centos-announce/2009-October/016202.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?764074b1" ); # https://lists.centos.org/pipermail/centos-announce/2009-October/016203.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9065c174" ); # https://lists.centos.org/pipermail/centos-announce/2009-October/016204.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?954a4b55" ); # https://lists.centos.org/pipermail/centos-announce/2009-October/016205.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?59331fd5" ); script_set_attribute( attribute:"solution", value:"Update the affected seamonkey packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(16, 119, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-chat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-js-debugger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-mail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nspr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nspr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nss-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/07/01"); script_set_attribute(attribute:"patch_publication_date", value:"2009/10/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/10/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"seamonkey-1.0.9-0.47.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"seamonkey-1.0.9-0.47.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"seamonkey-chat-1.0.9-0.47.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"seamonkey-chat-1.0.9-0.47.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"seamonkey-devel-1.0.9-0.47.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"seamonkey-devel-1.0.9-0.47.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"seamonkey-dom-inspector-1.0.9-0.47.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"seamonkey-dom-inspector-1.0.9-0.47.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"seamonkey-js-debugger-1.0.9-0.47.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"seamonkey-js-debugger-1.0.9-0.47.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"seamonkey-mail-1.0.9-0.47.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"seamonkey-mail-1.0.9-0.47.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"seamonkey-nspr-1.0.9-0.47.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"seamonkey-nspr-1.0.9-0.47.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"seamonkey-nspr-devel-1.0.9-0.47.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"seamonkey-nspr-devel-1.0.9-0.47.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"seamonkey-nss-1.0.9-0.47.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"seamonkey-nss-1.0.9-0.47.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"seamonkey-nss-devel-1.0.9-0.47.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"seamonkey-nss-devel-1.0.9-0.47.el3.centos3")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-1.0.9-50.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-1.0.9-50.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-chat-1.0.9-50.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-chat-1.0.9-50.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-devel-1.0.9-50.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-devel-1.0.9-50.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-dom-inspector-1.0.9-50.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-dom-inspector-1.0.9-50.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-js-debugger-1.0.9-50.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-js-debugger-1.0.9-50.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-mail-1.0.9-50.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-mail-1.0.9-50.el4.centos")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey / seamonkey-chat / seamonkey-devel / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_11_RUBY-131125.NASL description The following security issue has been fixed : - heap overflow in float point parsing. (CVE-2013-4164) last seen 2020-06-05 modified 2013-12-05 plugin id 71226 published 2013-12-05 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71226 title SuSE 11.2 / 11.3 Security Update : ruby (SAT Patch Numbers 8578 / 8579) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(71226); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2009-0689", "CVE-2013-4164"); script_name(english:"SuSE 11.2 / 11.3 Security Update : ruby (SAT Patch Numbers 8578 / 8579)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The following security issue has been fixed : - heap overflow in float point parsing. (CVE-2013-4164)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=851803" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-0689.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4164.html" ); script_set_attribute( attribute:"solution", value:"Apply SAT patch number 8578 / 8579 as appropriate." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ruby-doc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ruby-tk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2013/11/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); flag = 0; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"ruby-1.8.7.p357-0.9.13.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"ruby-1.8.7.p357-0.9.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"ruby-1.8.7.p357-0.9.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"ruby-1.8.7.p357-0.9.13.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"ruby-1.8.7.p357-0.9.13.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"ruby-doc-html-1.8.7.p357-0.9.13.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"ruby-tk-1.8.7.p357-0.9.13.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"ruby-1.8.7.p357-0.9.13.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"ruby-doc-html-1.8.7.p357-0.9.13.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"ruby-tk-1.8.7.p357-0.9.13.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0154.NASL description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user last seen 2020-06-01 modified 2020-06-02 plugin id 45093 published 2010-03-19 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45093 title CentOS 4 : thunderbird (CESA-2010:0154) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2958-1.NASL description mono-core was updated to fix the following vulnerabilities : - CVE-2009-0689: Remote attackers could cause a denial of service and possibly arbitrary code execution through the string-to-double parser implementation. (bsc#958097) - CVE-2012-3543: Remote attackers could cause a denial of service through increased CPU consumption due to lack of protection against predictable hash collisions when processing form parameters. (bsc#739119) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 95452 published 2016-12-01 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95452 title SUSE SLES11 Security Update : mono-core (SUSE-SU-2016:2958-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-0311.NASL description Updated php packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2009-0689) It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 73085 published 2014-03-19 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73085 title CentOS 5 : php (CESA-2014:0311) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-853-1.NASL description Alin Rad Pop discovered a heap-based buffer overflow in Firefox when it converted strings to floating point numbers. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1563) Jeremy Brown discovered that the Firefox Download Manager was vulnerable to symlink attacks. A local attacker could exploit this to create or overwrite files with the privileges of the user invoking the program. (CVE-2009-3274) Paul Stone discovered a flaw in the Firefox form history. If a user were tricked into viewing a malicious website, a remote attacker could access this data to steal confidential information. (CVE-2009-3370) Orlando Berrera discovered that Firefox did not properly free memory when using web-workers. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 9.10. (CVE-2009-3371) A flaw was discovered in the way Firefox processed Proxy Auto-configuration (PAC) files. If a user configured the browser to use PAC files with certain regular expressions, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3372) A heap-based buffer overflow was discovered in Mozilla last seen 2020-06-01 modified 2020-06-02 plugin id 42335 published 2009-11-02 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42335 title Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : firefox-3.0, firefox-3.5, xulrunner-1.9, xulrunner-1.9.1 vulnerabilities (USN-853-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-376.NASL description Mono last seen 2020-03-17 modified 2016-01-04 plugin id 87682 published 2016-01-04 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/87682 title Debian DLA-376-1 : mono security update NASL family SuSE Local Security Checks NASL id SUSE_KDELIBS3-6692.NASL description KDE KDELibs Remote Array Overrun (Arbitrary code execution), CVE-2009-0689 last seen 2020-06-01 modified 2020-06-02 plugin id 49866 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49866 title SuSE 10 Security Update : kdelibs3 (ZYPP Patch Number 6692) NASL family SuSE Local Security Checks NASL id SUSE_11_2_OPERA-091125.NASL description Opera was upgraded to version 10.10 to fix the following security bugs : - CVE-2009-0689: CVSS v2 Base Score: 6.8 A heap buffer overflow in string to number conversion. - Error messages could leak information. - Another, yet unspecified, vulnerability reported by Chris Evans. last seen 2020-06-01 modified 2020-06-02 plugin id 42927 published 2009-11-30 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42927 title openSUSE Security Update : opera (opera-1599) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1564.NASL description It was found that Mono’s string-to-double parser may crash, on specially crafted input. This could lead to arbitrary code execution. CVE-2018-1002208: Mono embeds the sharplibzip library which is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as last seen 2020-06-01 modified 2020-06-02 plugin id 118597 published 2018-11-02 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118597 title Debian DLA-1564-1 : mono security update NASL family Windows NASL id MOZILLA_THUNDERBIRD_20024.NASL description The installed version of Thunderbird is earlier than 2.0.0.24. Such versions are potentially affected by multiple vulnerabilities : - The columns of a XUL tree element can be manipulated in a particular way that would leave a pointer owned by the column pointing to freed memory. (MFSA 2009-49) - A heap-based buffer overflow exists in Mozilla last seen 2020-06-01 modified 2020-06-02 plugin id 45110 published 2010-03-19 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45110 title Mozilla Thunderbird < 2.0.0.24 Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1530.NASL description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime (NSPR). A flaw was found in the way Firefox handles form history. A malicious web page could steal saved form data by synthesizing input events, causing the browser to auto-fill form fields (which could then be read by an attacker). (CVE-2009-3370) A flaw was found in the way Firefox creates temporary file names for downloaded files. If a local attacker knows the name of a file Firefox is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the Firefox Proxy Auto-Configuration (PAC) file processor. If Firefox loads a malicious PAC file, it could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3372) A heap-based buffer overflow flaw was found in the Firefox GIF image processor. A malicious GIF image could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3373) A heap-based buffer overflow flaw was found in the Firefox string to floating point conversion routines. A web page containing malicious JavaScript could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-1563) A flaw was found in the way Firefox handles text selection. A malicious website may be able to read highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-origin policy. (CVE-2009-3375) A flaw was found in the way Firefox displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. (CVE-2009-3376) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3374, CVE-2009-3380, CVE-2009-3382) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.15. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.15, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 42287 published 2009-10-28 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42287 title RHEL 4 / 5 : firefox (RHSA-2009:1530) NASL family Scientific Linux Local Security Checks NASL id SL_20091027_SEAMONKEY_ON_SL3_X.NASL description A flaw was found in the way SeaMonkey creates temporary file names for downloaded files. If a local attacker knows the name of a file SeaMonkey is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A heap-based buffer overflow flaw was found in the SeaMonkey string to floating point conversion routines. A web page containing malicious JavaScript could crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-1563) A flaw was found in the way SeaMonkey handles text selection. A malicious website may be able to read highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-origin policy. (CVE-2009-3375) A flaw was found in the way SeaMonkey displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. (CVE-2009-3376) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3380) After installing the update, SeaMonkey must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60685 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60685 title Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64 NASL family Scientific Linux Local Security Checks NASL id SL_20140318_PHP_ON_SL5_X.NASL description A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2009-0689) It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243) After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-03-18 modified 2014-03-20 plugin id 73115 published 2014-03-20 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73115 title Scientific Linux Security Update : php on SL5.x i386/x86_64 (20140318) NASL family Windows NASL id SEAMONKEY_1119.NASL description The installed version of SeaMonkey is earlier than 1.1.19. Such versions are potentially affected by the following security issues : - The columns of a XUL tree element can be manipulated in a particular way that would leave a pointer owned by the column pointing to freed memory. (MFSA 2009-49) - A heap-based buffer overflow exists in Mozilla last seen 2020-06-01 modified 2020-06-02 plugin id 45111 published 2010-03-19 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45111 title SeaMonkey < 1.1.19 Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0153.NASL description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user last seen 2020-06-01 modified 2020-06-02 plugin id 63923 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63923 title RHEL 5 : thunderbird (RHSA-2010:0153) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLA-NSPR-6630.NASL description This update fixes a bug in the Mozilla NSPR helper libraries, which could be used by remote attackers to potentially execute code via JavaScript vectors. - Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla last seen 2020-06-01 modified 2020-06-02 plugin id 42421 published 2009-11-09 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42421 title SuSE 10 Security Update : mozilla-nspr (ZYPP Patch Number 6630) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-071.NASL description Multiple vulnerabilities has been found and corrected in mozilla-thunderbird : Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing (CVE-2009-0689). Integer overflow in a base64 decoding function in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors (CVE-2009-2463). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3072). Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3075). Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a dangling pointer vulnerability. (CVE-2009-3077) Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file (CVE-2009-3376). Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user (CVE-2009-3983). Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing (CVE-2010-0163). This update provides the latest version of Thunderbird which are not vulnerable to these issues. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. Additionally, some packages which require so, have been rebuilt and are being provided as updates. last seen 2020-06-01 modified 2020-06-02 plugin id 45521 published 2010-04-14 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45521 title Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:071) NASL family SuSE Local Security Checks NASL id SUSE9_12616.NASL description This update brings Mozilla SeaMonkey to 1.1.19 fixing various bugs and security issues. The following security issues are fixed : - Mozilla developers took fixes from previously fixed memory safety bugs in newer Mozilla-based products and ported them to the Mozilla 1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey 1.1. (MFSA 2010-07) - Paul Fisher reported a crash when joined to an Active Directory server under Vista or Windows 7 and using SSPI authentication. (CVE-2010-0161) - Ludovic Hirlimann reported a crash indexing some messages with attachments. (CVE-2010-0163) - Carsten Book reported a crash in the JavaScript engine. (CVE-2009-3075) - Josh Soref reported a crash in the BinHex decoder used on non-Mac platforms. (CVE-2009-3072) - monarch2000 reported an integer overflow in a base64 decoding function. (CVE-2009-2463) - Security researcher Takehiro Takahashi of the IBM X-Force reported that Mozilla last seen 2020-06-01 modified 2020-06-02 plugin id 46685 published 2010-05-20 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46685 title SuSE9 Security Update : epiphany (YOU Patch Number 12616) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-6609.NASL description The Mozilla Firefox browser was updated to version 3.5.4 to fix various bugs and security issues. The following security issues have been fixed : - Security researcher Paul Stone reported that a user last seen 2020-06-01 modified 2020-06-02 plugin id 49887 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49887 title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6609) NASL family SuSE Local Security Checks NASL id SUSE_KDELIBS3-6691.NASL description KDE KDELibs Remote Array Overrun (Arbitrary code execution), CVE-2009-0689 last seen 2020-06-01 modified 2020-06-02 plugin id 43057 published 2009-12-08 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/43057 title SuSE 10 Security Update : kdelibs3 (ZYPP Patch Number 6691) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLA-XULRUNNER190-6616.NASL description The Mozilla XULRunner engine was updated to version 1.9.0.15 to fix various bugs and security issues. The following security issues have been fixed : - Security researcher Paul Stone reported that a user last seen 2020-06-01 modified 2020-06-02 plugin id 42366 published 2009-11-04 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42366 title SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6616) NASL family SuSE Local Security Checks NASL id SUSE_11_MOZILLA-NSPR-091103.NASL description This update fixes a bug in the Mozilla NSPR helper libraries, which could be used by remote attackers to potentially execute code via JavaScript vectors. - Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla last seen 2020-06-01 modified 2020-06-02 plugin id 42420 published 2009-11-09 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42420 title SuSE 11 Security Update : Mozilla (SAT Patch Number 1503) NASL family Windows NASL id GOOGLE_CHROME_3_0_195_24.NASL description The version of Google Chrome installed on the remote host is earlier than 3.0.195.24. A boundary error in the dtoa() function can lead to a buffer overflow. A remote attacker could exploit this by tricking a user into visiting a malicious web page, which could result in arbitrary code execution within the Google Chrome sandbox. last seen 2020-06-01 modified 2020-06-02 plugin id 41958 published 2009-10-01 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41958 title Google Chrome < 3.0.195.24 dtoa Implementation Remote Overflow NASL family SuSE Local Security Checks NASL id SUSE_11_0_MOZILLAFIREFOX-091103.NASL description The Mozilla Firefox browser was updated to version 3.0.0.15 to fix various bugs and security issues. Following security issues have been fixed: MFSA 2009-52 / CVE-2009-3370: Security researcher Paul Stone reported that a user last seen 2020-06-01 modified 2020-06-02 plugin id 42388 published 2009-11-05 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42388 title openSUSE Security Update : MozillaFirefox (MozillaFirefox-1499) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-346.NASL description Mandriva Linux 2008.0 was released with KDE version 3.5.7. This update upgrades KDE in Mandriva Linux 2008.0 to version 3.5.10, which brings many bugfixes, overall improvements and many security fixes. kdegraphics contains security fixes for CVE-2009-3603,3604,3605,3606,3608,3609,0146,0147,0165,0166,0799,0800,1 179,1180,1181,1182,1183 kdelibs contains security fixes for CVE-2009-0689,1687,1690,1698,2702,1725,2537 Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. last seen 2020-06-01 modified 2020-06-02 plugin id 43613 published 2009-12-30 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/43613 title Mandriva Linux Security Advisory : kde (MDVSA-2009:346) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_6431C4DBDEB411DE90780030843D3802.NASL description Opera Team reports : - Fixed a heap buffer overflow in string to number conversion - Fixed an issue where error messages could leak onto unrelated sites - Fixed a moderately severe issue, as reported by Chris Evans of the Google Security Team; details will be disclosed at a later date. last seen 2020-06-01 modified 2020-06-02 plugin id 42967 published 2009-12-02 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42967 title FreeBSD : opera -- multiple vulnerabilities (6431c4db-deb4-11de-9078-0030843d3802) NASL family SuSE Local Security Checks NASL id SUSE_11_1_SEAMONKEY-100430.NASL description This update brings Mozilla SeaMonkey to 1.1.19 fixing various bugs and security issues. Following security issues are fixed: MFSA 2010-07: Mozilla developers took fixes from previously fixed memory safety bugs in newer Mozilla-based products and ported them to the Mozilla 1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey 1.1. Paul Fisher reported a crash when joined to an Active Directory server under Vista or Windows 7 and using SSPI authentication. (CVE-2010-0161) Ludovic Hirlimann reported a crash indexing some messages with attachments (CVE-2010-0163) Carsten Book reported a crash in the JavaScript engine (CVE-2009-3075) Josh Soref reported a crash in the BinHex decoder used on non-Mac platforms. (CVE-2009-3072) monarch2000 reported an integer overflow in a base64 decoding function (CVE-2009-2463) MFSA 2009-68 / CVE-2009-3983: Security researcher Takehiro Takahashi of the IBM X-Force reported that Mozilla last seen 2020-06-01 modified 2020-06-02 plugin id 46687 published 2010-05-20 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46687 title openSUSE Security Update : seamonkey (openSUSE-SU-2010:0273-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0312.NASL description Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5.3 and 5.6 Long Life, and Red Hat Enterprise Linux 5.9 Extended Update Support. The Red Hat Security Response Team has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2009-0689) All php users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 79002 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79002 title RHEL 5 : php (RHSA-2014:0312) NASL family Scientific Linux Local Security Checks NASL id SL_20091027_FIREFOX_ON_SL4_X.NASL description A flaw was found in the way Firefox handles form history. A malicious web page could steal saved form data by synthesizing input events, causing the browser to auto-fill form fields (which could then be read by an attacker). (CVE-2009-3370) A flaw was found in the way Firefox creates temporary file names for downloaded files. If a local attacker knows the name of a file Firefox is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the Firefox Proxy Auto-Configuration (PAC) file processor. If Firefox loads a malicious PAC file, it could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3372) A heap-based buffer overflow flaw was found in the Firefox GIF image processor. A malicious GIF image could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3373) A heap-based buffer overflow flaw was found in the Firefox string to floating point conversion routines. A web page containing malicious JavaScript could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-1563) A flaw was found in the way Firefox handles text selection. A malicious website may be able to read highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-origin policy. (CVE-2009-3375) A flaw was found in the way Firefox displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. (CVE-2009-3376) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3374, CVE-2009-3380, CVE-2009-3382) After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60683 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60683 title Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64 NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0153.NASL description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user last seen 2020-06-01 modified 2020-06-02 plugin id 45361 published 2010-03-29 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45361 title CentOS 5 : thunderbird (CESA-2010:0153) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-027.NASL description Multiple vulnerabilities was discovered and corrected in kdelibs4 : KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a last seen 2020-06-01 modified 2020-06-02 plugin id 48170 published 2010-07-30 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48170 title Mandriva Linux Security Advisory : kdelibs4 (MDVSA-2010:027) NASL family Fedora Local Security Checks NASL id FEDORA_2009-10878.NASL description Update to new upstream Firefox version 3.5.4, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox35.html#firefox3.5.4 Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 42297 published 2009-10-29 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42297 title Fedora 11 : Miro-2.5.2-5.fc11 / blam-1.8.5-15.fc11 / chmsee-1.0.1-12.fc11 / eclipse-3.4.2-17.fc11 / etc (2009-10878) NASL family Windows NASL id MOZILLA_FIREFOX_3015.NASL description The installed version of Firefox is earlier than 3.0.15. Such versions are potentially affected by the following security issues : - It may be possible for a malicious web page to steal form history. (MFSA 2009-52) - By predicting the filename of an already downloaded file in the downloads directory, a local attacker may be able to trick the browser into opening an incorrect file. (MFSA 2009-53) - Provided the browser is configured to use Proxy Auto-configuration it may be possible for an attacker to crash the browser or execute arbitrary code. (MFSA 2009-55) - Mozilla last seen 2020-06-01 modified 2020-06-02 plugin id 42305 published 2009-10-29 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42305 title Firefox < 3.0.15 Multiple Vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2015-6DEC4E6D5F.NASL description apply patch for security issue CVE-2009-0689 (#1293638) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-03-04 plugin id 89272 published 2016-03-04 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89272 title Fedora 23 : mono-4.0.5-2.fc23 (2015-6dec4e6d5f) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1931.NASL description Several vulnerabilities have been discovered in the NetScape Portable Runtime Library, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-1563 A programming error in the string handling code may lead to the execution of arbitrary code. - CVE-2009-2463 An integer overflow in the Base64 decoding functions may lead to the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 44796 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44796 title Debian DSA-1931-1 : nspr - several vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-853-2.NASL description USN-853-1 fixed vulnerabilities in Firefox and Xulrunner. The upstream changes introduced regressions that could lead to crashes when processing certain malformed GIF images, fonts and web pages. This update fixes the problem. We apologize for the inconvenience. Alin Rad Pop discovered a heap-based buffer overflow in Firefox when it converted strings to floating point numbers. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1563) Jeremy Brown discovered that the Firefox Download Manager was vulnerable to symlink attacks. A local attacker could exploit this to create or overwrite files with the privileges of the user invoking the program. (CVE-2009-3274) Paul Stone discovered a flaw in the Firefox form history. If a user were tricked into viewing a malicious website, a remote attacker could access this data to steal confidential information. (CVE-2009-3370) Orlando Berrera discovered that Firefox did not properly free memory when using web-workers. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 9.10. (CVE-2009-3371) A flaw was discovered in the way Firefox processed Proxy Auto-configuration (PAC) files. If a user configured the browser to use PAC files with certain regular expressions, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3372) A heap-based buffer overflow was discovered in Mozilla last seen 2020-06-01 modified 2020-06-02 plugin id 42474 published 2009-11-12 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42474 title Ubuntu 9.10 : firefox-3.5, xulrunner-1.9.1 regression (USN-853-2) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1530.NASL description From Red Hat Security Advisory 2009:1530 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime (NSPR). A flaw was found in the way Firefox handles form history. A malicious web page could steal saved form data by synthesizing input events, causing the browser to auto-fill form fields (which could then be read by an attacker). (CVE-2009-3370) A flaw was found in the way Firefox creates temporary file names for downloaded files. If a local attacker knows the name of a file Firefox is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the Firefox Proxy Auto-Configuration (PAC) file processor. If Firefox loads a malicious PAC file, it could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3372) A heap-based buffer overflow flaw was found in the Firefox GIF image processor. A malicious GIF image could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3373) A heap-based buffer overflow flaw was found in the Firefox string to floating point conversion routines. A web page containing malicious JavaScript could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-1563) A flaw was found in the way Firefox handles text selection. A malicious website may be able to read highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-origin policy. (CVE-2009-3375) A flaw was found in the way Firefox displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. (CVE-2009-3376) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3374, CVE-2009-3380, CVE-2009-3382) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.15. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.15, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 67948 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67948 title Oracle Linux 4 / 5 : firefox (ELSA-2009-1530) NASL family Fedora Local Security Checks NASL id FEDORA_2010-7100.NASL description Update to new upstream SeaMonkey version 1.1.19, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/seamonkey11.html#seamonkey1.1.19 CVE-2010-0161 CVE-2010-0163 CVE-2009-3075 CVE-2009-3072 CVE-2009-2463 CVE-2009-3385 CVE-2009-3983 CVE-2009-3376 CVE-2009-0689 CVE-2009-3077 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47453 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47453 title Fedora 11 : seamonkey-1.1.19-1.fc11 (2010-7100) NASL family SuSE Local Security Checks NASL id SUSE_11_0_OPERA-091125.NASL description Opera was upgraded to version 10.10 to fix the following security bugs : - CVE-2009-0689: CVSS v2 Base Score: 6.8 A heap buffer overflow in string to number conversion. - Error messages could leak information. - Another, yet unspecified, vulnerability reported by Chris Evans. last seen 2020-06-01 modified 2020-06-02 plugin id 42922 published 2009-11-30 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42922 title openSUSE Security Update : opera (opera-1599) NASL family Scientific Linux Local Security Checks NASL id SL_20100317_THUNDERBIRD_ON_SL4_X.NASL description Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user last seen 2020-06-01 modified 2020-06-02 plugin id 60750 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60750 title Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0154.NASL description From Red Hat Security Advisory 2010:0154 : An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user last seen 2020-06-01 modified 2020-06-02 plugin id 68015 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68015 title Oracle Linux 4 : thunderbird (ELSA-2010-0154) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0311.NASL description Updated php packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2009-0689) It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 73091 published 2014-03-19 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73091 title RHEL 5 : php (RHSA-2014:0311) NASL family MacOS X Local Security Checks NASL id MACOSX_10_6_3.NASL description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.3. Mac OS X 10.6.3 contains security fixes for the following products : - AFP Server - Apache - CoreAudio - CoreMedia - CoreTypes - CUPS - DesktopServices - Disk Images - Directory Services - Dovecot - Event Monitor - FreeRADIUS - FTP Server - iChat Server - ImageIO - Image RAW - Libsystem - Mail - MySQL - OS Services - Password Server - PHP - Podcast Producer - Preferences - PS Normalizer - QuickTime - Ruby - Server Admin - SMB - Tomcat - Wiki Server - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 45372 published 2010-03-29 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45372 title Mac OS X 10.6.x < 10.6.3 Multiple Vulnerabilities NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2010-0001_REMOTE.NASL description The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Network Security Services (NSS) - NetScape Portable Runtime (NSPR) last seen 2020-06-01 modified 2020-06-02 plugin id 89735 published 2016-03-08 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89735 title VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2010-0001) (remote check) NASL family SuSE Local Security Checks NASL id SUSE_11_MOZILLAFIREFOX-091030.NASL description The Mozilla Firefox browser was updated to version 3.5.4 to fix various bugs and security issues. The following security issues have been fixed : - Security researcher Paul Stone reported that a user last seen 2020-06-01 modified 2020-06-02 plugin id 42363 published 2009-11-04 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42363 title SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 1488) NASL family SuSE Local Security Checks NASL id SUSE_11_1_KDELIBS3-091202.NASL description KDE KDELibs Remote Array Overrun (Arbitrary code execution), CVE-2009-0689 last seen 2020-06-01 modified 2020-06-02 plugin id 43053 published 2009-12-08 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/43053 title openSUSE Security Update : kdelibs3 (kdelibs3-1648) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-294.NASL description Security issues were identified and fixed in firefox 3.5.x : Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla last seen 2020-06-01 modified 2020-06-02 plugin id 48157 published 2010-07-30 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48157 title Mandriva Linux Security Advisory : firefox (MDVSA-2009:294) NASL family SuSE Local Security Checks NASL id SUSE9_12563.NASL description A faulty implementation of the dtoa() function can lead to a remotely exploitable array overrun in kdelibs3. This issue has been tracked as CVE-2009-0689. last seen 2020-06-01 modified 2020-06-02 plugin id 43379 published 2009-12-22 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/43379 title SuSE9 Security Update : kdelibs3 (YOU Patch Number 12563) NASL family Fedora Local Security Checks NASL id FEDORA_2009-10981.NASL description Update to new upstream Firefox version 3.0.15, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox30.html#firefox3.0.15 Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 42383 published 2009-11-05 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42383 title Fedora 10 : Miro-2.0.5-5.fc10 / blam-1.8.5-15.fc10 / epiphany-2.24.3-11.fc10 / etc (2009-10981) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_56CFE192329F11DFABB2000F20797EDE.NASL description Mozilla Project reports : MFSA 2010-07 Fixes for potentially exploitable crashes ported to the legacy branch MFSA 2010-06 Scriptable plugin execution in SeaMonkey mail MFSA 2009-68 NTLM reflection vulnerability MFSA 2009-62 Download filename spoofing with RTL override MFSA 2009-59 Heap buffer overflow in string to number conversion MFSA 2009-49 TreeColumns dangling pointer vulnerability last seen 2020-06-01 modified 2020-06-02 plugin id 45114 published 2010-03-22 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45114 title FreeBSD : mozilla -- multiple vulnerabilities (56cfe192-329f-11df-abb2-000f20797ede) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2010-002.NASL description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-002 applied. This security update contains fixes for the following products : - AppKit - Application Firewall - AFP Server - Apache - ClamAV - CoreTypes - CUPS - curl - Cyrus IMAP - Cyrus SASL - Disk Images - Directory Services - Event Monitor - FreeRADIUS - FTP Server - iChat Server - Image RAW - Libsystem - Mail - Mailman - OS Services - Password Server - perl - PHP - PS Normalizer - Ruby - Server Admin - SMB - Tomcat - unzip - vim - Wiki Server - X11 - xar last seen 2020-06-01 modified 2020-06-02 plugin id 45373 published 2010-03-29 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45373 title Mac OS X Multiple Vulnerabilities (Security Update 2010-002) NASL family SuSE Local Security Checks NASL id SUSE_11_1_MOZILLATHUNDERBIRD-100324.NASL description Mozilla Thunderbird was updated to 2.0.0.14 fixing several security issues and bugs. MFSA 2010-07: Mozilla developers took fixes from previously fixed memory safety bugs in newer Mozilla-based products and ported them to the Mozilla 1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey 1.1. Paul Fisher reported a crash when joined to an Active Directory server under Vista or Windows 7 and using SSPI authentication. (CVE-2010-0161) Ludovic Hirlimann reported a crash indexing some messages with attachments (CVE-2010-0163) Carsten Book reported a crash in the JavaScript engine (CVE-2009-3075) Josh Soref reported a crash in the BinHex decoder used on non-Mac platforms. (CVE-2009-3072) monarch2000 reported an integer overflow in a base64 decoding function (CVE-2009-2463) MFSA 2009-68 / CVE-2009-3983: Security researcher Takehiro Takahashi of the IBM X-Force reported that Mozilla last seen 2020-06-01 modified 2020-06-02 plugin id 45376 published 2010-03-30 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45376 title openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-2189) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-915-1.NASL description Several flaws were discovered in the JavaScript engine of Thunderbird. If a user had JavaScript enabled and were tricked into viewing malicious web content, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0689, CVE-2009-2463, CVE-2009-3075) Josh Soref discovered that the BinHex decoder used in Thunderbird contained a flaw. If a user were tricked into viewing malicious content, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3072) It was discovered that Thunderbird did not properly manage memory when using XUL tree elements. If a user were tricked into viewing malicious content, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3077) Jesse Ruderman and Sid Stamm discovered that Thunderbird did not properly display filenames containing right-to-left (RTL) override characters. If a user were tricked into opening a malicious file with a crafted filename, an attacker could exploit this to trick the user into opening a different file than the user expected. (CVE-2009-3376) Takehiro Takahashi discovered flaws in the NTLM implementation in Thunderbird. If an NTLM authenticated user opened content containing links to a malicious website, a remote attacker could send requests to other applications, authenticated as the user. (CVE-2009-3983) Ludovic Hirlimann discovered a flaw in the way Thunderbird indexed certain messages with attachments. A remote attacker could send specially crafted content and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0163). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 45108 published 2010-03-19 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45108 title Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : thunderbird vulnerabilities (USN-915-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1998.NASL description Maksymilian Arciemowicz discovered a buffer overflow in the internal string routines of the KDE core libraries, which could lead to the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 44862 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44862 title Debian DSA-1998-1 : kdelibs - buffer overflow NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-6606.NASL description The Mozilla Firefox browser was updated to version 3.5.4 to fix various bugs and security issues. The following security issues have been fixed : - Security researcher Paul Stone reported that a user last seen 2020-06-01 modified 2020-06-02 plugin id 42365 published 2009-11-04 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42365 title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6606) NASL family SuSE Local Security Checks NASL id SUSE_11_0_KDELIBS3-091202.NASL description KDE KDELibs Remote Array Overrun (Arbitrary code execution), CVE-2009-0689 last seen 2020-06-01 modified 2020-06-02 plugin id 43051 published 2009-12-08 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/43051 title openSUSE Security Update : kdelibs3 (kdelibs3-1648) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-028.NASL description Multiple vulnerabilities was discovered and corrected in kdelibs4 : KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \ last seen 2020-06-01 modified 2020-06-02 plugin id 48171 published 2010-07-30 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48171 title Mandriva Linux Security Advisory : kdelibs4 (MDVSA-2010:028) NASL family SuSE Local Security Checks NASL id SUSE_11_MOZILLA-XULRUNNER190-091030.NASL description The Mozilla XULRunner engine was updated to version 1.9.0.15 to fix various bugs and security issues. The following security issues have been fixed : - Security researcher Paul Stone reported that a user last seen 2020-06-01 modified 2020-06-02 plugin id 42364 published 2009-11-04 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42364 title SuSE 11 Security Update : Mozilla XULRunner (SAT Patch Number 1493) NASL family SuSE Local Security Checks NASL id SUSE_11_0_MOZILLA-NSPR-091104.NASL description This update fixes a bug in the Mozilla NSPR helper libraries, which could be used by remote attackers to potentially execute code via JavaScript vectors. MFSA 2009-59 / CVE-2009-1563: Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla last seen 2020-06-01 modified 2020-06-02 plugin id 42416 published 2009-11-09 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42416 title openSUSE Security Update : mozilla-nspr (mozilla-nspr-1510) NASL family Windows NASL id MOZILLA_FIREFOX_354.NASL description The installed version of Firefox 3.5 is earlier than 3.5.4. Such versions are potentially affected by the following security issues : - It may be possible for a malicious web page to steal form history. (MFSA 2009-52) - By predicting the filename of an already downloaded file in the downloads directory, a local attacker may be able to trick the browser into opening an incorrect file. (MFSA 2009-53) - Recursive creation of JavaScript web-workers could crash the browser or allow execution of arbitrary code on the remote system. (MFSA 2009-54) - Provided the browser is configured to use Proxy Auto-configuration it may be possible for an attacker to crash the browser or execute arbitrary code. (MFSA 2009-55) - Mozilla last seen 2020-06-01 modified 2020-06-02 plugin id 42306 published 2009-10-29 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42306 title Firefox 3.5.x < 3.5.4 Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1601.NASL description Updated kdelibs packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdelibs packages provide libraries for the K Desktop Environment (KDE). A buffer overflow flaw was found in the kdelibs string to floating point conversion routines. A web page containing malicious JavaScript could crash Konqueror or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-0689) Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 42890 published 2009-11-25 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42890 title RHEL 4 / 5 : kdelibs (RHSA-2009:1601) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_4B3A7E70AFCE11E5B86414DAE9D210B8.NASL description NCC Group reports : An attacker who can cause a carefully-chosen string to be converted to a floating-point number can cause a crash and potentially induce arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 87693 published 2016-01-04 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87693 title FreeBSD : mono -- DoS and code execution (4b3a7e70-afce-11e5-b864-14dae9d210b8) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-0311.NASL description From Red Hat Security Advisory 2014:0311 : Updated php packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2009-0689) It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 73089 published 2014-03-19 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73089 title Oracle Linux 5 : php (ELSA-2014-0311) NASL family SuSE Local Security Checks NASL id SUSE_11_1_OPERA-091125.NASL description Opera was upgraded to version 10.10 to fix the following security bugs : - CVE-2009-0689: CVSS v2 Base Score: 6.8 A heap buffer overflow in string to number conversion. - Error messages could leak information. - Another, yet unspecified, vulnerability reported by Chris Evans. last seen 2020-06-01 modified 2020-06-02 plugin id 42924 published 2009-11-30 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42924 title openSUSE Security Update : opera (opera-1599) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLA-NSPR-6631.NASL description This update fixes a bug in the Mozilla NSPR helper libraries, which could be used by remote attackers to potentially execute code via JavaScript vectors. - Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla last seen 2020-06-01 modified 2020-06-02 plugin id 49895 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49895 title SuSE 10 Security Update : mozilla-nspr (ZYPP Patch Number 6631) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201301-01.NASL description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 63402 published 2013-01-08 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63402 title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) NASL family SuSE Local Security Checks NASL id SUSE_11_0_MOZILLATHUNDERBIRD-100324.NASL description Mozilla Thunderbird was updated to 2.0.0.14 fixing several security issues and bugs. MFSA 2010-07: Mozilla developers took fixes from previously fixed memory safety bugs in newer Mozilla-based products and ported them to the Mozilla 1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey 1.1. Paul Fisher reported a crash when joined to an Active Directory server under Vista or Windows 7 and using SSPI authentication. (CVE-2010-0161) Ludovic Hirlimann reported a crash indexing some messages with attachments (CVE-2010-0163) Carsten Book reported a crash in the JavaScript engine (CVE-2009-3075) Josh Soref reported a crash in the BinHex decoder used on non-Mac platforms. (CVE-2009-3072) monarch2000 reported an integer overflow in a base64 decoding function (CVE-2009-2463) MFSA 2009-68 / CVE-2009-3983: Security researcher Takehiro Takahashi of the IBM X-Force reported that Mozilla last seen 2020-06-01 modified 2020-06-02 plugin id 45375 published 2010-03-30 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45375 title openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-2189) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1531.NASL description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey creates temporary file names for downloaded files. If a local attacker knows the name of a file SeaMonkey is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A heap-based buffer overflow flaw was found in the SeaMonkey string to floating point conversion routines. A web page containing malicious JavaScript could crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-1563) A flaw was found in the way SeaMonkey handles text selection. A malicious website may be able to read highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-origin policy. (CVE-2009-3375) A flaw was found in the way SeaMonkey displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. (CVE-2009-3376) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3380) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 42288 published 2009-10-28 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42288 title RHEL 3 / 4 : seamonkey (RHSA-2009:1531) NASL family SuSE Local Security Checks NASL id SUSE_11_1_MOZILLA-NSPR-091104.NASL description This update fixes a bug in the Mozilla NSPR helper libraries, which could be used by remote attackers to potentially execute code via JavaScript vectors. MFSA 2009-59 / CVE-2009-1563: Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla last seen 2020-06-01 modified 2020-06-02 plugin id 42418 published 2009-11-09 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42418 title openSUSE Security Update : mozilla-nspr (mozilla-nspr-1510) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-871-1.NASL description A buffer overflow was found in the KDE libraries when converting a string to a floating point number. If a user or application linked against kdelibs were tricked into processing crafted input, an attacker could cause a denial of service (via application crash) or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0689) It was discovered that the KDE libraries could use KHTML to process an unknown MIME type. If a user or application linked against kdelibs were tricked into opening a crafted file, an attacker could potentially trigger XMLHTTPRequests to remote sites. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43109 published 2009-12-11 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43109 title Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : kdelibs vulnerabilities (USN-871-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1530.NASL description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime (NSPR). A flaw was found in the way Firefox handles form history. A malicious web page could steal saved form data by synthesizing input events, causing the browser to auto-fill form fields (which could then be read by an attacker). (CVE-2009-3370) A flaw was found in the way Firefox creates temporary file names for downloaded files. If a local attacker knows the name of a file Firefox is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the Firefox Proxy Auto-Configuration (PAC) file processor. If Firefox loads a malicious PAC file, it could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3372) A heap-based buffer overflow flaw was found in the Firefox GIF image processor. A malicious GIF image could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3373) A heap-based buffer overflow flaw was found in the Firefox string to floating point conversion routines. A web page containing malicious JavaScript could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-1563) A flaw was found in the way Firefox handles text selection. A malicious website may be able to read highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-origin policy. (CVE-2009-3375) A flaw was found in the way Firefox displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. (CVE-2009-3376) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3374, CVE-2009-3380, CVE-2009-3382) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.15. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.15, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 42295 published 2009-10-29 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42295 title CentOS 4 : firefox (CESA-2009:1530) NASL family Windows NASL id OPERA_1010.NASL description The version of Opera installed on the remote host is earlier than 10.10. Such versions are potentially affected by multiple issues : - Error messages can leak onto unrelated sites which could lead to cross-site scripting attacks. (941) - Passing very long strings through the string to number conversion using JavaScript in Opera may result in heap buffer overflows. (942) - There is an as-yet unspecified moderately severe issue reported by Chris Evans of the Google Security Team. last seen 2020-06-01 modified 2020-06-02 plugin id 42892 published 2009-11-25 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42892 title Opera < 10.10 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_1_MOZILLAFIREFOX-091102.NASL description The Mozilla Firefox browser was updated to version 3.0.0.15 to fix various bugs and security issues. Following security issues have been fixed: MFSA 2009-52 / CVE-2009-3370: Security researcher Paul Stone reported that a user last seen 2020-06-01 modified 2020-06-02 plugin id 42391 published 2009-11-05 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42391 title openSUSE Security Update : MozillaFirefox (MozillaFirefox-1499) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_C87AA2D2C3C411DEAB08000F20797EDE.NASL description Mozilla Foundation reports : MFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/ 1.9.0.15) MFSA 2009-63 Upgrade media libraries to fix memory safety bugs MFSA 2009-62 Download filename spoofing with RTL override MFSA 2009-61 Cross-origin data theft through document.getSelection() MFSA 2009-59 Heap buffer overflow in string to number conversion MFSA 2009-57 Chrome privilege escalation in XPCVariant::VariantDataToJS() MFSA 2009-56 Heap buffer overflow in GIF color map parser MFSA 2009-55 Crash in proxy auto-configuration regexp parsing MFSA 2009-54 Crash with recursive web-worker calls MFSA 2009-53 Local downloaded file tampering MFSA 2009-52 Form history vulnerable to stealing last seen 2020-06-01 modified 2020-06-02 plugin id 42298 published 2009-10-29 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42298 title FreeBSD : mozilla -- multiple vulnerabilities (c87aa2d2-c3c4-11de-ab08-000f20797ede) NASL family SuSE Local Security Checks NASL id SUSE_11_KDELIBS4-100107.NASL description A KDELibs Remote Array Overrun (Arbitrary code execution) was fixed. (CVE-2009-0689) last seen 2020-06-01 modified 2020-06-02 plugin id 43858 published 2010-01-12 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/43858 title SuSE 11 Security Update : kdelibs4 (SAT Patch Number 1747) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0154.NASL description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user last seen 2020-06-01 modified 2020-06-02 plugin id 46271 published 2010-05-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46271 title RHEL 4 : thunderbird (RHSA-2010:0154) NASL family SuSE Local Security Checks NASL id SUSE_11_0_SEAMONKEY-100430.NASL description This update brings Mozilla SeaMonkey to 1.1.19 fixing various bugs and security issues. Following security issues are fixed: MFSA 2010-07: Mozilla developers took fixes from previously fixed memory safety bugs in newer Mozilla-based products and ported them to the Mozilla 1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey 1.1. Paul Fisher reported a crash when joined to an Active Directory server under Vista or Windows 7 and using SSPI authentication. (CVE-2010-0161) Ludovic Hirlimann reported a crash indexing some messages with attachments (CVE-2010-0163) Carsten Book reported a crash in the JavaScript engine (CVE-2009-3075) Josh Soref reported a crash in the BinHex decoder used on non-Mac platforms. (CVE-2009-3072) monarch2000 reported an integer overflow in a base64 decoding function (CVE-2009-2463) MFSA 2009-68 / CVE-2009-3983: Security researcher Takehiro Takahashi of the IBM X-Force reported that Mozilla last seen 2020-06-01 modified 2020-06-02 plugin id 46686 published 2010-05-20 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46686 title openSUSE Security Update : seamonkey (openSUSE-SU-2010:0273-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1601.NASL description From Red Hat Security Advisory 2009:1601 : Updated kdelibs packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdelibs packages provide libraries for the K Desktop Environment (KDE). A buffer overflow flaw was found in the kdelibs string to floating point conversion routines. A web page containing malicious JavaScript could crash Konqueror or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-0689) Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 67962 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67962 title Oracle Linux 4 / 5 : kdelibs (ELSA-2009-1601) NASL family SuSE Local Security Checks NASL id SUSE_11_2_KDELIBS3-091204.NASL description KDE KDELibs Remote Array Overrun (Arbitrary code execution), CVE-2009-0689 last seen 2020-06-01 modified 2020-06-02 plugin id 43055 published 2009-12-08 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/43055 title openSUSE Security Update : kdelibs3 (kdelibs3-1648) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2010-0001.NASL description a. Update for Service Console packages nss and nspr Service console packages for Network Security Services (NSS) and NetScape Portable Runtime (NSPR) are updated to versions nss-3.12.3.99.3-1.2157 and nspr-4.7.6-1.2213 respectively. This patch fixes several security issues in the service console packages for NSS and NSPR. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-2409, CVE-2009-2408, CVE-2009-2404, CVE-2009-1563, CVE-2009-3274, CVE-2009-3370, CVE-2009-3372, CVE-2009-3373, CVE-2009-3374, CVE-2009-3375, CVE-2009-3376, CVE-2009-3380, and CVE-2009-3382 to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43826 published 2010-01-08 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/43826 title VMSA-2010-0001 : ESX Service Console and vMA updates for nss and nspr NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1531.NASL description From Red Hat Security Advisory 2009:1531 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey creates temporary file names for downloaded files. If a local attacker knows the name of a file SeaMonkey is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A heap-based buffer overflow flaw was found in the SeaMonkey string to floating point conversion routines. A web page containing malicious JavaScript could crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-1563) A flaw was found in the way SeaMonkey handles text selection. A malicious website may be able to read highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-origin policy. (CVE-2009-3375) A flaw was found in the way SeaMonkey displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. (CVE-2009-3376) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3380) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 67949 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67949 title Oracle Linux 3 / 4 : seamonkey (ELSA-2009-1531) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-0257-1.NASL description mono-core was updated to fix the following vulnerabilities : - CVE-2009-0689: Remote attackers could cause a denial of service and possibly arbitrary code execution through the string-to-double parser implementation (bsc#958097) - CVE-2012-3543: Remote attackers could cause a denial of service through increased CPU consumption due to lack of protection against predictable hash collisions when processing form parameters (bsc#739119) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 88454 published 2016-01-28 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88454 title SUSE SLED11 / SLES11 Security Update : mono-core (SUSE-SU-2016:0257-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-290.NASL description Security issues were identified and fixed in firefox 3.0.x : Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla last seen 2020-06-01 modified 2020-06-02 plugin id 42992 published 2009-12-04 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42992 title Mandriva Linux Security Advisory : firefox (MDVSA-2009:290-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1601.NASL description Updated kdelibs packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdelibs packages provide libraries for the K Desktop Environment (KDE). A buffer overflow flaw was found in the kdelibs string to floating point conversion routines. A web page containing malicious JavaScript could crash Konqueror or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-0689) Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 67077 published 2013-06-29 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67077 title CentOS 4 / 5 : kdelibs (CESA-2009:1601)
Oval
accepted 2014-10-06T04:04:13.052-04:00 class vulnerability contributors name Prabhu S A organization SecPod Technologies name Pai Peng organization Hewlett-Packard name Sergey Artykhov organization ALTX-SOFT name Sergey Artykhov organization ALTX-SOFT name Evgeniy Pavlov organization ALTX-SOFT name Evgeniy Pavlov organization ALTX-SOFT name Evgeniy Pavlov organization ALTX-SOFT
definition_extensions comment Mozilla Firefox Mainline release is installed oval oval:org.mitre.oval:def:22259 description Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number. family windows id oval:org.mitre.oval:def:6528 status accepted submitted 2009-11-04T12:10:11 title Mozilla Firefox Floating Point Memory Allocation Vulnerability version 25 accepted 2013-04-29T04:20:07.632-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990 comment The operating system installed on the system is Red Hat Enterprise Linux 5 oval oval:org.mitre.oval:def:11414 comment The operating system installed on the system is CentOS Linux 5.x oval oval:org.mitre.oval:def:15802 comment Oracle Linux 5.x oval oval:org.mitre.oval:def:15459
description and a heap-based buffer overflow during conversion to a floating-point number. family unix id oval:org.mitre.oval:def:9541 status accepted submitted 2010-07-09T03:56:16-04:00 title buffer overflow during conversion to a floating-point number. version 27
Packetstorm
data source https://packetstormsecurity.com/files/download/84946/matlab-overrun.txt id PACKETSTORM:84946 last seen 2016-12-05 published 2010-01-09 reporter Maksymilian Arciemowicz source https://packetstormsecurity.com/files/84946/Matlab-R2009b-Array-Overrun.html title Matlab R2009b Array Overrun data source https://packetstormsecurity.com/files/download/83738/camino-overrun.txt id PACKETSTORM:83738 last seen 2016-12-05 published 2009-12-12 reporter Maksymilian Arciemowicz source https://packetstormsecurity.com/files/83738/Camino-1.6.10-Remote-Array-Overrun.html title Camino 1.6.10 Remote Array Overrun data source https://packetstormsecurity.com/files/download/82823/opera-overrun.txt id PACKETSTORM:82823 last seen 2016-12-05 published 2009-11-20 reporter Maksymilian Arciemowicz source https://packetstormsecurity.com/files/82823/Opera-10.01-Remote-Array-Overrun.html title Opera 10.01 Remote Array Overrun data source https://packetstormsecurity.com/files/download/83739/sunbird-overrun.txt id PACKETSTORM:83739 last seen 2016-12-05 published 2009-12-12 reporter Maksymilian Arciemowicz source https://packetstormsecurity.com/files/83739/Sunbird-0.9-Array-Overrun.html title Sunbird 0.9 Array Overrun data source https://packetstormsecurity.com/files/download/83740/thunderbird-overrun.txt id PACKETSTORM:83740 last seen 2016-12-05 published 2009-12-12 reporter Maksymilian Arciemowicz source https://packetstormsecurity.com/files/83740/Thunderbird-2.0.0.23-Remote-Array-Overrun.html title Thunderbird 2.0.0.23 Remote Array Overrun data source https://packetstormsecurity.com/files/download/89801/solaris10libc-overflow.txt id PACKETSTORM:89801 last seen 2016-12-05 published 2010-05-22 reporter Maksymilian Arciemowicz source https://packetstormsecurity.com/files/89801/Sun-Solaris-10-libc-convert-Buffer-Overflow.html title Sun Solaris 10 libc/*convert Buffer Overflow data source https://packetstormsecurity.com/files/download/83737/flock252-overrun.txt id PACKETSTORM:83737 last seen 2016-12-05 published 2009-12-12 reporter Maksymilian Arciemowicz source https://packetstormsecurity.com/files/83737/Flock-2.5.2-Remote-Array-Overrun.html title Flock 2.5.2 Remote Array Overrun data source https://packetstormsecurity.com/files/download/88859/macosxhfs-dos.txt id PACKETSTORM:88859 last seen 2016-12-05 published 2010-04-24 reporter Maksymilian Arciemowicz source https://packetstormsecurity.com/files/88859/Mac-OS-X-10.6.3-Filesystem-HFS-Denial-Of-Service.html title Mac OS X 10.6.3 Filesystem HFS Denial Of Service data source https://packetstormsecurity.com/files/download/84952/macosx-overflow.txt id PACKETSTORM:84952 last seen 2016-12-05 published 2010-01-09 reporter Maksymilian Arciemowicz source https://packetstormsecurity.com/files/84952/Mac-OS-X-10.5-10.6-libc-strtod-3-Buffer-Overflow.html title Mac OS X 10.5 / 10.6 libc/strtod(3) Buffer Overflow data source https://packetstormsecurity.com/files/download/82822/kmeleon-overrun.txt id PACKETSTORM:82822 last seen 2016-12-05 published 2009-11-20 reporter Maksymilian Arciemowicz source https://packetstormsecurity.com/files/82822/K-Meleon-1.5.3-Remote-Array-Overrun.html title K-Meleon 1.5.3 Remote Array Overrun data source https://packetstormsecurity.com/files/download/82824/kdelibs-overrun.txt id PACKETSTORM:82824 last seen 2016-12-05 published 2009-11-20 reporter Maksymilian Arciemowicz source https://packetstormsecurity.com/files/82824/KDELibs-4.3.3-Remote-Array-Overrun.html title KDELibs 4.3.3 Remote Array Overrun data source https://packetstormsecurity.com/files/download/82821/seamonkey-overrun.txt id PACKETSTORM:82821 last seen 2016-12-05 published 2009-11-20 reporter Maksymilian Arciemowicz source https://packetstormsecurity.com/files/82821/SeaMonkey-1.1.0-Remote-Array-Overrun.html title SeaMonkey 1.1.0 Remote Array Overrun data source https://packetstormsecurity.com/files/download/84943/j-overrun.txt id PACKETSTORM:84943 last seen 2016-12-05 published 2010-01-09 reporter Maksymilian Arciemowicz source https://packetstormsecurity.com/files/84943/J-6.02.023-Array-Overrun.html title J 6.02.023 Array Overrun
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
bulletinFamily exploit description No description provided by source. id SSV:18281 last seen 2017-11-19 modified 2009-11-19 published 2009-11-19 reporter Root source https://www.seebug.org/vuldb/ssvid-18281 title SeaMonkey 1.1.8 Remote Array Overrun bulletinFamily exploit description No description provided by source. id SSV:18465 last seen 2017-11-19 modified 2009-12-11 published 2009-12-11 reporter Root source https://www.seebug.org/vuldb/ssvid-18465 title "Sunbird 0.9 Array Overrun (code execution) 0day" bulletinFamily exploit description No description provided by source. id SSV:67154 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-67154 title Sunbird 0.9 - Array Overrun (code execution) 0day bulletinFamily exploit description No description provided by source. id SSV:18282 last seen 2017-11-19 modified 2009-11-19 published 2009-11-19 reporter Root source https://www.seebug.org/vuldb/ssvid-18282 title K-Meleon 1.5.3 Remote Array Overrun bulletinFamily exploit description No description provided by source. id SSV:67074 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-67074 title KDE KDELibs 4.3.3 - Remote Array Overrun bulletinFamily exploit description BUGTRAQ ID: 35510 CVE(CAN) ID: CVE-2009-0689 OpenBSD、NetBSD、FreeBSD都是流行的BSD操作系统,是Unix的衍生系统。 OpenBSD、NetBSD、FreeBSD的dtoa实现中存在数组溢出漏洞。在src/lib/libc/gdtoa/gdtoaimp.h中: - ---gdtoaimp.h--- ... #define Kmax 15 ... - ---gdtoaimp.h--- 最大的Kmax长度为15,如果提供了更大的值(如17),程序就会溢出freelist数组,bss为0x1。 以NetBSD为例: - ---gdtoaimp.h--- ... #define Kmax (sizeof(size_t) << 3) ... - ---gdtoaimp.h--- 程序在misc.c中崩溃: - --- src/lib/libc/gdtoa/misc.c --- if ( (rv = freelist[k]) !=0) { freelist[k] = rv->next; } else { x = 1 << k; #ifdef Omit_Private_Memory rv = (Bigint *)MALLOC(sizeof(Bigint) + (x-1)*sizeof(ULong)); #else len = (sizeof(Bigint) + (x-1)*sizeof(ULong) + sizeof(double) - 1) /sizeof(double); if ((double *)(pmem_next - private_mem + len) <= (double *)PRIVATE_mem) { rv = (Bigint*)(void *)pmem_next; pmem_next += len; } else rv = (Bigint*)MALLOC(len*sizeof(double)); #endif if (rv == NULL) return NULL; rv->k = k; rv->maxwds = x; } - --- src/lib/libc/gdtoa/misc.c --- 这里 rv->k = k; 或 freelist[k] = rv->next; FreeBSD FreeBSD 7.2 FreeBSD FreeBSD 6.4 NetBSD NetBSD 5.0 OpenBSD OpenBSD 4.5 厂商补丁: NetBSD ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h OpenBSD ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c id SSV:11711 last seen 2017-11-19 modified 2009-06-30 published 2009-06-30 reporter Root source https://www.seebug.org/vuldb/ssvid-11711 title 多个BSD系统gdtoa/misc.c文件内存破坏漏洞 bulletinFamily exploit description No description provided by source. id SSV:18280 last seen 2017-11-19 modified 2009-11-19 published 2009-11-19 reporter Root source https://www.seebug.org/vuldb/ssvid-18280 title KDE KDELibs 4.3.3 Remote Array Overrun bulletinFamily exploit description Bugraq ID: 37080 CVE ID:CVE-2009-0689 KDE是一款UNIX工下开源图形桌面环境。 KDELibs是建立在Qt框架之上,它提供框架和众多功能来开发KDE程序。其中dtoa实现存在错误,处理特殊构建的浮点数可导致内存覆盖。由于Kmac定义为15,dtoa函数没有检查Kmac限制,可能调用大于等于16的freelist数组元素。 KDE 4.3.3 目前没有详细解决方案提供: http://www.kde.org/ id SSV:14969 last seen 2017-11-19 modified 2009-11-24 published 2009-11-24 reporter Root source https://www.seebug.org/vuldb/ssvid-14969 title KDE KDELibs 'dtoa()'远程代码执行漏洞 bulletinFamily exploit description BUGTRAQ ID: 40309 Solaris是一款由Sun开发和维护的商业UNIX操作系统。 Solaris操作系统的libc库中所使用的econvert()、ecvt()、fcvt()和gcvt()等函数在执行数字转换操作时存在缓冲区溢出漏洞,攻击者提交恶意请求就可以触发这些溢出,导致执行任意指令。 Sun Solaris 10.0_x86 Sun Solaris 10.0 厂商补丁: Sun --- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://sunsolve.sun.com/security id SSV:19689 last seen 2017-11-19 modified 2010-05-25 published 2010-05-25 reporter Root source https://www.seebug.org/vuldb/ssvid-19689 title Sun Solaris多个libc库数字转换函数缓冲区溢出漏洞 bulletinFamily exploit description No description provided by source. id SSV:14959 last seen 2017-11-19 modified 2009-11-22 published 2009-11-22 reporter Root source https://www.seebug.org/vuldb/ssvid-14959 title Opera 10.01 Remote Array Overrun (Arbitrary code execution) bulletinFamily exploit description No description provided by source. id SSV:18283 last seen 2017-11-19 modified 2009-11-19 published 2009-11-19 reporter Root source https://www.seebug.org/vuldb/ssvid-18283 title Opera 10.01 Remote Array Overrun bulletinFamily exploit description No description provided by source. id SSV:67075 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-67075 title SeaMonkey 1.1.8 - Remote Array Overrun bulletinFamily exploit description No description provided by source. id SSV:67076 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-67076 title K-Meleon 1.5.3 - Remote Array Overrun
References
- http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
- http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
- http://rhn.redhat.com/errata/RHSA-2014-0311.html
- http://rhn.redhat.com/errata/RHSA-2014-0312.html
- http://secunia.com/advisories/37431
- http://secunia.com/advisories/37682
- http://secunia.com/advisories/37683
- http://secunia.com/advisories/38066
- http://secunia.com/advisories/38977
- http://secunia.com/advisories/39001
- http://secunia.com/secunia_research/2009-35/
- http://securityreason.com/achievement_securityalert/63
- http://securityreason.com/achievement_securityalert/69
- http://securityreason.com/achievement_securityalert/71
- http://securityreason.com/achievement_securityalert/72
- http://securityreason.com/achievement_securityalert/73
- http://securityreason.com/achievement_securityalert/75
- http://securityreason.com/achievement_securityalert/76
- http://securityreason.com/achievement_securityalert/77
- http://securityreason.com/achievement_securityalert/78
- http://securityreason.com/achievement_securityalert/81
- http://securitytracker.com/id?1022478
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1
- http://support.apple.com/kb/HT4077
- http://support.apple.com/kb/HT4225
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:294
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
- http://www.mozilla.org/security/announce/2009/mfsa2009-59.html
- http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c
- http://www.opera.com/support/kb/view/942/
- http://www.redhat.com/support/errata/RHSA-2009-1601.html
- http://www.redhat.com/support/errata/RHSA-2010-0153.html
- http://www.redhat.com/support/errata/RHSA-2010-0154.html
- http://www.securityfocus.com/archive/1/507977/100/0/threaded
- http://www.securityfocus.com/archive/1/507979/100/0/threaded
- http://www.securityfocus.com/archive/1/508417/100/0/threaded
- http://www.securityfocus.com/archive/1/508423/100/0/threaded
- http://www.securityfocus.com/bid/35510
- http://www.ubuntu.com/usn/USN-915-1
- http://www.vupen.com/english/advisories/2009/3297
- http://www.vupen.com/english/advisories/2009/3299
- http://www.vupen.com/english/advisories/2009/3334
- http://www.vupen.com/english/advisories/2010/0094
- http://www.vupen.com/english/advisories/2010/0648
- http://www.vupen.com/english/advisories/2010/0650
- https://bugzilla.mozilla.org/show_bug.cgi?id=516396
- https://bugzilla.mozilla.org/show_bug.cgi?id=516862
- https://lists.debian.org/debian-lts-announce/2018/11/msg00001.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6528
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9541