Vulnerabilities > CVE-2009-3376 - Configuration vulnerability in Mozilla Firefox and Seamonkey

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
mozilla
CWE-16
critical
nessus

Summary

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLA-XULRUNNER190-6617.NASL
    descriptionThe Mozilla XULRunner engine was updated to version 1.9.0.15 to fix various bugs and security issues. The following security issues have been fixed : - Security researcher Paul Stone reported that a user
    last seen2020-06-01
    modified2020-06-02
    plugin id49897
    published2010-10-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49897
    titleSuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6617)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(49897);
      script_version ("1.13");
      script_cvs_date("Date: 2019/10/25 13:36:36");
    
      script_cve_id("CVE-2009-0689", "CVE-2009-3274", "CVE-2009-3370", "CVE-2009-3371", "CVE-2009-3372", "CVE-2009-3373", "CVE-2009-3374", "CVE-2009-3375", "CVE-2009-3376", "CVE-2009-3380", "CVE-2009-3381", "CVE-2009-3382", "CVE-2009-3383");
    
      script_name(english:"SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6617)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Mozilla XULRunner engine was updated to version 1.9.0.15 to fix
    various bugs and security issues.
    
    The following security issues have been fixed :
    
      - Security researcher Paul Stone reported that a user's
        form history, both from web content as well as the smart
        location bar, was vulnerable to theft. A malicious web
        page could synthesize events such as mouse focus and key
        presses on behalf of the victim and trick the browser
        into auto-filling the form fields with history entries
        and then reading the entries. (MFSA 2009-52 /
        CVE-2009-3370)
    
      - Security researcher Jeremy Brown reported that the file
        naming scheme used for downloading a file which already
        exists in the downloads folder is predictable. If an
        attacker had local access to a victim's computer and
        knew the name of a file the victim intended to open
        through the Download Manager, he could use this
        vulnerability to place a malicious file in the
        world-writable directory used to save temporary
        downloaded files and cause the browser to choose the
        incorrect file when opening it. Since this attack
        requires local access to the victim's machine, the
        severity of this vulnerability was determined to be low.
        (MFSA 2009-53 / CVE-2009-3274)
    
      - Security researcher Orlando Berrera of Sec Theory
        reported that recursive creation of JavaScript
        web-workers can be used to create a set of objects whose
        memory could be freed prior to their use. These
        conditions often result in a crash which could
        potentially be used by an attacker to run arbitrary code
        on a victim's computer. (MFSA 2009-54 / CVE-2009-3371)
    
      - Security researcher Marco C. reported a flaw in the
        parsing of regular expressions used in Proxy
        Auto-configuration (PAC) files. In certain cases this
        flaw could be used by an attacker to crash a victim's
        browser and run arbitrary code on their computer. Since
        this vulnerability requires the victim to have PAC
        configured in their environment with specific regular
        expresssions which can trigger the crash, the severity
        of the issue was determined to be moderate. (MFSA
        2009-55 / CVE-2009-3372)
    
      - Security research firm iDefense reported that researcher
        regenrecht discovered a heap-based buffer overflow in
        Mozilla's GIF image parser. This vulnerability could
        potentially be used by an attacker to crash a victim's
        browser and run arbitrary code on their computer. (MFSA
        2009-56 / CVE-2009-3373)
    
      - Mozilla security researcher moz_bug_r_a4 reported that
        the XPCOM utility XPCVariant::VariantDataToJS unwrapped
        doubly-wrapped objects before returning them to chrome
        callers. This could result in chrome privileged code
        calling methods on an object which had previously been
        created or modified by web content, potentially
        executing malicious JavaScript code with chrome
        privileges. (MFSA 2009-57 / CVE-2009-3374)
    
      - Security researcher Alin Rad Pop of Secunia Research
        reported a heap-based buffer overflow in Mozilla's
        string to floating point number conversion routines.
        Using this vulnerability an attacker could craft some
        malicious JavaScript code containing a very long string
        to be converted to a floating point number which would
        result in improper memory allocation and the execution
        of an arbitrary memory location. This vulnerability
        could thus be leveraged by the attacker to run arbitrary
        code on a victim's computer. (MFSA 2009-59 /
        CVE-2009-1563)
    
      - Security researcher Gregory Fleischer reported that text
        within a selection on a web page can be read by
        JavaScript in a different domain using the
        document.getSelection function, violating the
        same-origin policy. Since this vulnerability requires
        user interaction to exploit, its severity was determined
        to be moderate. (MFSA 2009-61 / CVE-2009-3375)
    
      - Mozilla security researchers Jesse Ruderman and Sid
        Stamm reported that when downloading a file containing a
        right-to-left override character (RTL) in the filename,
        the name displayed in the dialog title bar conflicts
        with the name of the file shown in the dialog body. An
        attacker could use this vulnerability to obfuscate the
        name and file extension of a file to be downloaded and
        opened, potentially causing a user to run an executable
        file when they expected to open a non-executable file.
        (MFSA 2009-62 / CVE-2009-3376)
    
      - Mozilla developers and community members identified and
        fixed several stability bugs in the browser engine used
        in Firefox and other Mozilla-based products. Some of
        these crashes showed evidence of memory corruption under
        certain circumstances and we presume that with enough
        effort at least some of these could be exploited to run
        arbitrary code. (MFSA 2009-64 / CVE-2009-3380 /
        CVE-2009-3381 / CVE-2009-3382 / CVE-2009-3383)"
      );
      # http://www.mozilla.org/security/announce/2009/mfsa2009-52.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-52/"
      );
      # http://www.mozilla.org/security/announce/2009/mfsa2009-53.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-53/"
      );
      # http://www.mozilla.org/security/announce/2009/mfsa2009-54.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-54/"
      );
      # http://www.mozilla.org/security/announce/2009/mfsa2009-55.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-55/"
      );
      # http://www.mozilla.org/security/announce/2009/mfsa2009-56.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-56/"
      );
      # http://www.mozilla.org/security/announce/2009/mfsa2009-57.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-57/"
      );
      # http://www.mozilla.org/security/announce/2009/mfsa2009-59.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-59/"
      );
      # http://www.mozilla.org/security/announce/2009/mfsa2009-61.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-61/"
      );
      # http://www.mozilla.org/security/announce/2009/mfsa2009-62.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-62/"
      );
      # http://www.mozilla.org/security/announce/2009/mfsa2009-64.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2009-64/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-1563.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-3274.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-3370.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-3371.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-3372.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-3373.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-3374.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-3375.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-3376.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-3380.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-3381.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-3382.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-3383.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 6617.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(16, 119, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/09/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/11/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:3, reference:"mozilla-xulrunner190-1.9.0.15-0.4.2")) flag++;
    if (rpm_check(release:"SLED10", sp:3, reference:"mozilla-xulrunner190-gnomevfs-1.9.0.15-0.4.2")) flag++;
    if (rpm_check(release:"SLED10", sp:3, reference:"mozilla-xulrunner190-translations-1.9.0.15-0.4.2")) flag++;
    if (rpm_check(release:"SLED10", sp:3, cpu:"x86_64", reference:"mozilla-xulrunner190-32bit-1.9.0.15-0.4.2")) flag++;
    if (rpm_check(release:"SLED10", sp:3, cpu:"x86_64", reference:"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.15-0.4.2")) flag++;
    if (rpm_check(release:"SLED10", sp:3, cpu:"x86_64", reference:"mozilla-xulrunner190-translations-32bit-1.9.0.15-0.4.2")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"mozilla-xulrunner190-1.9.0.15-0.4.2")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"mozilla-xulrunner190-gnomevfs-1.9.0.15-0.4.2")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"mozilla-xulrunner190-translations-1.9.0.15-0.4.2")) flag++;
    if (rpm_check(release:"SLES10", sp:3, cpu:"x86_64", reference:"mozilla-xulrunner190-32bit-1.9.0.15-0.4.2")) flag++;
    if (rpm_check(release:"SLES10", sp:3, cpu:"x86_64", reference:"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.15-0.4.2")) flag++;
    if (rpm_check(release:"SLES10", sp:3, cpu:"x86_64", reference:"mozilla-xulrunner190-translations-32bit-1.9.0.15-0.4.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1531.NASL
    descriptionUpdated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey creates temporary file names for downloaded files. If a local attacker knows the name of a file SeaMonkey is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A heap-based buffer overflow flaw was found in the SeaMonkey string to floating point conversion routines. A web page containing malicious JavaScript could crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-1563) A flaw was found in the way SeaMonkey handles text selection. A malicious website may be able to read highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-origin policy. (CVE-2009-3375) A flaw was found in the way SeaMonkey displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. (CVE-2009-3376) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3380) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id42296
    published2009-10-29
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42296
    titleCentOS 3 / 4 : seamonkey (CESA-2009:1531)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2009:1531 and 
    # CentOS Errata and Security Advisory 2009:1531 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(42296);
      script_version("1.18");
      script_cvs_date("Date: 2019/10/25 13:36:05");
    
      script_cve_id("CVE-2009-0689", "CVE-2009-3274", "CVE-2009-3372", "CVE-2009-3373", "CVE-2009-3375", "CVE-2009-3376", "CVE-2009-3380", "CVE-2009-3384", "CVE-2009-3385");
      script_xref(name:"RHSA", value:"2009:1531");
    
      script_name(english:"CentOS 3 / 4 : seamonkey (CESA-2009:1531)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated SeaMonkey packages that fix several security issues are now
    available for Red Hat Enterprise Linux 3 and 4.
    
    This update has been rated as having critical security impact by the
    Red Hat Security Response Team.
    
    SeaMonkey is an open source Web browser, email and newsgroup client,
    IRC chat client, and HTML editor.
    
    A flaw was found in the way SeaMonkey creates temporary file names for
    downloaded files. If a local attacker knows the name of a file
    SeaMonkey is going to download, they can replace the contents of that
    file with arbitrary contents. (CVE-2009-3274)
    
    A heap-based buffer overflow flaw was found in the SeaMonkey string to
    floating point conversion routines. A web page containing malicious
    JavaScript could crash SeaMonkey or, potentially, execute arbitrary
    code with the privileges of the user running SeaMonkey.
    (CVE-2009-1563)
    
    A flaw was found in the way SeaMonkey handles text selection. A
    malicious website may be able to read highlighted text in a different
    domain (e.g. another website the user is viewing), bypassing the
    same-origin policy. (CVE-2009-3375)
    
    A flaw was found in the way SeaMonkey displays a right-to-left
    override character when downloading a file. In these cases, the name
    displayed in the title bar differs from the name displayed in the
    dialog body. An attacker could use this flaw to trick a user into
    downloading a file that has a file name or extension that differs from
    what the user expected. (CVE-2009-3376)
    
    Several flaws were found in the processing of malformed web content. A
    web page containing malicious content could cause SeaMonkey to crash
    or, potentially, execute arbitrary code with the privileges of the
    user running SeaMonkey. (CVE-2009-3380)
    
    All SeaMonkey users should upgrade to these updated packages, which
    correct these issues. After installing the update, SeaMonkey must be
    restarted for the changes to take effect."
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-October/016202.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?764074b1"
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-October/016203.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9065c174"
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-October/016204.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?954a4b55"
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-October/016205.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?59331fd5"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected seamonkey packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(16, 119, 264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-chat");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-js-debugger");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-mail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nspr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nspr-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nss-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/07/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/10/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/10/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"seamonkey-1.0.9-0.47.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"seamonkey-1.0.9-0.47.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"seamonkey-chat-1.0.9-0.47.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"seamonkey-chat-1.0.9-0.47.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"seamonkey-devel-1.0.9-0.47.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"seamonkey-devel-1.0.9-0.47.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"seamonkey-dom-inspector-1.0.9-0.47.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"seamonkey-dom-inspector-1.0.9-0.47.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"seamonkey-js-debugger-1.0.9-0.47.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"seamonkey-js-debugger-1.0.9-0.47.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"seamonkey-mail-1.0.9-0.47.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"seamonkey-mail-1.0.9-0.47.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"seamonkey-nspr-1.0.9-0.47.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"seamonkey-nspr-1.0.9-0.47.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"seamonkey-nspr-devel-1.0.9-0.47.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"seamonkey-nspr-devel-1.0.9-0.47.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"seamonkey-nss-1.0.9-0.47.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"seamonkey-nss-1.0.9-0.47.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"seamonkey-nss-devel-1.0.9-0.47.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"seamonkey-nss-devel-1.0.9-0.47.el3.centos3")) flag++;
    
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-1.0.9-50.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-1.0.9-50.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-chat-1.0.9-50.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-chat-1.0.9-50.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-devel-1.0.9-50.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-devel-1.0.9-50.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-dom-inspector-1.0.9-50.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-dom-inspector-1.0.9-50.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-js-debugger-1.0.9-50.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-js-debugger-1.0.9-50.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"seamonkey-mail-1.0.9-50.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"seamonkey-mail-1.0.9-50.el4.centos")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey / seamonkey-chat / seamonkey-devel / etc");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0154.NASL
    descriptionAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user
    last seen2020-06-01
    modified2020-06-02
    plugin id45093
    published2010-03-19
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/45093
    titleCentOS 4 : thunderbird (CESA-2010:0154)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-853-1.NASL
    descriptionAlin Rad Pop discovered a heap-based buffer overflow in Firefox when it converted strings to floating point numbers. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1563) Jeremy Brown discovered that the Firefox Download Manager was vulnerable to symlink attacks. A local attacker could exploit this to create or overwrite files with the privileges of the user invoking the program. (CVE-2009-3274) Paul Stone discovered a flaw in the Firefox form history. If a user were tricked into viewing a malicious website, a remote attacker could access this data to steal confidential information. (CVE-2009-3370) Orlando Berrera discovered that Firefox did not properly free memory when using web-workers. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 9.10. (CVE-2009-3371) A flaw was discovered in the way Firefox processed Proxy Auto-configuration (PAC) files. If a user configured the browser to use PAC files with certain regular expressions, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3372) A heap-based buffer overflow was discovered in Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id42335
    published2009-11-02
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42335
    titleUbuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : firefox-3.0, firefox-3.5, xulrunner-1.9, xulrunner-1.9.1 vulnerabilities (USN-853-1)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_20024.NASL
    descriptionThe installed version of Thunderbird is earlier than 2.0.0.24. Such versions are potentially affected by multiple vulnerabilities : - The columns of a XUL tree element can be manipulated in a particular way that would leave a pointer owned by the column pointing to freed memory. (MFSA 2009-49) - A heap-based buffer overflow exists in Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id45110
    published2010-03-19
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45110
    titleMozilla Thunderbird < 2.0.0.24 Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1530.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime (NSPR). A flaw was found in the way Firefox handles form history. A malicious web page could steal saved form data by synthesizing input events, causing the browser to auto-fill form fields (which could then be read by an attacker). (CVE-2009-3370) A flaw was found in the way Firefox creates temporary file names for downloaded files. If a local attacker knows the name of a file Firefox is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the Firefox Proxy Auto-Configuration (PAC) file processor. If Firefox loads a malicious PAC file, it could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3372) A heap-based buffer overflow flaw was found in the Firefox GIF image processor. A malicious GIF image could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3373) A heap-based buffer overflow flaw was found in the Firefox string to floating point conversion routines. A web page containing malicious JavaScript could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-1563) A flaw was found in the way Firefox handles text selection. A malicious website may be able to read highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-origin policy. (CVE-2009-3375) A flaw was found in the way Firefox displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. (CVE-2009-3376) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3374, CVE-2009-3380, CVE-2009-3382) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.15. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.15, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id42287
    published2009-10-28
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42287
    titleRHEL 4 / 5 : firefox (RHSA-2009:1530)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20091027_SEAMONKEY_ON_SL3_X.NASL
    descriptionA flaw was found in the way SeaMonkey creates temporary file names for downloaded files. If a local attacker knows the name of a file SeaMonkey is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A heap-based buffer overflow flaw was found in the SeaMonkey string to floating point conversion routines. A web page containing malicious JavaScript could crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-1563) A flaw was found in the way SeaMonkey handles text selection. A malicious website may be able to read highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-origin policy. (CVE-2009-3375) A flaw was found in the way SeaMonkey displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. (CVE-2009-3376) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3380) After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id60685
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60685
    titleScientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0153.NASL
    descriptionAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user
    last seen2020-06-01
    modified2020-06-02
    plugin id63923
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63923
    titleRHEL 5 : thunderbird (RHSA-2010:0153)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-071.NASL
    descriptionMultiple vulnerabilities has been found and corrected in mozilla-thunderbird : Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing (CVE-2009-0689). Integer overflow in a base64 decoding function in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors (CVE-2009-2463). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3072). Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3075). Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a dangling pointer vulnerability. (CVE-2009-3077) Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file (CVE-2009-3376). Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user (CVE-2009-3983). Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing (CVE-2010-0163). This update provides the latest version of Thunderbird which are not vulnerable to these issues. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. Additionally, some packages which require so, have been rebuilt and are being provided as updates.
    last seen2020-06-01
    modified2020-06-02
    plugin id45521
    published2010-04-14
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/45521
    titleMandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:071)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12616.NASL
    descriptionThis update brings Mozilla SeaMonkey to 1.1.19 fixing various bugs and security issues. The following security issues are fixed : - Mozilla developers took fixes from previously fixed memory safety bugs in newer Mozilla-based products and ported them to the Mozilla 1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey 1.1. (MFSA 2010-07) - Paul Fisher reported a crash when joined to an Active Directory server under Vista or Windows 7 and using SSPI authentication. (CVE-2010-0161) - Ludovic Hirlimann reported a crash indexing some messages with attachments. (CVE-2010-0163) - Carsten Book reported a crash in the JavaScript engine. (CVE-2009-3075) - Josh Soref reported a crash in the BinHex decoder used on non-Mac platforms. (CVE-2009-3072) - monarch2000 reported an integer overflow in a base64 decoding function. (CVE-2009-2463) - Security researcher Takehiro Takahashi of the IBM X-Force reported that Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id46685
    published2010-05-20
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/46685
    titleSuSE9 Security Update : epiphany (YOU Patch Number 12616)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-6609.NASL
    descriptionThe Mozilla Firefox browser was updated to version 3.5.4 to fix various bugs and security issues. The following security issues have been fixed : - Security researcher Paul Stone reported that a user
    last seen2020-06-01
    modified2020-06-02
    plugin id49887
    published2010-10-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49887
    titleSuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6609)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLA-XULRUNNER190-6616.NASL
    descriptionThe Mozilla XULRunner engine was updated to version 1.9.0.15 to fix various bugs and security issues. The following security issues have been fixed : - Security researcher Paul Stone reported that a user
    last seen2020-06-01
    modified2020-06-02
    plugin id42366
    published2009-11-04
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42366
    titleSuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6616)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_MOZILLAFIREFOX-091103.NASL
    descriptionThe Mozilla Firefox browser was updated to version 3.0.0.15 to fix various bugs and security issues. Following security issues have been fixed: MFSA 2009-52 / CVE-2009-3370: Security researcher Paul Stone reported that a user
    last seen2020-06-01
    modified2020-06-02
    plugin id42388
    published2009-11-05
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42388
    titleopenSUSE Security Update : MozillaFirefox (MozillaFirefox-1499)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_SEAMONKEY-100430.NASL
    descriptionThis update brings Mozilla SeaMonkey to 1.1.19 fixing various bugs and security issues. Following security issues are fixed: MFSA 2010-07: Mozilla developers took fixes from previously fixed memory safety bugs in newer Mozilla-based products and ported them to the Mozilla 1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey 1.1. Paul Fisher reported a crash when joined to an Active Directory server under Vista or Windows 7 and using SSPI authentication. (CVE-2010-0161) Ludovic Hirlimann reported a crash indexing some messages with attachments (CVE-2010-0163) Carsten Book reported a crash in the JavaScript engine (CVE-2009-3075) Josh Soref reported a crash in the BinHex decoder used on non-Mac platforms. (CVE-2009-3072) monarch2000 reported an integer overflow in a base64 decoding function (CVE-2009-2463) MFSA 2009-68 / CVE-2009-3983: Security researcher Takehiro Takahashi of the IBM X-Force reported that Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id46687
    published2010-05-20
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46687
    titleopenSUSE Security Update : seamonkey (openSUSE-SU-2010:0273-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20091027_FIREFOX_ON_SL4_X.NASL
    descriptionA flaw was found in the way Firefox handles form history. A malicious web page could steal saved form data by synthesizing input events, causing the browser to auto-fill form fields (which could then be read by an attacker). (CVE-2009-3370) A flaw was found in the way Firefox creates temporary file names for downloaded files. If a local attacker knows the name of a file Firefox is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the Firefox Proxy Auto-Configuration (PAC) file processor. If Firefox loads a malicious PAC file, it could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3372) A heap-based buffer overflow flaw was found in the Firefox GIF image processor. A malicious GIF image could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3373) A heap-based buffer overflow flaw was found in the Firefox string to floating point conversion routines. A web page containing malicious JavaScript could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-1563) A flaw was found in the way Firefox handles text selection. A malicious website may be able to read highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-origin policy. (CVE-2009-3375) A flaw was found in the way Firefox displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. (CVE-2009-3376) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3374, CVE-2009-3380, CVE-2009-3382) After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id60683
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60683
    titleScientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0153.NASL
    descriptionAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user
    last seen2020-06-01
    modified2020-06-02
    plugin id45361
    published2010-03-29
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/45361
    titleCentOS 5 : thunderbird (CESA-2010:0153)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-10878.NASL
    descriptionUpdate to new upstream Firefox version 3.5.4, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox35.html#firefox3.5.4 Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id42297
    published2009-10-29
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42297
    titleFedora 11 : Miro-2.5.2-5.fc11 / blam-1.8.5-15.fc11 / chmsee-1.0.1-12.fc11 / eclipse-3.4.2-17.fc11 / etc (2009-10878)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_3015.NASL
    descriptionThe installed version of Firefox is earlier than 3.0.15. Such versions are potentially affected by the following security issues : - It may be possible for a malicious web page to steal form history. (MFSA 2009-52) - By predicting the filename of an already downloaded file in the downloads directory, a local attacker may be able to trick the browser into opening an incorrect file. (MFSA 2009-53) - Provided the browser is configured to use Proxy Auto-configuration it may be possible for an attacker to crash the browser or execute arbitrary code. (MFSA 2009-55) - Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id42305
    published2009-10-29
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42305
    titleFirefox < 3.0.15 Multiple Vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-853-2.NASL
    descriptionUSN-853-1 fixed vulnerabilities in Firefox and Xulrunner. The upstream changes introduced regressions that could lead to crashes when processing certain malformed GIF images, fonts and web pages. This update fixes the problem. We apologize for the inconvenience. Alin Rad Pop discovered a heap-based buffer overflow in Firefox when it converted strings to floating point numbers. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1563) Jeremy Brown discovered that the Firefox Download Manager was vulnerable to symlink attacks. A local attacker could exploit this to create or overwrite files with the privileges of the user invoking the program. (CVE-2009-3274) Paul Stone discovered a flaw in the Firefox form history. If a user were tricked into viewing a malicious website, a remote attacker could access this data to steal confidential information. (CVE-2009-3370) Orlando Berrera discovered that Firefox did not properly free memory when using web-workers. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 9.10. (CVE-2009-3371) A flaw was discovered in the way Firefox processed Proxy Auto-configuration (PAC) files. If a user configured the browser to use PAC files with certain regular expressions, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3372) A heap-based buffer overflow was discovered in Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id42474
    published2009-11-12
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42474
    titleUbuntu 9.10 : firefox-3.5, xulrunner-1.9.1 regression (USN-853-2)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1530.NASL
    descriptionFrom Red Hat Security Advisory 2009:1530 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime (NSPR). A flaw was found in the way Firefox handles form history. A malicious web page could steal saved form data by synthesizing input events, causing the browser to auto-fill form fields (which could then be read by an attacker). (CVE-2009-3370) A flaw was found in the way Firefox creates temporary file names for downloaded files. If a local attacker knows the name of a file Firefox is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the Firefox Proxy Auto-Configuration (PAC) file processor. If Firefox loads a malicious PAC file, it could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3372) A heap-based buffer overflow flaw was found in the Firefox GIF image processor. A malicious GIF image could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3373) A heap-based buffer overflow flaw was found in the Firefox string to floating point conversion routines. A web page containing malicious JavaScript could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-1563) A flaw was found in the way Firefox handles text selection. A malicious website may be able to read highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-origin policy. (CVE-2009-3375) A flaw was found in the way Firefox displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. (CVE-2009-3376) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3374, CVE-2009-3380, CVE-2009-3382) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.15. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.15, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id67948
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67948
    titleOracle Linux 4 / 5 : firefox (ELSA-2009-1530)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-7100.NASL
    descriptionUpdate to new upstream SeaMonkey version 1.1.19, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/seamonkey11.html#seamonkey1.1.19 CVE-2010-0161 CVE-2010-0163 CVE-2009-3075 CVE-2009-3072 CVE-2009-2463 CVE-2009-3385 CVE-2009-3983 CVE-2009-3376 CVE-2009-0689 CVE-2009-3077 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47453
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47453
    titleFedora 11 : seamonkey-1.1.19-1.fc11 (2010-7100)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100317_THUNDERBIRD_ON_SL4_X.NASL
    descriptionSeveral flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user
    last seen2020-06-01
    modified2020-06-02
    plugin id60750
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60750
    titleScientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0154.NASL
    descriptionFrom Red Hat Security Advisory 2010:0154 : An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user
    last seen2020-06-01
    modified2020-06-02
    plugin id68015
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68015
    titleOracle Linux 4 : thunderbird (ELSA-2010-0154)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2010-0001_REMOTE.NASL
    descriptionThe remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Network Security Services (NSS) - NetScape Portable Runtime (NSPR)
    last seen2020-06-01
    modified2020-06-02
    plugin id89735
    published2016-03-08
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89735
    titleVMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2010-0001) (remote check)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_MOZILLAFIREFOX-091030.NASL
    descriptionThe Mozilla Firefox browser was updated to version 3.5.4 to fix various bugs and security issues. The following security issues have been fixed : - Security researcher Paul Stone reported that a user
    last seen2020-06-01
    modified2020-06-02
    plugin id42363
    published2009-11-04
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42363
    titleSuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 1488)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-294.NASL
    descriptionSecurity issues were identified and fixed in firefox 3.5.x : Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id48157
    published2010-07-30
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/48157
    titleMandriva Linux Security Advisory : firefox (MDVSA-2009:294)
  • NASL familyWindows
    NASL idSEAMONKEY_20.NASL
    descriptionThe installed version of SeaMonkey is earlier than 2.0. Such versions are potentially affected by the following security issues : - Provided the browser is configured to use Proxy Auto-configuration it may be possible for an attacker to crash the browser or execute arbitrary code. (MFSA 2009-55) - Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id42307
    published2009-10-29
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42307
    titleSeaMonkey < 2.0 Multiple Vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-10981.NASL
    descriptionUpdate to new upstream Firefox version 3.0.15, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox30.html#firefox3.0.15 Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id42383
    published2009-11-05
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42383
    titleFedora 10 : Miro-2.0.5-5.fc10 / blam-1.8.5-15.fc10 / epiphany-2.24.3-11.fc10 / etc (2009-10981)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_56CFE192329F11DFABB2000F20797EDE.NASL
    descriptionMozilla Project reports : MFSA 2010-07 Fixes for potentially exploitable crashes ported to the legacy branch MFSA 2010-06 Scriptable plugin execution in SeaMonkey mail MFSA 2009-68 NTLM reflection vulnerability MFSA 2009-62 Download filename spoofing with RTL override MFSA 2009-59 Heap buffer overflow in string to number conversion MFSA 2009-49 TreeColumns dangling pointer vulnerability
    last seen2020-06-01
    modified2020-06-02
    plugin id45114
    published2010-03-22
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/45114
    titleFreeBSD : mozilla -- multiple vulnerabilities (56cfe192-329f-11df-abb2-000f20797ede)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_MOZILLATHUNDERBIRD-100324.NASL
    descriptionMozilla Thunderbird was updated to 2.0.0.14 fixing several security issues and bugs. MFSA 2010-07: Mozilla developers took fixes from previously fixed memory safety bugs in newer Mozilla-based products and ported them to the Mozilla 1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey 1.1. Paul Fisher reported a crash when joined to an Active Directory server under Vista or Windows 7 and using SSPI authentication. (CVE-2010-0161) Ludovic Hirlimann reported a crash indexing some messages with attachments (CVE-2010-0163) Carsten Book reported a crash in the JavaScript engine (CVE-2009-3075) Josh Soref reported a crash in the BinHex decoder used on non-Mac platforms. (CVE-2009-3072) monarch2000 reported an integer overflow in a base64 decoding function (CVE-2009-2463) MFSA 2009-68 / CVE-2009-3983: Security researcher Takehiro Takahashi of the IBM X-Force reported that Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id45376
    published2010-03-30
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45376
    titleopenSUSE Security Update : MozillaThunderbird (MozillaThunderbird-2189)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-915-1.NASL
    descriptionSeveral flaws were discovered in the JavaScript engine of Thunderbird. If a user had JavaScript enabled and were tricked into viewing malicious web content, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0689, CVE-2009-2463, CVE-2009-3075) Josh Soref discovered that the BinHex decoder used in Thunderbird contained a flaw. If a user were tricked into viewing malicious content, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3072) It was discovered that Thunderbird did not properly manage memory when using XUL tree elements. If a user were tricked into viewing malicious content, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3077) Jesse Ruderman and Sid Stamm discovered that Thunderbird did not properly display filenames containing right-to-left (RTL) override characters. If a user were tricked into opening a malicious file with a crafted filename, an attacker could exploit this to trick the user into opening a different file than the user expected. (CVE-2009-3376) Takehiro Takahashi discovered flaws in the NTLM implementation in Thunderbird. If an NTLM authenticated user opened content containing links to a malicious website, a remote attacker could send requests to other applications, authenticated as the user. (CVE-2009-3983) Ludovic Hirlimann discovered a flaw in the way Thunderbird indexed certain messages with attachments. A remote attacker could send specially crafted content and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0163). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id45108
    published2010-03-19
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/45108
    titleUbuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : thunderbird vulnerabilities (USN-915-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-6606.NASL
    descriptionThe Mozilla Firefox browser was updated to version 3.5.4 to fix various bugs and security issues. The following security issues have been fixed : - Security researcher Paul Stone reported that a user
    last seen2020-06-01
    modified2020-06-02
    plugin id42365
    published2009-11-04
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42365
    titleSuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6606)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_MOZILLA-XULRUNNER190-091030.NASL
    descriptionThe Mozilla XULRunner engine was updated to version 1.9.0.15 to fix various bugs and security issues. The following security issues have been fixed : - Security researcher Paul Stone reported that a user
    last seen2020-06-01
    modified2020-06-02
    plugin id42364
    published2009-11-04
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42364
    titleSuSE 11 Security Update : Mozilla XULRunner (SAT Patch Number 1493)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1922.NASL
    descriptionSeveral remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-3380 Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel Banchero, David Keeler and Boris Zbarsky reported crashes in layout engine, which might allow the execution of arbitrary code. - CVE-2009-3382 Carsten Book reported a crash in the layout engine, which might allow the execution of arbitrary code. - CVE-2009-3376 Jesse Ruderman and Sid Stamm discovered spoofing vulnerability in the file download dialog. - CVE-2009-3375 Gregory Fleischer discovered a bypass of the same-origin policy using the document.getSelection() function. - CVE-2009-3374
    last seen2020-06-01
    modified2020-06-02
    plugin id44787
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44787
    titleDebian DSA-1922-1 : xulrunner - several vulnerabilities
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_354.NASL
    descriptionThe installed version of Firefox 3.5 is earlier than 3.5.4. Such versions are potentially affected by the following security issues : - It may be possible for a malicious web page to steal form history. (MFSA 2009-52) - By predicting the filename of an already downloaded file in the downloads directory, a local attacker may be able to trick the browser into opening an incorrect file. (MFSA 2009-53) - Recursive creation of JavaScript web-workers could crash the browser or allow execution of arbitrary code on the remote system. (MFSA 2009-54) - Provided the browser is configured to use Proxy Auto-configuration it may be possible for an attacker to crash the browser or execute arbitrary code. (MFSA 2009-55) - Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id42306
    published2009-10-29
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42306
    titleFirefox 3.5.x < 3.5.4 Multiple Vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201301-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id63402
    published2013-01-08
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63402
    titleGLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_MOZILLATHUNDERBIRD-100324.NASL
    descriptionMozilla Thunderbird was updated to 2.0.0.14 fixing several security issues and bugs. MFSA 2010-07: Mozilla developers took fixes from previously fixed memory safety bugs in newer Mozilla-based products and ported them to the Mozilla 1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey 1.1. Paul Fisher reported a crash when joined to an Active Directory server under Vista or Windows 7 and using SSPI authentication. (CVE-2010-0161) Ludovic Hirlimann reported a crash indexing some messages with attachments (CVE-2010-0163) Carsten Book reported a crash in the JavaScript engine (CVE-2009-3075) Josh Soref reported a crash in the BinHex decoder used on non-Mac platforms. (CVE-2009-3072) monarch2000 reported an integer overflow in a base64 decoding function (CVE-2009-2463) MFSA 2009-68 / CVE-2009-3983: Security researcher Takehiro Takahashi of the IBM X-Force reported that Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id45375
    published2010-03-30
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45375
    titleopenSUSE Security Update : MozillaThunderbird (MozillaThunderbird-2189)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1531.NASL
    descriptionUpdated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey creates temporary file names for downloaded files. If a local attacker knows the name of a file SeaMonkey is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A heap-based buffer overflow flaw was found in the SeaMonkey string to floating point conversion routines. A web page containing malicious JavaScript could crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-1563) A flaw was found in the way SeaMonkey handles text selection. A malicious website may be able to read highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-origin policy. (CVE-2009-3375) A flaw was found in the way SeaMonkey displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. (CVE-2009-3376) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3380) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id42288
    published2009-10-28
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42288
    titleRHEL 3 / 4 : seamonkey (RHSA-2009:1531)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1530.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime (NSPR). A flaw was found in the way Firefox handles form history. A malicious web page could steal saved form data by synthesizing input events, causing the browser to auto-fill form fields (which could then be read by an attacker). (CVE-2009-3370) A flaw was found in the way Firefox creates temporary file names for downloaded files. If a local attacker knows the name of a file Firefox is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the Firefox Proxy Auto-Configuration (PAC) file processor. If Firefox loads a malicious PAC file, it could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3372) A heap-based buffer overflow flaw was found in the Firefox GIF image processor. A malicious GIF image could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3373) A heap-based buffer overflow flaw was found in the Firefox string to floating point conversion routines. A web page containing malicious JavaScript could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-1563) A flaw was found in the way Firefox handles text selection. A malicious website may be able to read highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-origin policy. (CVE-2009-3375) A flaw was found in the way Firefox displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. (CVE-2009-3376) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3374, CVE-2009-3380, CVE-2009-3382) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.15. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.15, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id42295
    published2009-10-29
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42295
    titleCentOS 4 : firefox (CESA-2009:1530)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_MOZILLAFIREFOX-091102.NASL
    descriptionThe Mozilla Firefox browser was updated to version 3.0.0.15 to fix various bugs and security issues. Following security issues have been fixed: MFSA 2009-52 / CVE-2009-3370: Security researcher Paul Stone reported that a user
    last seen2020-06-01
    modified2020-06-02
    plugin id42391
    published2009-11-05
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42391
    titleopenSUSE Security Update : MozillaFirefox (MozillaFirefox-1499)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_C87AA2D2C3C411DEAB08000F20797EDE.NASL
    descriptionMozilla Foundation reports : MFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/ 1.9.0.15) MFSA 2009-63 Upgrade media libraries to fix memory safety bugs MFSA 2009-62 Download filename spoofing with RTL override MFSA 2009-61 Cross-origin data theft through document.getSelection() MFSA 2009-59 Heap buffer overflow in string to number conversion MFSA 2009-57 Chrome privilege escalation in XPCVariant::VariantDataToJS() MFSA 2009-56 Heap buffer overflow in GIF color map parser MFSA 2009-55 Crash in proxy auto-configuration regexp parsing MFSA 2009-54 Crash with recursive web-worker calls MFSA 2009-53 Local downloaded file tampering MFSA 2009-52 Form history vulnerable to stealing
    last seen2020-06-01
    modified2020-06-02
    plugin id42298
    published2009-10-29
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42298
    titleFreeBSD : mozilla -- multiple vulnerabilities (c87aa2d2-c3c4-11de-ab08-000f20797ede)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0154.NASL
    descriptionAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user
    last seen2020-06-01
    modified2020-06-02
    plugin id46271
    published2010-05-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46271
    titleRHEL 4 : thunderbird (RHSA-2010:0154)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_SEAMONKEY-100430.NASL
    descriptionThis update brings Mozilla SeaMonkey to 1.1.19 fixing various bugs and security issues. Following security issues are fixed: MFSA 2010-07: Mozilla developers took fixes from previously fixed memory safety bugs in newer Mozilla-based products and ported them to the Mozilla 1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey 1.1. Paul Fisher reported a crash when joined to an Active Directory server under Vista or Windows 7 and using SSPI authentication. (CVE-2010-0161) Ludovic Hirlimann reported a crash indexing some messages with attachments (CVE-2010-0163) Carsten Book reported a crash in the JavaScript engine (CVE-2009-3075) Josh Soref reported a crash in the BinHex decoder used on non-Mac platforms. (CVE-2009-3072) monarch2000 reported an integer overflow in a base64 decoding function (CVE-2009-2463) MFSA 2009-68 / CVE-2009-3983: Security researcher Takehiro Takahashi of the IBM X-Force reported that Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id46686
    published2010-05-20
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46686
    titleopenSUSE Security Update : seamonkey (openSUSE-SU-2010:0273-1)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2010-0001.NASL
    descriptiona. Update for Service Console packages nss and nspr Service console packages for Network Security Services (NSS) and NetScape Portable Runtime (NSPR) are updated to versions nss-3.12.3.99.3-1.2157 and nspr-4.7.6-1.2213 respectively. This patch fixes several security issues in the service console packages for NSS and NSPR. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-2409, CVE-2009-2408, CVE-2009-2404, CVE-2009-1563, CVE-2009-3274, CVE-2009-3370, CVE-2009-3372, CVE-2009-3373, CVE-2009-3374, CVE-2009-3375, CVE-2009-3376, CVE-2009-3380, and CVE-2009-3382 to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43826
    published2010-01-08
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43826
    titleVMSA-2010-0001 : ESX Service Console and vMA updates for nss and nspr
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1531.NASL
    descriptionFrom Red Hat Security Advisory 2009:1531 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey creates temporary file names for downloaded files. If a local attacker knows the name of a file SeaMonkey is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A heap-based buffer overflow flaw was found in the SeaMonkey string to floating point conversion routines. A web page containing malicious JavaScript could crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-1563) A flaw was found in the way SeaMonkey handles text selection. A malicious website may be able to read highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-origin policy. (CVE-2009-3375) A flaw was found in the way SeaMonkey displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. (CVE-2009-3376) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3380) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id67949
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67949
    titleOracle Linux 3 / 4 : seamonkey (ELSA-2009-1531)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-290.NASL
    descriptionSecurity issues were identified and fixed in firefox 3.0.x : Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id42992
    published2009-12-04
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42992
    titleMandriva Linux Security Advisory : firefox (MDVSA-2009:290-1)

Oval

  • accepted2013-04-29T04:12:26.506-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionMozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.
    familyunix
    idoval:org.mitre.oval:def:11218
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleMozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.
    version27
  • accepted2014-10-06T04:04:13.250-04:00
    classvulnerability
    contributors
    • namePrabhu S A
      organizationSecPod Technologies
    • nameSergey Artykhov
      organizationALTX-SOFT
    • nameSergey Artykhov
      organizationALTX-SOFT
    • nameShane Shaffer
      organizationG2, Inc.
    • nameMaria Kedovskaya
      organizationALTX-SOFT
    • nameEvgeniy Pavlov
      organizationALTX-SOFT
    • nameEvgeniy Pavlov
      organizationALTX-SOFT
    • nameEvgeniy Pavlov
      organizationALTX-SOFT
    definition_extensions
    • commentMozilla Firefox Mainline release is installed
      ovaloval:org.mitre.oval:def:22259
    • commentMozilla Seamonkey is installed
      ovaloval:org.mitre.oval:def:6372
    descriptionMozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.
    familywindows
    idoval:org.mitre.oval:def:6541
    statusaccepted
    submitted2009-11-04T12:10:11
    titleSpoofed file extensions via a crafted filename containing Unicode character in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0
    version29

Redhat

advisories
  • rhsa
    idRHSA-2010:0153
  • rhsa
    idRHSA-2010:0154
rpms
  • firefox-0:3.0.15-3.el4
  • firefox-0:3.0.15-3.el5_4
  • firefox-debuginfo-0:3.0.15-3.el4
  • firefox-debuginfo-0:3.0.15-3.el5_4
  • nspr-0:4.7.6-1.el4_8
  • nspr-0:4.7.6-1.el5_4
  • nspr-debuginfo-0:4.7.6-1.el4_8
  • nspr-debuginfo-0:4.7.6-1.el5_4
  • nspr-devel-0:4.7.6-1.el4_8
  • nspr-devel-0:4.7.6-1.el5_4
  • xulrunner-0:1.9.0.15-3.el5_4
  • xulrunner-debuginfo-0:1.9.0.15-3.el5_4
  • xulrunner-devel-0:1.9.0.15-3.el5_4
  • xulrunner-devel-unstable-0:1.9.0.15-3.el5_4
  • seamonkey-0:1.0.9-0.47.el3
  • seamonkey-0:1.0.9-50.el4_8
  • seamonkey-chat-0:1.0.9-0.47.el3
  • seamonkey-chat-0:1.0.9-50.el4_8
  • seamonkey-debuginfo-0:1.0.9-0.47.el3
  • seamonkey-debuginfo-0:1.0.9-50.el4_8
  • seamonkey-devel-0:1.0.9-0.47.el3
  • seamonkey-devel-0:1.0.9-50.el4_8
  • seamonkey-dom-inspector-0:1.0.9-0.47.el3
  • seamonkey-dom-inspector-0:1.0.9-50.el4_8
  • seamonkey-js-debugger-0:1.0.9-0.47.el3
  • seamonkey-js-debugger-0:1.0.9-50.el4_8
  • seamonkey-mail-0:1.0.9-0.47.el3
  • seamonkey-mail-0:1.0.9-50.el4_8
  • seamonkey-nspr-0:1.0.9-0.47.el3
  • seamonkey-nspr-devel-0:1.0.9-0.47.el3
  • seamonkey-nss-0:1.0.9-0.47.el3
  • seamonkey-nss-devel-0:1.0.9-0.47.el3
  • thunderbird-0:2.0.0.24-2.el5_4
  • thunderbird-debuginfo-0:2.0.0.24-2.el5_4
  • thunderbird-0:1.5.0.12-25.el4
  • thunderbird-debuginfo-0:1.5.0.12-25.el4

Seebug

  • bulletinFamilyexploit
    descriptionBUGTRAQ ID: 36867 CVE ID: CVE-2009-3376 Firefox是一款流行的开源WEB浏览器。 在下载文件名中包含有从右到左(RTL)覆盖字符的文件时对话框标题栏中所显示的名称可能与对话体所显示的名称不一致。攻击者可以利用这个漏洞迷惑将要下载和打开的文件名和扩展名,诱骗用户打开非预期的恶意文件。 Mozilla Firefox 3.5.x Mozilla Firefox 3.0.x Mozilla SeaMonkey 1.1.x 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1922-1)以及相应补丁: DSA-1922-1:New xulrunner packages fix several vulnerabilities 链接:http://www.debian.org/security/2009/dsa-1922 补丁下载: Source archives: http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.15-0lenny1.diff.gz Size/MD5 checksum: 116164 3d995b59ffe890d36117f3103f38b9b1 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.15-0lenny1.dsc Size/MD5 checksum: 1779 7e8392a8b59ef9064df564ee03c23b14 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.15.orig.tar.gz Size/MD5 checksum: 44085950 49aa2aee64997f9e802cf386d038d2d7 Architecture independent packages: http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.15-0lenny1_all.deb Size/MD5 checksum: 1464278 ea66718b41a4c282284d37672d0e7078 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_alpha.deb Size/MD5 checksum: 9494314 8cd7366b90d39c5c64064d1fb17c1022 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_alpha.deb Size/MD5 checksum: 938304 bf39af51a378ed039c545730664857aa http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_alpha.deb Size/MD5 checksum: 221588 1dd219c2812ca8d23fff415c9555d3db http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_alpha.deb Size/MD5 checksum: 432182 5d32bfa9665c32fb1738f416f739b3ae http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_alpha.deb Size/MD5 checksum: 3651374 14dd5f555695db43b94ceab3260c680d http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_alpha.deb Size/MD5 checksum: 51089582 fa7f8faad8460d1049e9fb8f6fd1f7bb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_alpha.deb Size/MD5 checksum: 163912 d488634f9d36f6d0afcc7b27ee6699a0 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_alpha.deb Size/MD5 checksum: 112022 9666fd74cd00bc0643993acc22d40c91 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_alpha.deb Size/MD5 checksum: 71980 602c6780c2328141871f5d94b8a163f4 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_amd64.deb Size/MD5 checksum: 69898 c0295f0b7e6957f236d769dc8bdfd2ca http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_amd64.deb Size/MD5 checksum: 890260 2d4cb08b3e886e06be04ec7e43a82b0f http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_amd64.deb Size/MD5 checksum: 151952 3e20640a2f4eb68a58731bba532aedb0 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_amd64.deb Size/MD5 checksum: 50327552 5779e5efb1f7b6612bf8a774a8e8cd6a http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_amd64.deb Size/MD5 checksum: 374218 86b4b4a30f5f30f4492fe11eca93dace http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_amd64.deb Size/MD5 checksum: 3287960 741031dbbba1f6c6e8fe045d71547905 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_amd64.deb Size/MD5 checksum: 222992 3e801bb57c442128512e599af5c9547e http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_amd64.deb Size/MD5 checksum: 7722556 cc9b8e7ac989143255cb6ad53ce84884 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_amd64.deb Size/MD5 checksum: 101512 396f03e0770dd73cf5820354a8b94a0f armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_armel.deb Size/MD5 checksum: 223358 a881797fcf62521c0ab538e72b33bb70 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_armel.deb Size/MD5 checksum: 84272 1602bc59310724ee0f20d8f5a0ac0a8c http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_armel.deb Size/MD5 checksum: 821892 79baa048d939ac77273ac50237c7bfe3 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_armel.deb Size/MD5 checksum: 69726 cd5970b1776e5777686ce9208c074e79 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_armel.deb Size/MD5 checksum: 6954730 a8a092eab78826ef9ed0e98e8d7251bb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_armel.deb Size/MD5 checksum: 141248 47668db41fd86750793bae3f59ff623e http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_armel.deb Size/MD5 checksum: 352870 99357abd251ccfe354b28ed441256eb4 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_armel.deb Size/MD5 checksum: 50116888 a19877e49d8d1037458d2531873181e0 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_armel.deb Size/MD5 checksum: 3579420 9091ebebb2d0b23a8f10300ff7340c16 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_hppa.deb Size/MD5 checksum: 105902 14573c4144b48dfcdeadca11dbf28fd1 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_hppa.deb Size/MD5 checksum: 412252 703d501036427f18e6ffc3841c0434e7 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_hppa.deb Size/MD5 checksum: 158830 9c6c95e2c55a59adaa4314022adaba97 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_hppa.deb Size/MD5 checksum: 9512434 b479cbca6e9244681e8acf58afba706e http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_hppa.deb Size/MD5 checksum: 51210900 7b5ae111a77a354adadb9a019892970b http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_hppa.deb Size/MD5 checksum: 3621952 4a3cef66aa1b240f42c4c4c4de41ca64 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_hppa.deb Size/MD5 checksum: 222858 1f6d47dc993cbc9a068517a06492beb9 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_hppa.deb Size/MD5 checksum: 898430 c63b30f2604b2a08d9fed108253b6b5b http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_hppa.deb Size/MD5 checksum: 71384 50c3026bc0d90b912e74c0892ac3cd8c i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_i386.deb Size/MD5 checksum: 851844 28f3d2c286d83a90df609b21699baf97 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_i386.deb Size/MD5 checksum: 79142 61aff31316b603d03921eb89b5df073b http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_i386.deb Size/MD5 checksum: 3565362 fd8674b08b704e5f0f9ef790da65b7f8 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_i386.deb Size/MD5 checksum: 141410 0182fcff2acf3987fa15128659fe7b38 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_i386.deb Size/MD5 checksum: 6602586 03aed73b528a0e36cef99361ae9da656 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_i386.deb Size/MD5 checksum: 49492306 82d2789b64cedcbf2406a09131032764 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_i386.deb Size/MD5 checksum: 223182 1872e9d86b45cb1b29f20c4d75467200 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_i386.deb Size/MD5 checksum: 350814 4e647513b860210f0c1bc1caef893e9f http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_i386.deb Size/MD5 checksum: 68094 f9e97cd83f976afa8959ea9f774f1994 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_ia64.deb Size/MD5 checksum: 223134 2ae79c69711959cb6cd75026882abd60 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_ia64.deb Size/MD5 checksum: 542104 a8b314bf8ad3c48e1ab4ed231b83a450 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_ia64.deb Size/MD5 checksum: 121518 18ec63c6f78623b2c744d9362d4b2be6 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_ia64.deb Size/MD5 checksum: 76492 22f1645790b9540cc1a3b795573b3e46 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_ia64.deb Size/MD5 checksum: 49667940 d01b4ee9da9f802eb24749992dd14be2 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_ia64.deb Size/MD5 checksum: 180184 b26234c2f0d54a61e771ee478828c628 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_ia64.deb Size/MD5 checksum: 11301676 95599d73eb33ae7e9613d92304b8d813 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_ia64.deb Size/MD5 checksum: 811176 33ceb8965e9db8d79020777ab55e1838 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_ia64.deb Size/MD5 checksum: 3397550 7eff41c031481161dfab1bc83cfa8450 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_mipsel.deb Size/MD5 checksum: 49965510 8997b286648f39786e86826b5045e69d http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_mipsel.deb Size/MD5 checksum: 223146 2bdf56823a2075c6bbd4fe3fc2e0646c http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_mipsel.deb Size/MD5 checksum: 7375092 29d842979cbc5ee6ad659cf13927788b http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_mipsel.deb Size/MD5 checksum: 96764 5fa81a5541ae261f0a72b91bb5bf6626 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_mipsel.deb Size/MD5 checksum: 144986 d3da343322c085f952511248e3a69345 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_mipsel.deb Size/MD5 checksum: 900210 b87e5f91341b390cb2f1603a1071aff7 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_mipsel.deb Size/MD5 checksum: 3308536 7c5f7065d8961c7fc0ca7fb974e6611c http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_mipsel.deb Size/MD5 checksum: 69836 ace8648bf416d4804db9644c487dcdf1 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_mipsel.deb Size/MD5 checksum: 378586 18fd2ced744197472973e2cae61d4d64 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_powerpc.deb Size/MD5 checksum: 362482 a0bf9d0ba7a4695378f7ea053cd9cc46 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_powerpc.deb Size/MD5 checksum: 3283604 b98767e9b18704a2482c731309eef892 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_powerpc.deb Size/MD5 checksum: 51378802 bed95771a8d00f88bedc12d480ed91f0 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_powerpc.deb Size/MD5 checksum: 94786 fb7b21596585931a6edda7e2bebae561 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_powerpc.deb Size/MD5 checksum: 152276 d83cf113d2600c6ca9e691dfd25a1466 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_powerpc.deb Size/MD5 checksum: 7275222 008f00164ecbc43c681f1743ba33c0e8 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_powerpc.deb Size/MD5 checksum: 72990 2982ec8818b1ae7b47241dcdb046c8e0 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_powerpc.deb Size/MD5 checksum: 887776 9853592dc50b738bd7b223fc78c030c3 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_powerpc.deb Size/MD5 checksum: 223140 96d915d392dbb2cdc3a09268d97a206f s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_s390.deb Size/MD5 checksum: 3306276 95d049eaa0c2b95b8f98f2295d984454 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_s390.deb Size/MD5 checksum: 406680 9efe79857bd5fc05bf567f4840109135 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_s390.deb Size/MD5 checksum: 223124 ee4ed0dc817d276cbe22bcb5ef6314af http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_s390.deb Size/MD5 checksum: 51172466 33aeec198869e5b92132775938f1dba6 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_s390.deb Size/MD5 checksum: 8387566 5cf074573a634121d0981d927bdf8dc5 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_s390.deb Size/MD5 checksum: 105540 ad95c071cf5d0f16301e004800626ab6 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_s390.deb Size/MD5 checksum: 156084 69c04262268e1b13ffac80f8827e5776 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_s390.deb Size/MD5 checksum: 909030 9d9a82bbaa3501f41dd810c3bf3e7b0b http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_s390.deb Size/MD5 checksum: 72868 738b9ff7dafce724b01f032e568d145d sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_sparc.deb Size/MD5 checksum: 143228 8017cc9ebd542b69b5a33328e4db72fd http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_sparc.deb Size/MD5 checksum: 69342 2a626affc178cb0bed8bd8dc0302308b http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_sparc.deb Size/MD5 checksum: 821126 3107a47d82efbaf745b0a7355df82271 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_sparc.deb Size/MD5 checksum: 223230 41277488a9fbf77e3864848e36ad1040 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_sparc.deb Size/MD5 checksum: 7174794 ff98cd42b01c1b6da7f443a8513ec516 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_sparc.deb Size/MD5 checksum: 350084 53b49c566cc58af0976b24382a144a16 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_sparc.deb Size/MD5 checksum: 88202 d8ed5ea8a627c996c8890521551e14b3 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_sparc.deb Size/MD5 checksum: 49353618 3919a69140cbf1cc726b9142a7f33f23 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_sparc.deb Size/MD5 checksum: 3577270 0709623512ba6d57f6a475f8382b20a2 补丁安装方法: 1. 手工安装补丁包: 首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址) 然后,使用下面的命令来安装补丁: # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包: 首先,使用下面的命令更新内部数据库: # apt-get update 然后,使用下面的命令安装更新软件包: # apt-get upgrade Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.mozilla.org/ RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2009:1530-01)以及相应补丁: RHSA-2009:1530-01:Critical: firefox security update 链接:https://www.redhat.com/support/errata/RHSA-2009-1530.html
    idSSV:12569
    last seen2017-11-19
    modified2009-11-03
    published2009-11-03
    reporterRoot
    titleMozilla Firefox下载文件名欺骗漏洞
  • bulletinFamilyexploit
    descriptionCVE:CVE-2009-3376 Mozilla Firefox and SeaMonkey are prone to a spoofing vulnerability. Attackers can exploit this issue to spoof the filenames displayed in the download dialog box and trick a user into downloading executable files. NOTE: This issue was previously covered in BID 36843 (Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities), but has been assigned its own record to better document it. VMWare vMA 4.0 VMWare ESX Server 4.0 Ubuntu Ubuntu Linux 9.10 sparc Ubuntu Ubuntu Linux 9.10 powerpc Ubuntu Ubuntu Linux 9.10 lpia Ubuntu Ubuntu Linux 9.10 i386 Ubuntu Ubuntu Linux 9.10 amd64 Ubuntu Ubuntu Linux 9.04 sparc Ubuntu Ubuntu Linux 9.04 powerpc Ubuntu Ubuntu Linux 9.04 lpia Ubuntu Ubuntu Linux 9.04 i386 Ubuntu Ubuntu Linux 9.04 amd64 Ubuntu Ubuntu Linux 8.10 sparc Ubuntu Ubuntu Linux 8.10 powerpc Ubuntu Ubuntu Linux 8.10 lpia Ubuntu Ubuntu Linux 8.10 i386 Ubuntu Ubuntu Linux 8.10 amd64 Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Sun OpenSolaris build snv_99 Sun OpenSolaris build snv_98 Sun OpenSolaris build snv_96 Sun OpenSolaris build snv_95 Sun OpenSolaris build snv_127 Sun OpenSolaris build snv_126 Sun OpenSolaris build snv_125 Sun OpenSolaris build snv_124 Sun OpenSolaris build snv_123 Sun OpenSolaris build snv_122 Sun OpenSolaris build snv_121 Sun OpenSolaris build snv_120 Sun OpenSolaris build snv_119 Sun OpenSolaris build snv_118 Sun OpenSolaris build snv_117 Sun OpenSolaris build snv_116 Sun OpenSolaris build snv_115 Sun OpenSolaris build snv_114 Sun OpenSolaris build snv_113 Sun OpenSolaris build snv_112 Sun OpenSolaris build snv_111a Sun OpenSolaris build snv_111 Sun OpenSolaris build snv_110 Sun OpenSolaris build snv_109 Sun OpenSolaris build snv_108 Sun OpenSolaris build snv_107 Sun OpenSolaris build snv_106 Sun OpenSolaris build snv_105 Sun OpenSolaris build snv_104 Sun OpenSolaris build snv_103 Sun OpenSolaris build snv_102 Sun OpenSolaris build snv_101a Sun OpenSolaris build snv_101 Sun OpenSolaris build snv_100 Slackware Linux 13.0 x86_64 Slackware Linux 13.0 Slackware Linux 12.2 Slackware Linux 12.0 Slackware Linux 11.0 Slackware Linux -current S.u.S.E. SUSE Linux Enterprise Server 10 SP3 S.u.S.E. SUSE Linux Enterprise Server 10 SP2 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP3 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP2 S.u.S.E. SUSE Linux Enterprise 10 SP3 DEBUGINFO S.u.S.E. SUSE Linux Enterprise 10 SP2 DEBUGINFO S.u.S.E. SLES 11 DEBUGINFO S.u.S.E. SLES 11 S.u.S.E. SLED 11 S.u.S.E. SLE SDK 10 SP3 S.u.S.E. SLE SDK 10 SP2 S.u.S.E. SLE 11 S.u.S.E. openSUSE 11.1 S.u.S.E. openSUSE 11.0 RedHat Fedora 11 RedHat Fedora 10 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux Optional Productivity Application 5.4.z server RedHat Enterprise Linux Optional Productivity Application 5 server RedHat Enterprise Linux ES 4.8.z RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux AS 4.8.z RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux Desktop version 4 RedHat Enterprise Linux 5 server RedHat Desktop 4.0 RedHat Desktop 3.0 Pardus Linux 2009 0 Pardus Linux 2008 0 Mozilla SeaMonkey 1.1.17 Mozilla SeaMonkey 1.1.16 Mozilla SeaMonkey 1.1.15 Mozilla SeaMonkey 1.1.14 Mozilla SeaMonkey 1.1.13 Mozilla SeaMonkey 1.1.12 Mozilla SeaMonkey 1.1.11 Mozilla SeaMonkey 1.1.10 Mozilla SeaMonkey 1.1.9 Mozilla SeaMonkey 1.1.8 Mozilla SeaMonkey 1.1.7 Mozilla SeaMonkey 1.1.6 Mozilla SeaMonkey 1.1.5 Mozilla SeaMonkey 1.1.4 Mozilla SeaMonkey 1.1.3 Mozilla SeaMonkey 1.1.2 Mozilla SeaMonkey 1.1.1 Mozilla SeaMonkey 1.0.99 Mozilla SeaMonkey 1.0.9 Mozilla SeaMonkey 1.0.8 Mozilla SeaMonkey 1.0.7 Mozilla SeaMonkey 1.0.6 Mozilla SeaMonkey 1.0.5 Mozilla SeaMonkey 1.0.3 Mozilla SeaMonkey 1.0.2 Mozilla SeaMonkey 1.0.1 Mozilla SeaMonkey 1.1 beta Mozilla SeaMonkey 1.0 dev Mozilla SeaMonkey 1.0 Mozilla Firefox 3.5.3 Mozilla Firefox 3.5.2 Mozilla Firefox 3.5.1 Mozilla Firefox 3.5 Mozilla Firefox 3.0.14 Mozilla Firefox 3.0.13 Mozilla Firefox 3.0.12 Mozilla Firefox 3.0.11 Mozilla Firefox 3.0.10 Mozilla Firefox 3.0.9 Mozilla Firefox 3.0.8 Mozilla Firefox 3.0.7 Mozilla Firefox 3.0.6 Mozilla Firefox 3.0.5 Mozilla Firefox 3.0.4 Mozilla Firefox 3.0.3 Mozilla Firefox 3.0.2 Mozilla Firefox 3.0.1 Mozilla Firefox 3.0 MandrakeSoft Linux Mandrake 2010.0 x86_64 MandrakeSoft Linux Mandrake 2010.0 MandrakeSoft Linux Mandrake 2009.1 x86_64 MandrakeSoft Linux Mandrake 2009.1 MandrakeSoft Linux Mandrake 2008.0 x86_64 MandrakeSoft Linux Mandrake 2008.0 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 Debian Linux 5.0 sparc Debian Linux 5.0 s/390 Debian Linux 5.0 powerpc Debian Linux 5.0 mipsel Debian Linux 5.0 mips Debian Linux 5.0 m68k Debian Linux 5.0 ia-64 Debian Linux 5.0 ia-32 Debian Linux 5.0 hppa Debian Linux 5.0 armel Debian Linux 5.0 arm Debian Linux 5.0 amd64 Debian Linux 5.0 alpha Debian Linux 5.0 Avaya Voice Portal 4.1 Avaya Voice Portal 4.0 Avaya Messaging Storage Server 5.0 Avaya Messaging Storage Server 4.0 Avaya Message Networking MN 3.1 Avaya Message Networking 3.1 Avaya Message Networking Avaya Intuity AUDIX LX 2.0 SP2 Avaya Intuity AUDIX LX 2.0 SP1 Avaya Intuity AUDIX LX 2.0 Ubuntu Ubuntu Linux 8.10 powerpc * Ubuntu thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1_powerpc.deb http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-supp ort_2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1_powerpc.deb * Ubuntu thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1_powerpc.deb http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0. 24+build1+nobinonly-0ubuntu0.8.10.1_powerpc.deb * Ubuntu mozilla-thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thun derbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1_all.deb * Ubuntu thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1_powerpc.deb http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.24+b uild1+nobinonly-0ubuntu0.8.10.1_powerpc.deb * Ubuntu mozilla-thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thun derbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1_all.deb Slackware Linux 12.2 * Slackware mozilla-firefox-3.0.15-i686-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/ mozilla-firefox-3.0.15-i686-1.tgz Ubuntu Ubuntu Linux 9.10 powerpc * Ubuntu thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1_powerpc.deb http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0. 24+build1+nobinonly-0ubuntu0.9.10.1_powerpc.deb * Ubuntu mozilla-thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thun derbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1_all.deb * Ubuntu thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1_powerpc.deb http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-supp ort_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1_powerpc.deb * Ubuntu mozilla-thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thun derbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1_all.deb * Ubuntu thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1_powerpc.deb http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.24+b uild1+nobinonly-0ubuntu0.9.10.1_powerpc.deb Debian Linux 5.0 alpha * Debian xulrunner-1.9-dbg_1.9.0.15-0lenny1_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9 -dbg_1.9.0.15-0lenny1_alpha.deb * Debian libmozjs1d_1.9.0.15-0lenny1_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1. 9.0.15-0lenny1_alpha.deb * Debian xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9 -gnome-support_1.9.0.15-0lenny1_alpha.deb * Debian libmozjs1d-dbg_1.9.0.15-0lenny1_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-db g_1.9.0.15-0lenny1_alpha.deb * Debian libmozjs-dev_1.9.0.15-0lenny1_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_ 1.9.0.15-0lenny1_alpha.deb * Debian spidermonkey-bin_1.9.0.15-0lenny1_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey- bin_1.9.0.15-0lenny1_alpha.deb * Debian xulrunner-dev_1.9.0.15-0lenny1_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev _1.9.0.15-0lenny1_alpha.deb * Debian xulrunner-1.9_1.9.0.15-0lenny1_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9 _1.9.0.15-0lenny1_alpha.deb * Debian python-xpcom_1.9.0.15-0lenny1_alpha.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_ 1.9.0.15-0lenny1_alpha.deb MandrakeSoft Linux Mandrake 2008.0 * Mandriva firefox-ka-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-sv_SE-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ro-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ga_IE-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-bg-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-si-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-id-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-et-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-nn_NO-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ar-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva libxulrunner1.9-1.9.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-zh_TW-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva librarian-devel-0.8.0-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva totem-mozilla-2.20.1-1.9mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-cs-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-es_AR-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-pt_PT-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva libxulrunner-unstable-devel-1.9.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-pt_BR-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-el-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-pl-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva yelp-2.22.1-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-af-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-mr-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-lv-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-sr-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-mk-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-sk-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-is-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ko-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-eo-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva totem-gstreamer-2.20.1-1.9mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-nl-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva totem-mozilla-gstreamer-2.20.1-1.9mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ca-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ja-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-hu-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-pa_IN-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ru-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-mn-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-gu_IN-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-eu-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-de-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-bn-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva librarian0-0.8.0-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva xulrunner-1.9.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-lt-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva mozilla-firefox-ext-scribefire-3.2.3-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-oc-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-fr-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-kn-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva totem-common-2.20.1-1.9mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-da-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-be-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ku-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-he-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-te-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva mozilla-firefox-ext-foxmarks-2.7.2-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-cy-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-fi-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-th-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva libtotem-plparser7-2.20.1-1.9mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva totem-2.20.1-1.9mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-nb_NO-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva mozilla-firefox-ext-blogrovr-1.1.798-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-gl-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-sq-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-sl-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva libxulrunner-devel-1.9.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva libtotem-plparser-devel-2.20.1-1.9mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-hi-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-fy-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-it-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-tr-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-zh_CN-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-es_ES-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva rarian-0.8.0-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-en_GB-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-uk-3.0.15-0.1mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ Ubuntu Ubuntu Linux 9.10 lpia * Ubuntu mozilla-thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thun derbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1_all.deb * Ubuntu thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1_lpia.deb http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0. 24+build1+nobinonly-0ubuntu0.9.10.1_lpia.deb * Ubuntu mozilla-thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thun derbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1_all.deb * Ubuntu thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1_lpia.deb http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-supp ort_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1_lpia.deb * Ubuntu thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1_lpia.deb http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.24+b uild1+nobinonly-0ubuntu0.9.10.1_lpia.deb Ubuntu Ubuntu Linux 9.04 sparc * Ubuntu mozilla-thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thun derbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1_all.deb * Ubuntu mozilla-thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thun derbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1_all.deb * Ubuntu thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1_sparc.deb http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-supp ort_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1_sparc.deb * Ubuntu thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1_sparc.deb http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.24+b uild1+nobinonly-0ubuntu0.9.04.1_sparc.deb * Ubuntu thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1_sparc.deb http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0. 24+build1+nobinonly-0ubuntu0.9.04.1_sparc.deb Ubuntu Ubuntu Linux 9.04 lpia * Ubuntu thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1_lpia.deb http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-supp ort_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1_lpia.deb * Ubuntu mozilla-thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thun derbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1_all.deb * Ubuntu thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1_lpia.deb http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0. 24+build1+nobinonly-0ubuntu0.9.04.1_lpia.deb * Ubuntu mozilla-thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thun derbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1_all.deb * Ubuntu thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1_lpia.deb http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.24+b uild1+nobinonly-0ubuntu0.9.04.1_lpia.deb Ubuntu Ubuntu Linux 8.10 sparc * Ubuntu thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1_sparc.deb http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.24+b uild1+nobinonly-0ubuntu0.8.10.1_sparc.deb * Ubuntu thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1_sparc.deb http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0. 24+build1+nobinonly-0ubuntu0.8.10.1_sparc.deb * Ubuntu mozilla-thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thun derbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1_all.deb * Ubuntu mozilla-thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thun derbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1_all.deb * Ubuntu thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1_sparc.deb http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-supp ort_2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1_sparc.deb Debian Linux 5.0 armel * Debian xulrunner-1.9-dbg_1.9.0.15-0lenny1_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9 -dbg_1.9.0.15-0lenny1_armel.deb * Debian spidermonkey-bin_1.9.0.15-0lenny1_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey- bin_1.9.0.15-0lenny1_armel.deb * Debian xulrunner-dev_1.9.0.15-0lenny1_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev _1.9.0.15-0lenny1_armel.deb * Debian libmozjs1d-dbg_1.9.0.15-0lenny1_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-db g_1.9.0.15-0lenny1_armel.deb * Debian xulrunner-1.9_1.9.0.15-0lenny1_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9 _1.9.0.15-0lenny1_armel.deb * Debian libmozjs-dev_1.9.0.15-0lenny1_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_ 1.9.0.15-0lenny1_armel.deb * Debian libmozjs1d_1.9.0.15-0lenny1_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1. 9.0.15-0lenny1_armel.deb * Debian xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9 -gnome-support_1.9.0.15-0lenny1_armel.deb * Debian python-xpcom_1.9.0.15-0lenny1_armel.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_ 1.9.0.15-0lenny1_armel.deb S.u.S.E. openSUSE 11.0 * S.u.S.E. mozilla-xulrunner190-debuginfo-1.9.0.15-0.1.x86_64.rpm http://download.opensuse.org/debug/update/11.0/rpm/x86_64/mozilla-xulr unner190-debuginfo-1.9.0.15-0.1.x86_64.rpm * S.u.S.E. mozilla-xulrunner190-debuginfo-1.9.0.15-0.1.ppc.rpm http://download.opensuse.org/debug/update/11.0/rpm/ppc/mozilla-xulrunn er190-debuginfo-1.9.0.15-0.1.ppc.rpm * S.u.S.E. mozilla-xulrunner190-translations-1.9.0.15-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/mozilla-xulrunner190 -translations-1.9.0.15-0.1.i586.rpm * S.u.S.E. MozillaFirefox-debugsource-3.0.15-0.1.i586.rpm http://download.opensuse.org/debug/update/11.0/rpm/i586/MozillaFirefox -debugsource-3.0.15-0.1.i586.rpm * S.u.S.E. mozilla-xulrunner190-debuginfo-1.9.0.15-0.1.i586.rpm http://download.opensuse.org/debug/update/11.0/rpm/i586/mozilla-xulrun ner190-debuginfo-1.9.0.15-0.1.i586.rpm * S.u.S.E. MozillaFirefox-3.0.15-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/MozillaFirefox-3.0 .15-0.1.x86_64.rpm * S.u.S.E. mozilla-xulrunner190-debugsource-1.9.0.15-0.1.x86_64.rpm http://download.opensuse.org/debug/update/11.0/rpm/x86_64/mozilla-xulr unner190-debugsource-1.9.0.15-0.1.x86_64.rpm * S.u.S.E. mozilla-xulrunner190-devel-1.9.0.15-0.1.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/mozilla-xulrunner190- devel-1.9.0.15-0.1.ppc.rpm * S.u.S.E. mozilla-xulrunner190-gnomevfs-64bit-1.9.0.15-0.1.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/mozilla-xulrunner190- gnomevfs-64bit-1.9.0.15-0.1.ppc.rpm * S.u.S.E. mozilla-xulrunner190-devel-1.9.0.15-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/mozilla-xulrunner190 -devel-1.9.0.15-0.1.i586.rpm * S.u.S.E. MozillaFirefox-debuginfo-3.0.15-0.1.ppc.rpm http://download.opensuse.org/debug/update/11.0/rpm/ppc/MozillaFirefox- debuginfo-3.0.15-0.1.ppc.rpm * S.u.S.E. MozillaFirefox-translations-3.0.15-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/MozillaFirefox-trans lations-3.0.15-0.1.i586.rpm * S.u.S.E. mozilla-xulrunner190-translations-32bit-1.9.0.15-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/mozilla-xulrunner1 90-translations-32bit-1.9.0.15-0.1.x86_64.rpm * S.u.S.E. mozilla-xulrunner190-1.9.0.15-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/mozilla-xulrunner1 90-1.9.0.15-0.1.x86_64.rpm * S.u.S.E. mozilla-xulrunner190-translations-1.9.0.15-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/mozilla-xulrunner1 90-translations-1.9.0.15-0.1.x86_64.rpm * S.u.S.E. mozilla-xulrunner190-32bit-1.9.0.15-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/mozilla-xulrunner1 90-32bit-1.9.0.15-0.1.x86_64.rpm * S.u.S.E. MozillaFirefox-translations-3.0.15-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/MozillaFirefox-tra nslations-3.0.15-0.1.x86_64.rpm * S.u.S.E. mozilla-xulrunner190-gnomevfs-1.9.0.15-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/mozilla-xulrunner190 -gnomevfs-1.9.0.15-0.1.i586.rpm * S.u.S.E. mozilla-xulrunner190-devel-1.9.0.15-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/mozilla-xulrunner1 90-devel-1.9.0.15-0.1.x86_64.rpm * S.u.S.E. mozilla-xulrunner190-debugsource-1.9.0.15-0.1.i586.rpm http://download.opensuse.org/debug/update/11.0/rpm/i586/mozilla-xulrun ner190-debugsource-1.9.0.15-0.1.i586.rpm * S.u.S.E. MozillaFirefox-debuginfo-3.0.15-0.1.i586.rpm http://download.opensuse.org/debug/update/11.0/rpm/i586/MozillaFirefox -debuginfo-3.0.15-0.1.i586.rpm * S.u.S.E. mozilla-xulrunner190-64bit-1.9.0.15-0.1.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/mozilla-xulrunner190- 64bit-1.9.0.15-0.1.ppc.rpm * S.u.S.E. MozillaFirefox-3.0.15-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/MozillaFirefox-3.0.1 5-0.1.i586.rpm * S.u.S.E. mozilla-xulrunner190-translations-1.9.0.15-0.1.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/mozilla-xulrunner190- translations-1.9.0.15-0.1.ppc.rpm * S.u.S.E. MozillaFirefox-debugsource-3.0.15-0.1.ppc.rpm http://download.opensuse.org/debug/update/11.0/rpm/ppc/MozillaFirefox- debugsource-3.0.15-0.1.ppc.rpm * S.u.S.E. mozilla-xulrunner190-translations-64bit-1.9.0.15-0.1.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/mozilla-xulrunner190- translations-64bit-1.9.0.15-0.1.ppc.rpm * S.u.S.E. mozilla-xulrunner190-gnomevfs-32bit-1.9.0.15-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/mozilla-xulrunner1 90-gnomevfs-32bit-1.9.0.15-0.1.x86_64.rpm * S.u.S.E. MozillaFirefox-translations-3.0.15-0.1.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/MozillaFirefox-transl ations-3.0.15-0.1.ppc.rpm * S.u.S.E. mozilla-xulrunner190-gnomevfs-1.9.0.15-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/mozilla-xulrunner1 90-gnomevfs-1.9.0.15-0.1.x86_64.rpm * S.u.S.E. mozilla-xulrunner190-debugsource-1.9.0.15-0.1.ppc.rpm http://download.opensuse.org/debug/update/11.0/rpm/ppc/mozilla-xulrunn er190-debugsource-1.9.0.15-0.1.ppc.rpm * S.u.S.E. mozilla-xulrunner190-1.9.0.15-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/mozilla-xulrunner190 -1.9.0.15-0.1.i586.rpm * S.u.S.E. mozilla-xulrunner190-gnomevfs-1.9.0.15-0.1.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/mozilla-xulrunner190- gnomevfs-1.9.0.15-0.1.ppc.rpm * S.u.S.E. mozilla-xulrunner190-1.9.0.15-0.1.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/mozilla-xulrunner190- 1.9.0.15-0.1.ppc.rpm * S.u.S.E. MozillaFirefox-3.0.15-0.1.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/MozillaFirefox-3.0.15 -0.1.ppc.rpm Ubuntu Ubuntu Linux 9.10 amd64 * Ubuntu mozilla-thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thun derbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1_all.deb * Ubuntu thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird- gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1_amd64.deb * Ubuntu mozilla-thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thun derbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1_all.deb * Ubuntu thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_ 2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1_amd64.deb * Ubuntu thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird- dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.10.1_amd64.deb Ubuntu Ubuntu Linux 9.04 amd64 * Ubuntu thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird- dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1_amd64.deb * Ubuntu thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_ 2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1_amd64.deb * Ubuntu mozilla-thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thun derbird_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1_all.deb * Ubuntu mozilla-thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thun derbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1_all.deb * Ubuntu thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird- gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.9.04.1_amd64.deb Debian Linux 5.0 sparc * Debian xulrunner-dev_1.9.0.15-0lenny1_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev _1.9.0.15-0lenny1_sparc.deb * Debian xulrunner-1.9_1.9.0.15-0lenny1_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9 _1.9.0.15-0lenny1_sparc.deb * Debian spidermonkey-bin_1.9.0.15-0lenny1_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey- bin_1.9.0.15-0lenny1_sparc.deb * Debian xulrunner-1.9-dbg_1.9.0.15-0lenny1_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9 -dbg_1.9.0.15-0lenny1_sparc.deb * Debian python-xpcom_1.9.0.15-0lenny1_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_ 1.9.0.15-0lenny1_sparc.deb * Debian libmozjs1d-dbg_1.9.0.15-0lenny1_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-db g_1.9.0.15-0lenny1_sparc.deb * Debian libmozjs-dev_1.9.0.15-0lenny1_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_ 1.9.0.15-0lenny1_sparc.deb * Debian xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9 -gnome-support_1.9.0.15-0lenny1_sparc.deb * Debian libmozjs1d_1.9.0.15-0lenny1_sparc.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1. 9.0.15-0lenny1_sparc.deb MandrakeSoft Linux Mandrake 2009.1 x86_64 * Mandriva google-gadgets-common-0.10.5-8.6mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-el-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-fr-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-eo-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-th-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva beagle-doc-0.3.9-9.8mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ar-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ga_IE-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ka-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-nn_NO-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-sr-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-gu_IN-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-fy-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ku-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva lib64opensc2-0.11.7-1.7mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-it-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ro-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-te-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva gnome-python-extras-2.25.3-3.6mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-sl-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-en_GB-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-af-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva google-gadgets-qt-0.10.5-8.6mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-mn-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-nl-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva gnome-python-gtkmozembed-2.25.3-3.6mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-zh_TW-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-tr-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva python-xpcom-1.9.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ru-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva mozilla-plugin-opensc-0.11.7-1.7mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-es_ES-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva lib64google-gadgets-devel-0.10.5-8.6mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva lib64ggadget-gtk1.0_0-0.10.5-8.6mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-mr-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ext-beagle-0.3.9-9.8mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva gnome-python-gda-2.25.3-3.6mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-he-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva beagle-crawl-system-0.3.9-9.8mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva epiphany-2.26.1-1.6mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva xulrunner-1.9.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ja-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ext-r-kiosk-0.7.2-2.6mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva gnome-python-gdl-2.25.3-3.6mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-cs-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-cy-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-fi-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva beagle-0.3.9-9.8mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-pt_BR-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva lib64opensc-devel-0.11.7-1.7mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-bg-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-pt_PT-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva mozilla-thunderbird-beagle-0.3.9-9.8mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva lib64xulrunner-unstable-devel-1.9.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva google-gadgets-xul-0.10.5-8.6mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva lib64ggadget-qt1.0_0-0.10.5-8.6mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva gnome-python-gda-devel-2.25.3-3.6mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva epiphany-devel-2.26.1-1.6mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-pl-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-lv-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva lib64xulrunner1.9-1.9.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-lt-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ca-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva lib64ggadget1.0_0-0.10.5-8.6mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva lib64xulrunner-devel-1.9.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-sk-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva beagle-gui-qt-0.3.9-9.8mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ext-scribefire-3.2.3-2.6mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-et-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-oc-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-hi-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-be-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva gnome-python-gtkhtml2-2.25.3-3.6mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva beagle-evolution-0.3.9-9.8mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-nb_NO-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva gnome-python-gtkspell-2.25.3-3.6mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-is-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva beagle-gui-0.3.9-9.8mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-id-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-eu-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-de-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-gl-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-mk-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-sq-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva opensc-0.11.7-1.7mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-uk-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ext-blogrovr-1.1.798-2.6mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-es_AR-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ext-foxmarks-2.7.2-2.6mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ko-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva google-gadgets-gtk-0.10.5-8.6mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-zh_CN-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-sv_SE-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ext-mozvoikko-0.9.6-2.6mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-hu-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-da-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva yelp-2.26.0-3.5mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-pa_IN-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-kn-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-theme-kde4ff-0.14-9.6mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva beagle-libs-0.3.9-9.8mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-si-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-bn-3.0.15-0.1mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva beagle-epiphany-0.3.9-9.8mdv2009.1.x86_64.rpm http://www.mandriva.com/en/download/ Ubuntu Ubuntu Linux 8.10 i386 * Ubuntu thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1_i386.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird- dev_2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1_i386.deb * Ubuntu mozilla-thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thun derbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1_all.deb * Ubuntu thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1_i386.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird- gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1_i386.deb * Ubuntu thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1_i386.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/thunderbird_ 2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1_i386.deb * Ubuntu mozilla-thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thun derbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.8.10.1_all.deb S.u.S.E. openSUSE 11.1 * S.u.S.E. mozilla-xulrunner190-1.9.0.15-0.1.2.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/mozilla-xulrunner190 -1.9.0.15-0.1.2.i586.rpm * S.u.S.E. mozilla-xulrunner190-debuginfo-1.9.0.15-0.1.2.x86_64.rpm http://download.opensuse.org/debug/update/11.1/rpm/x86_64/mozilla-xulr unner190-debuginfo-1.9.0.15-0.1.2.x86_64.rpm * S.u.S.E. MozillaFirefox-branding-upstream-3.0.15-0.1.2.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/MozillaFirefox-bra nding-upstream-3.0.15-0.1.2.x86_64.rpm * S.u.S.E. MozillaFirefox-3.0.15-0.1.2.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/MozillaFirefox-3.0.1 5-0.1.2.i586.rpm * S.u.S.E. MozillaFirefox-translations-3.0.15-0.1.2.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/MozillaFirefox-trans lations-3.0.15-0.1.2.i586.rpm * S.u.S.E. mozilla-xulrunner190-gnomevfs-32bit-1.9.0.15-0.1.2.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner1 90-gnomevfs-32bit-1.9.0.15-0.1.2.x86_64.rpm * S.u.S.E. python-xpcom190-1.9.0.15-0.1.2.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/python-xpcom190-1. 9.0.15-0.1.2.x86_64.rpm * S.u.S.E. mozilla-xulrunner190-debugsource-1.9.0.15-0.1.2.ppc.rpm http://download.opensuse.org/debug/update/11.1/rpm/ppc/mozilla-xulrunn er190-debugsource-1.9.0.15-0.1.2.ppc.rpm * S.u.S.E. MozillaFirefox-debugsource-3.0.15-0.1.2.ppc.rpm http://download.opensuse.org/debug/update/11.1/rpm/ppc/MozillaFirefox- debugsource-3.0.15-0.1.2.ppc.rpm * S.u.S.E. MozillaFirefox-branding-upstream-3.0.15-0.1.2.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/MozillaFirefox-brandi ng-upstream-3.0.15-0.1.2.ppc.rpm * S.u.S.E. mozilla-xulrunner190-translations-1.9.0.15-0.1.2.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/mozilla-xulrunner190 -translations-1.9.0.15-0.1.2.i586.rpm * S.u.S.E. mozilla-xulrunner190-translations-32bit-1.9.0.15-0.1.2.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner1 90-translations-32bit-1.9.0.15-0.1.2.x86_64.rpm * S.u.S.E. MozillaFirefox-debuginfo-3.0.15-0.1.2.x86_64.rpm http://download.opensuse.org/debug/update/11.1/rpm/x86_64/MozillaFiref ox-debuginfo-3.0.15-0.1.2.x86_64.rpm * S.u.S.E. MozillaFirefox-debuginfo-3.0.15-0.1.2.i586.rpm http://download.opensuse.org/debug/update/11.1/rpm/i586/MozillaFirefox -debuginfo-3.0.15-0.1.2.i586.rpm * S.u.S.E. MozillaFirefox-3.0.15-0.1.2.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/MozillaFirefox-3.0.15 -0.1.2.ppc.rpm * S.u.S.E. MozillaFirefox-debugsource-3.0.15-0.1.2.i586.rpm http://download.opensuse.org/debug/update/11.1/rpm/i586/MozillaFirefox -debugsource-3.0.15-0.1.2.i586.rpm * S.u.S.E. mozilla-xulrunner190-debugsource-1.9.0.15-0.1.2.i586.rpm http://download.opensuse.org/debug/update/11.1/rpm/i586/mozilla-xulrun ner190-debugsource-1.9.0.15-0.1.2.i586.rpm * S.u.S.E. mozilla-xulrunner190-1.9.0.15-0.1.2.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/mozilla-xulrunner190- 1.9.0.15-0.1.2.ppc.rpm * S.u.S.E. python-xpcom190-1.9.0.15-0.1.2.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/python-xpcom190-1.9.0 .15-0.1.2.ppc.rpm * S.u.S.E. mozilla-xulrunner190-devel-1.9.0.15-0.1.2.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner1 90-devel-1.9.0.15-0.1.2.x86_64.rpm * S.u.S.E. MozillaFirefox-debuginfo-3.0.15-0.1.2.ppc.rpm http://download.opensuse.org/debug/update/11.1/rpm/ppc/MozillaFirefox- debuginfo-3.0.15-0.1.2.ppc.rpm * S.u.S.E. mozilla-xulrunner190-32bit-1.9.0.15-0.1.2.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner1 90-32bit-1.9.0.15-0.1.2.x86_64.rpm * S.u.S.E. MozillaFirefox-translations-3.0.15-0.1.2.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/MozillaFirefox-transl ations-3.0.15-0.1.2.ppc.rpm * S.u.S.E. mozilla-xulrunner190-gnomevfs-1.9.0.15-0.1.2.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/mozilla-xulrunner190 -gnomevfs-1.9.0.15-0.1.2.i586.rpm * S.u.S.E. MozillaFirefox-debugsource-3.0.15-0.1.2.x86_64.rpm http://download.opensuse.org/debug/update/11.1/rpm/x86_64/MozillaFiref ox-debugsource-3.0.15-0.1.2.x86_64.rpm * S.u.S.E. mozilla-xulrunner190-debuginfo-1.9.0.15-0.1.2.i586.rpm http://download.opensuse.org/debug/update/11.1/rpm/i586/mozilla-xulrun ner190-debuginfo-1.9.0.15-0.1.2.i586.rpm * S.u.S.E. MozillaFirefox-3.0.15-0.1.2.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/MozillaFirefox-3.0 .15-0.1.2.x86_64.rpm * S.u.S.E. mozilla-xulrunner190-debuginfo-32bit-1.9.0.15-0.1.2.x86_64.rpm http://download.opensuse.org/debug/update/11.1/rpm/x86_64/mozilla-xulr unner190-debuginfo-32bit-1.9.0.15-0.1.2.x86_64.rpm * S.u.S.E. mozilla-xulrunner190-devel-1.9.0.15-0.1.2.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/mozilla-xulrunner190- devel-1.9.0.15-0.1.2.ppc.rpm * S.u.S.E. mozilla-xulrunner190-gnomevfs-1.9.0.15-0.1.2.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner1 90-gnomevfs-1.9.0.15-0.1.2.x86_64.rpm * S.u.S.E. mozilla-xulrunner190-translations-1.9.0.15-0.1.2.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/mozilla-xulrunner190- translations-1.9.0.15-0.1.2.ppc.rpm * S.u.S.E. python-xpcom190-1.9.0.15-0.1.2.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/python-xpcom190-1.9. 0.15-0.1.2.i586.rpm * S.u.S.E. mozilla-xulrunner190-devel-1.9.0.15-0.1.2.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/mozilla-xulrunner190 -devel-1.9.0.15-0.1.2.i586.rpm * S.u.S.E. mozilla-xulrunner190-1.9.0.15-0.1.2.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner1 90-1.9.0.15-0.1.2.x86_64.rpm * S.u.S.E. mozilla-xulrunner190-translations-1.9.0.15-0.1.2.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner1 90-translations-1.9.0.15-0.1.2.x86_64.rpm * S.u.S.E. mozilla-xulrunner190-debugsource-1.9.0.15-0.1.2.x86_64.rpm http://download.opensuse.org/debug/update/11.1/rpm/x86_64/mozilla-xulr unner190-debugsource-1.9.0.15-0.1.2.x86_64.rpm * S.u.S.E. mozilla-xulrunner190-debuginfo-1.9.0.15-0.1.2.ppc.rpm http://download.opensuse.org/debug/update/11.1/rpm/ppc/mozilla-xulrunn er190-debuginfo-1.9.0.15-0.1.2.ppc.rpm * S.u.S.E. MozillaFirefox-translations-3.0.15-0.1.2.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/MozillaFirefox-tra nslations-3.0.15-0.1.2.x86_64.rpm * S.u.S.E. MozillaFirefox-branding-upstream-3.0.15-0.1.2.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/MozillaFirefox-brand ing-upstream-3.0.15-0.1.2.i586.rpm * S.u.S.E. mozilla-xulrunner190-gnomevfs-1.9.0.15-0.1.2.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/mozilla-xulrunner190- gnomevfs-1.9.0.15-0.1.2.ppc.rpm MandrakeSoft Enterprise Server 5 * Mandriva firefox-pt_BR-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-gl-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-fy-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-mn-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-bg-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-sr-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-af-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-gu_IN-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ku-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva gnome-python-gda-2.19.1-20.11mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-uk-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-id-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-lt-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-is-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-hi-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ko-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva libxulrunner-devel-1.9.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-pa_IN-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-pl-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-nb_NO-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-zh_CN-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-sl-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ar-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-en_GB-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-et-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ru-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-fr-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-si-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva gnome-python-gtkmozembed-2.19.1-20.11mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-th-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-it-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-kn-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ro-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva libxulrunner-unstable-devel-1.9.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-el-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-be-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-zh_TW-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-es_AR-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva gnome-python-extras-2.19.1-20.11mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-lv-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-sk-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-bn-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ka-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva gnome-python-gdl-2.19.1-20.11mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-he-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-cs-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-te-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-mr-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ca-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva gnome-python-gda-devel-2.19.1-20.11mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-sv_SE-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva libxulrunner1.9-1.9.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-pt_PT-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-oc-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-tr-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-de-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-eu-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva xulrunner-1.9.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-es_ES-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-sq-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva gnome-python-gtkhtml2-2.19.1-20.11mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-mk-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-cy-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-fi-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-nl-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-da-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ja-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva yelp-2.24.0-3.11mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-eo-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-ga_IE-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva gnome-python-gtkspell-2.19.1-20.11mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-hu-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ * Mandriva firefox-nn_NO-3.0.15-0.1mdvmes5.i586.rpm http://www.mandriva.com/en/download/ Debian Linux 5.0 s/390 * Debian libmozjs1d-dbg_1.9.0.15-0lenny1_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-db g_1.9.0.15-0lenny1_s390.deb * Debian python-xpcom_1.9.0.15-0lenny1_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_ 1.9.0.15-0lenny1_s390.deb * Debian xulrunner-1.9-dbg_1.9.0.15-0lenny1_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9 -dbg_1.9.0.15-0lenny1_s390.deb * Debian libmozjs1d_1.9.0.15-0lenny1_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1. 9.0.15-0lenny1_s390.deb * Debian xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9 -gnome-support_1.9.0.15-0lenny1_s390.deb * Debian libmozjs-dev_1.9.0.15-0lenny1_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_ 1.9.0.15-0lenny1_s390.deb * Debian spidermonkey-bin_1.9.0.15-0lenny1_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey- bin_1.9.0.15-0lenny1_s390.deb * Debian xulrunner-1.9_1.9.0.15-0lenny1_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9 _1.9.0.15-0lenny1_s390.deb * Debian xulrunner-dev_1.9.0.15-0lenny1_s390.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev _1.9.0.15-0lenny1_s390.deb Ubuntu Ubuntu Linux 8.04 LTS lpia * Ubuntu mozilla-thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thun derbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1_all.deb * Ubuntu thunderbird-gnome-support_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1_lpia.deb http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-gnome-supp ort_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1_lpia.deb * Ubuntu thunderbird_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1_lpia.deb http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird_2.0.0.24+b uild1+nobinonly-0ubuntu0.8.04.1_lpia.deb * Ubuntu thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1_lpia.deb http://ports.ubuntu.com/pool/main/t/thunderbird/thunderbird-dev_2.0.0. 24+build1+nobinonly-0ubuntu0.8.04.1_lpia.deb * Ubuntu mozilla-thunderbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1_all.deb http://security.ubuntu.com/ubuntu/pool/main/t/thunderbird/mozilla-thun derbird-dev_2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1_all.deb Slackware Linux 13.0 x86_64 * Slackware mozilla-firefox-3.5.4-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/package s/mozilla-firefox-3.5.4-x86_64-1_slack13.0.txz Debian Linux 5.0 hppa * Debian libmozjs1d-dbg_1.9.0.15-0lenny1_hppa.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-db g_1.9.0.15-0lenny1_hppa.deb * Debian libmozjs-dev_1.9.0.15-0lenny1_hppa.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_ 1.9.0.15-0lenny1_hppa.deb * Debian xulrunner-1.9-dbg_1.9.0.15-0lenny1_hppa.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9 -dbg_1.9.0.15-0lenny1_hppa.deb * Debian xulrunner-dev_1.9.0.15-0lenny1_hppa.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev _1.9.0.15-0lenny1_hppa.deb * Debian xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_hppa.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9 -gnome-support_1.9.0.15-0lenny1_hppa.deb * Debian libmozjs1d_1.9.0.15-0lenny1_hppa.deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1. 9.0.15-0lenny1_hppa.deb * Debian python-xpcom_1.9.0.15-0lenny1_hppa.deb http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_ 1.9.0.15-0lenny1_hppa.deb * Debian xulrunner-1.9_1.9.0.15-0lenny1_hppa.deb http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9 _1.9.0.15-0lenny1_hppa.deb * Debian spidermonkey-bin_1.9.0.15-0lenny1_hppa.deb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey- bin_1.9.0.15-0lenny1_hppa.deb
    idSSV:19294
    last seen2017-11-19
    modified2010-03-19
    published2010-03-19
    reporterRoot
    titleMozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability