Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Published: 2009-03-05
Updated: 2017-09-29
Summary
The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang.
Vulnerable Configurations
Part | Description | Count |
Application | Mozilla | 172 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-1830.NASL |
description | Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0040 The execution of arbitrary code might be possible via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. (MFSA 2009-10) - CVE-2009-0352 It is possible to execute arbitrary code via vectors related to the layout engine. (MFSA 2009-01) - CVE-2009-0353 It is possible to execute arbitrary code via vectors related to the JavaScript engine. (MFSA 2009-01) - CVE-2009-0652 Bjoern Hoehrmann and Moxie Marlinspike discovered a possible spoofing attack via Unicode box drawing characters in internationalized domain names. (MFSA 2009-15) - CVE-2009-0771 Memory corruption and assertion failures have been discovered in the layout engine, leading to the possible execution of arbitrary code. (MFSA 2009-07) - CVE-2009-0772 The layout engine allows the execution of arbitrary code in vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection. (MFSA 2009-07) - CVE-2009-0773 The JavaScript engine is prone to the execution of arbitrary code via several vectors. (MFSA 2009-07) - CVE-2009-0774 The layout engine allows the execution of arbitrary code via vectors related to gczeal. (MFSA 2009-07) - CVE-2009-0776 Georgi Guninski discovered that it is possible to obtain xml data via an issue related to the nsIRDFService. (MFSA 2009-09) - CVE-2009-1302 The browser engine is prone to a possible memory corruption via several vectors. (MFSA 2009-14) - CVE-2009-1303 The browser engine is prone to a possible memory corruption via the nsSVGElement::BindToTree function. (MFSA 2009-14) - CVE-2009-1307 Gregory Fleischer discovered that it is possible to bypass the Same Origin Policy when opening a Flash file via the view-source: scheme. (MFSA 2009-17) - CVE-2009-1832 The possible arbitrary execution of code was discovered via vectors involving |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 44695 |
published | 2010-02-24 |
reporter | This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/44695 |
title | Debian DSA-1830-1 : icedove - several vulnerabilities |
NASL family | Windows |
NASL id | SEAMONKEY_1115.NASL |
description | The installed version of SeaMonkey is earlier than 1.1.15. Such versions are potentially affected by the following security issues : - There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption. (MFSA 2009-01) - Cookies marked HTTPOnly are readable by JavaScript via the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 35978 |
published | 2009-03-20 |
reporter | This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/35978 |
title | SeaMonkey < 1.1.15 Multiple Vulnerabilities |
NASL family | SuSE Local Security Checks |
NASL id | SUSE_11_MOZILLAFIREFOX-090319.NASL |
description | The Mozilla Firefox browser is updated to version 3.0.7 fixing various security and stability issues. - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2009-07 / CVE-2009-0771 / CVE-2009-0772 / CVE-2009-0773 / CVE-2009-0774) - An anonymous researcher, via TippingPoint |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 41352 |
published | 2009-09-24 |
reporter | This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/41352 |
title | SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 656) |
NASL family | Oracle Linux Local Security Checks |
NASL id | ORACLELINUX_ELSA-2009-0315.NASL |
description | From Red Hat Security Advisory 2009:0315 : An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-0040, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0775) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2009-0776, CVE-2009-0777) For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.7. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.7, and which correct these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 67810 |
published | 2013-07-12 |
reporter | This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/67810 |
title | Oracle Linux 4 / 5 : firefox (ELSA-2009-0315) |
NASL family | SuSE Local Security Checks |
NASL id | SUSE_11_0_SEAMONKEY-090617.NASL |
description | The Mozilla SeaMonkey browser suite was updated to version 1.1.16, fixing various bugs and security issues : - Security update to 1.1.16 - MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217) Crash and remote code execution in XSL transformation - MFSA 2009-14/CVE-2009-1303/CVE-2009-1305 Crashes with evidence of memory corruption (rv:1.9.0.9) - Security update to 1.1.15 - MFSA 2009-15/CVE-2009-0652 URL spoofing with box drawing character - MFSA 2009-07/CVE-2009-0771, CVE-2009-0772, CVE-2009-0773 CVE-2009-0774: Crashes with evidence of memory corruption (rv:1.9.0.7) - MFSA 2009-09/CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect - MFSA 2009-10/CVE-2009-0040: Upgrade PNG library to fix memory safety hazards - MFSA 2009-01/CVE-2009-0352 Crashes with evidence of memory corruption (rv:1.9.0.6) - MFSA 2009-05/CVE-2009-0357 XMLHttpRequest allows reading HTTPOnly cookies Please note that the java openjdk plugin might not work after installing this update. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 40133 |
published | 2009-07-21 |
reporter | This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/40133 |
title | openSUSE Security Update : seamonkey (seamonkey-1014) |
NASL family | Mandriva Local Security Checks |
NASL id | MANDRIVA_MDVSA-2009-083.NASL |
description | A number of security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Thunderbird program, version 2.0.0.21 (CVE-2009-0040, CVE-2009-0776, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0352, CVE-2009-0353). This update provides the latest Thunderbird to correct these issues. Additionally, Mozilla Thunderbird released with Mandriva Linux 2009.0, when used with Enigmail extension on x86_64 architecture, would freeze whenever any Enigmail function was used (bug #45001). Also, when used on i586 architecture, Thunderbird would crash when sending an email, if a file with an unknown extension was attached to it. (bug #46107) This update also fixes those issues. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 36318 |
published | 2009-04-23 |
reporter | This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/36318 |
title | Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2009:083) |
NASL family | Scientific Linux Local Security Checks |
NASL id | SL_20090304_FIREFOX_ON_SL4_X.NASL |
description | Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-0040, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774,CVE-2009-0775) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2009-0776, CVE-2009-0777) After installing the update, Firefox must be restarted for the changes to take effect. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 60538 |
published | 2012-08-01 |
reporter | This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/60538 |
title | Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64 |
NASL family | Red Hat Local Security Checks |
NASL id | REDHAT-RHSA-2009-0315.NASL |
description | An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-0040, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0775) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2009-0776, CVE-2009-0777) For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.7. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.7, and which correct these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 35773 |
published | 2009-03-05 |
reporter | This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/35773 |
title | RHEL 4 / 5 : firefox (RHSA-2009:0315) |
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-1751.NASL |
description | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0771 Martijn Wargers, Jesse Ruderman and Josh Soref discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2009-0772 Jesse Ruderman discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2009-0773 Gary Kwong, and Timothee Groleau discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. - CVE-2009-0774 Gary Kwong discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. - CVE-2009-0775 It was discovered that incorrect memory management in the DOM element handling may lead to the execution of arbitrary code. - CVE-2009-0776 Georgi Guninski discovered a violation of the same-origin policy through RDFXMLDataSource and cross-domain redirects. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 35989 |
published | 2009-03-23 |
reporter | This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/35989 |
title | Debian DSA-1751-1 : xulrunner - several vulnerabilities |
NASL family | Ubuntu Local Security Checks |
NASL id | UBUNTU_USN-728-1.NASL |
description | Glenn Randers-Pehrson discovered that the embedded libpng in Firefox did not properly initialize pointers. If a user were tricked into viewing a malicious website with a crafted PNG file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0040) Martijn Wargers, Jesse Ruderman, Josh Soref, Gary Kwong, and Timothee Groleau discovered flaws in the browser engine. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774) A flaw was discovered in Firefox |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 38036 |
published | 2009-04-23 |
reporter | Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/38036 |
title | Ubuntu 8.04 LTS / 8.10 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-728-1) |
NASL family | SuSE Local Security Checks |
NASL id | SUSE_11_0_MOZILLAFIREFOX-090312.NASL |
description | The Mozilla Firefox browser is updated to version 3.0.7 fixing various security and stability issues. MFSA 2009-07 / CVE-2009-0771 / CVE-2009-0772 / CVE-2009-0773 / CVE-2009-0774: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2009-08 / CVE-2009-0775: An anonymous researcher, via TippingPoint |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 39887 |
published | 2009-07-21 |
reporter | This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/39887 |
title | openSUSE Security Update : MozillaFirefox (MozillaFirefox-591) |
NASL family | Slackware Local Security Checks |
NASL id | SLACKWARE_SSA_2009-083-02.NASL |
description | New seamonkey packages are available for Slackware 11.0, 12.0, 12.1, 12.2, and -current to fix security issues. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 36010 |
published | 2009-03-25 |
reporter | This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/36010 |
title | Slackware 11.0 / 12.0 / 12.1 / 12.2 / current : seamonkey (SSA:2009-083-02) |
NASL family | SuSE Local Security Checks |
NASL id | SUSE_11_1_MOZILLAFIREFOX-090312.NASL |
description | The Mozilla Firefox browser is updated to version 3.0.7 fixing various security and stability issues. MFSA 2009-07 / CVE-2009-0771 / CVE-2009-0772 / CVE-2009-0773 / CVE-2009-0774: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2009-08 / CVE-2009-0775: An anonymous researcher, via TippingPoint |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 40170 |
published | 2009-07-21 |
reporter | This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/40170 |
title | openSUSE Security Update : MozillaFirefox (MozillaFirefox-591) |
NASL family | SuSE Local Security Checks |
NASL id | SUSE_SEAMONKEY-6310.NASL |
description | The Mozilla SeaMonkey browser suite was updated to version 1.1.16, fixing various bugs and security issues : - Security update to 1.1.16 - MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217) Crash and remote code execution in XSL transformation - MFSA 2009-14/CVE-2009-1303/CVE-2009-1305 Crashes with evidence of memory corruption (rv:1.9.0.9) - Security update to 1.1.15 - MFSA 2009-15/CVE-2009-0652 URL spoofing with box drawing character - MFSA 2009-07/CVE-2009-0771, CVE-2009-0772, CVE-2009-0773 CVE-2009-0774: Crashes with evidence of memory corruption (rv:1.9.0.7) - MFSA 2009-09/CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect - MFSA 2009-10/CVE-2009-0040: Upgrade PNG library to fix memory safety hazards - MFSA 2009-01/CVE-2009-0352 Crashes with evidence of memory corruption (rv:1.9.0.6) - MFSA 2009-05/CVE-2009-0357 XMLHttpRequest allows reading HTTPOnly cookies Please note that the java openjdk plugin might not work after installing this update. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 39462 |
published | 2009-06-19 |
reporter | This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/39462 |
title | openSUSE 10 Security Update : seamonkey (seamonkey-6310) |
NASL family | Windows |
NASL id | MOZILLA_THUNDERBIRD_20021.NASL |
description | The installed version of Thunderbird is earlier than 2.0.0.21. Such versions are potentially affected by the following security issues : - There are several stability bugs in the browser engine that could lead to crashes with evidence of memory corruption. (MFSA 2009-01) - By exploiting stability bugs in the browser engine, it might be possible for an attacker to execute arbitrary code on the remote system under certain conditions. (MFSA 2009-07) - It might be possible for a website to read arbitrary XML data from another domain by using nsIRDFService and a cross-domain redirect. (MFSA 2009-09) - Vulnerabilities in the PNG libraries used by Mozilla could be exploited to execute arbitrary code on the remote system. (MFSA 2009-10) - A URI-spoofing vulnerability exists because the application fails to adequately handle specific characters in IDN subdomains. (MFSA 2009-15) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 35977 |
published | 2009-03-20 |
reporter | This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/35977 |
title | Mozilla Thunderbird < 2.0.0.21 Multiple Vulnerabilities |
NASL family | CentOS Local Security Checks |
NASL id | CENTOS_RHSA-2009-0315.NASL |
description | An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-0040, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0775) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2009-0776, CVE-2009-0777) For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.7. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.7, and which correct these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 35789 |
published | 2009-03-08 |
reporter | This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/35789 |
title | CentOS 4 / 5 : firefox (CESA-2009:0315) |
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-201301-01.NASL |
description | The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 63402 |
published | 2013-01-08 |
reporter | This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/63402 |
title | GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) |
NASL family | Fedora Local Security Checks |
NASL id | FEDORA_2009-2421.NASL |
description | Update to the new upstream Firefox 3.0.7 / XULRunner 1.9.0.7 fixing multiple security issues: http://www.mozilla.org/security/known- vulnerabilities/firefox30.html#firefox3.0.7 This update also contains new builds of all applications depending on Gecko libraries, built against the new version. Note: after the updated packages are installed, Firefox must be restarted for the update to take effect. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 35802 |
published | 2009-03-09 |
reporter | This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/35802 |
title | Fedora 9 : Miro-1.2.7-5.fc9 / blam-1.8.5-6.fc9.1 / chmsee-1.0.1-9.fc9 / devhelp-0.19.1-9.fc9 / etc (2009-2421) |
NASL family | Fedora Local Security Checks |
NASL id | FEDORA_2009-2422.NASL |
description | Update to the new upstream Firefox 3.0.7 / XULRunner 1.9.0.7 fixing multiple security issues: http://www.mozilla.org/security/known- vulnerabilities/firefox30.html#firefox3.0.7 This update also contains new builds of all applications depending on Gecko libraries, built against the new version. Note: after the updated packages are installed, Firefox must be restarted for the update to take effect. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 36866 |
published | 2009-04-23 |
reporter | This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/36866 |
title | Fedora 10 : Miro-2.0-4.fc10 / blam-1.8.5-7.fc10 / devhelp-0.22-5.fc10 / epiphany-2.24.3-3.fc10 / etc (2009-2422) |
NASL family | SuSE Local Security Checks |
NASL id | SUSE_11_1_SEAMONKEY-090617.NASL |
description | The Mozilla SeaMonkey browser suite was updated to version 1.1.16, fixing various bugs and security issues : - Security update to 1.1.16 - MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217) Crash and remote code execution in XSL transformation - MFSA 2009-14/CVE-2009-1303/CVE-2009-1305 Crashes with evidence of memory corruption (rv:1.9.0.9) - Security update to 1.1.15 - MFSA 2009-15/CVE-2009-0652 URL spoofing with box drawing character - MFSA 2009-07/CVE-2009-0771, CVE-2009-0772, CVE-2009-0773 CVE-2009-0774: Crashes with evidence of memory corruption (rv:1.9.0.7) - MFSA 2009-09/CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect - MFSA 2009-10/CVE-2009-0040: Upgrade PNG library to fix memory safety hazards - MFSA 2009-01/CVE-2009-0352 Crashes with evidence of memory corruption (rv:1.9.0.6) - MFSA 2009-05/CVE-2009-0357 XMLHttpRequest allows reading HTTPOnly cookies Please note that the java openjdk plugin might not work after installing this update. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 40309 |
published | 2009-07-21 |
reporter | This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/40309 |
title | openSUSE Security Update : seamonkey (seamonkey-1014) |
NASL family | Windows |
NASL id | MOZILLA_FIREFOX_307.NASL |
description | The installed version of Firefox 3.0.x is earlier than 3.0.7. Such versions are potentially affected by the following security issues : - By exploiting stability bugs in the browser engine, it might be possible for an attacker to execute arbitrary code on the remote system under certain conditions. (MFSA 2009-07) - A vulnerability in Mozilla |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 35778 |
published | 2009-03-05 |
reporter | This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/35778 |
title | Firefox 3.0.x < 3.0.7 Multiple Vulnerabilities |
NASL family | Slackware Local Security Checks |
NASL id | SLACKWARE_SSA_2009-083-03.NASL |
description | New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix security issues. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 36011 |
published | 2009-03-25 |
reporter | This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/36011 |
title | Slackware 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / current : mozilla-thunderbird (SSA:2009-083-03) |
NASL family | Mandriva Local Security Checks |
NASL id | MANDRIVA_MDVSA-2009-075.NASL |
description | Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 3.x, version 3.0.7 (CVE-2009-0040, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0775, CVE-2009-0776, CVE-2009-0777). This update provides the latest Mozilla Firefox 3.x to correct these issues. As Mozilla Firefox 2.x has been phased out, version 3.x is also being provided for Mandriva Linux 2008 Spring. Additionally some softwares has also been rebuilt against Mozilla Firefox 3.0.7 which should take care of upgrade problems. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 37610 |
published | 2009-04-23 |
reporter | This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/37610 |
title | Mandriva Linux Security Advisory : firefox (MDVSA-2009:075) |
Oval
accepted | 2013-04-29T04:06:06.889-04:00 |
class | vulnerability |
contributors | name | Aharon Chernin | organization | SCAP.com, LLC |
name | Dragos Prisaca | organization | G2, Inc. |
|
definition_extensions | comment | The operating system installed on the system is Red Hat Enterprise Linux 4 | oval | oval:org.mitre.oval:def:11831 |
comment | CentOS Linux 4.x | oval | oval:org.mitre.oval:def:16636 |
comment | Oracle Linux 4.x | oval | oval:org.mitre.oval:def:15990 |
comment | The operating system installed on the system is Red Hat Enterprise Linux 5 | oval | oval:org.mitre.oval:def:11414 |
comment | The operating system installed on the system is CentOS Linux 5.x | oval | oval:org.mitre.oval:def:15802 |
comment | Oracle Linux 5.x | oval | oval:org.mitre.oval:def:15459 |
|
description | triggers a hang. |
family | unix |
id | oval:org.mitre.oval:def:10491 |
status | accepted |
submitted | 2010-07-09T03:56:16-04:00 |
title | triggers a hang. |
version | 27 |
accepted | 2009-06-15T04:00:50.323-04:00 |
class | vulnerability |
contributors | name | Chandan S | organization | SecPod Technologies |
name | Brendan Miles | organization | The MITRE Corporation |
name | J. Daniel Brown | organization | DTCC |
name | Shane Shaffer | organization | G2, Inc. |
|
definition_extensions | comment | Microsoft Windows XP (x86) SP2 is installed | oval | oval:org.mitre.oval:def:754 |
comment | Microsoft Windows XP (x86) SP3 is installed | oval | oval:org.mitre.oval:def:5631 |
comment | Microsoft Windows Vista (32-bit) is installed | oval | oval:org.mitre.oval:def:1282 |
comment | Microsoft Windows Vista (32-bit) Service Pack 1 is installed | oval | oval:org.mitre.oval:def:4873 |
comment | Microsoft Windows Server 2003 SP1 (x86) is installed | oval | oval:org.mitre.oval:def:565 |
comment | Microsoft Windows Server 2003 SP2 (x86) is installed | oval | oval:org.mitre.oval:def:1935 |
|
description | The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang. |
family | windows |
id | oval:org.mitre.oval:def:5856 |
status | deprecated |
submitted | 2009-04-17T15:11:12 |
title | Mozilla Seamonkey Denial of Service and arbitrary code execution Vulnerabilities |
version | 23 |
accepted | 2009-06-15T04:00:53.908-04:00 |
class | vulnerability |
contributors | name | Chandan S | organization | SecPod Technologies |
name | Brendan Miles | organization | The MITRE Corporation |
name | J. Daniel Brown | organization | DTCC |
name | Shane Shaffer | organization | G2, Inc. |
name | Richard Helbing | organization | baramundi software |
name | Evgeniy Pavlov | organization | ALTX-SOFT |
name | Evgeniy Pavlov | organization | ALTX-SOFT |
name | Evgeniy Pavlov | organization | ALTX-SOFT |
|
definition_extensions | comment | Microsoft Windows XP (x86) SP2 is installed | oval | oval:org.mitre.oval:def:754 |
comment | Microsoft Windows XP (x86) SP3 is installed | oval | oval:org.mitre.oval:def:5631 |
comment | Microsoft Windows Vista (32-bit) is installed | oval | oval:org.mitre.oval:def:1282 |
comment | Microsoft Windows Vista (32-bit) Service Pack 1 is installed | oval | oval:org.mitre.oval:def:4873 |
comment | Microsoft Windows Server 2003 SP1 (x86) is installed | oval | oval:org.mitre.oval:def:565 |
comment | Microsoft Windows Server 2003 SP2 (x86) is installed | oval | oval:org.mitre.oval:def:1935 |
comment | Mozilla Thunderbird Mainline release is installed | oval | oval:org.mitre.oval:def:22093 |
|
description | The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang. |
family | windows |
id | oval:org.mitre.oval:def:5980 |
status | deprecated |
submitted | 2009-04-16T09:45:11 |
title | Mozilla Thunderbird Denial of Service and arbitrary code execution Vulnerabilities |
version | 26 |
accepted | 2009-06-15T04:01:03.518-04:00 |
class | vulnerability |
contributors | name | Chandan S | organization | SecPod Technologies |
name | Brendan Miles | organization | The MITRE Corporation |
name | J. Daniel Brown | organization | DTCC |
name | Shane Shaffer | organization | G2, Inc. |
name | Sergey Artykhov | organization | ALTX-SOFT |
name | Sergey Artykhov | organization | ALTX-SOFT |
|
definition_extensions | comment | Microsoft Windows XP (x86) SP2 is installed | oval | oval:org.mitre.oval:def:754 |
comment | Microsoft Windows XP (x86) SP3 is installed | oval | oval:org.mitre.oval:def:5631 |
comment | Microsoft Windows Vista (32-bit) is installed | oval | oval:org.mitre.oval:def:1282 |
comment | Microsoft Windows Vista (32-bit) Service Pack 1 is installed | oval | oval:org.mitre.oval:def:4873 |
comment | Microsoft Windows Server 2003 SP1 (x86) is installed | oval | oval:org.mitre.oval:def:565 |
comment | Microsoft Windows Server 2003 SP2 (x86) is installed | oval | oval:org.mitre.oval:def:1935 |
|
description | hich triggers a hang. |
family | windows |
id | oval:org.mitre.oval:def:6141 |
status | deprecated |
submitted | 2009-04-14T09:45:11 |
title | Mozilla Firefox Denial of Service and arbitrary code execution Vulnerabilities |
version | 24 |
accepted | 2014-10-06T04:04:15.765-04:00 |
class | vulnerability |
contributors | name | J. Daniel Brown | organization | DTCC |
name | Shane Shaffer | organization | G2, Inc. |
name | Sergey Artykhov | organization | ALTX-SOFT |
name | Sergey Artykhov | organization | ALTX-SOFT |
name | Shane Shaffer | organization | G2, Inc. |
name | Maria Kedovskaya | organization | ALTX-SOFT |
name | Maria Mikhno | organization | ALTX-SOFT |
name | Richard Helbing | organization | baramundi software |
name | Evgeniy Pavlov | organization | ALTX-SOFT |
name | Evgeniy Pavlov | organization | ALTX-SOFT |
name | Evgeniy Pavlov | organization | ALTX-SOFT |
|
definition_extensions | comment | Mozilla Thunderbird Mainline release is installed | oval | oval:org.mitre.oval:def:22093 |
comment | Mozilla Seamonkey is installed | oval | oval:org.mitre.oval:def:6372 |
comment | Mozilla Firefox Mainline release is installed | oval | oval:org.mitre.oval:def:22259 |
|
description | The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang. |
family | windows |
id | oval:org.mitre.oval:def:6708 |
status | accepted |
submitted | 2009-12-26T17:00:00.000-05:00 |
title | Mozilla Firefox, Thunderbird and Seamonkey Denial of Service and arbitrary code execution Vulnerabilities |
version | 35 |
Redhat
advisories | |
rpms | - firefox-0:3.0.7-1.el4
- firefox-0:3.0.7-1.el5
- firefox-debuginfo-0:3.0.7-1.el4
- firefox-debuginfo-0:3.0.7-1.el5
- xulrunner-0:1.9.0.7-1.el5
- xulrunner-debuginfo-0:1.9.0.7-1.el5
- xulrunner-devel-0:1.9.0.7-1.el5
- xulrunner-devel-unstable-0:1.9.0.7-1.el5
|