Vulnerabilities > CVE-2009-3984 - Multiple vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
mozilla
nessus

Summary

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body.

Vulnerable Configurations

Part Description Count
Application
Mozilla
158

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_MOZILLA-XULRUNNER190-091217.NASL
    descriptionThe Mozilla XULRunner engine was updated to version 1.9.0.16, fixing lots of bugs and various security issues. The following issues were fixed : - Crashes with evidence of memory corruption (1.9.0.16). (MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3981) - (bmo#487872) NTLM reflection vulnerability. (MFSA 2009-68 / CVE-2009-3983) - (bmo#521461,bmo#514232) Location bar spoofing vulnerabilities. (MFSA 2009-69 / CVE-2009-3984 / CVE-2009-3985) - (bmo#522430) Privilege escalation via chrome window.opener. (MFSA 2009-70 / CVE-2009-3986)
    last seen2020-06-01
    modified2020-06-02
    plugin id43388
    published2009-12-22
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43388
    titleSuSE 11 Security Update : XULRunner (SAT Patch Number 1716)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(43388);
      script_version("1.13");
      script_cvs_date("Date: 2019/10/25 13:36:35");
    
      script_cve_id("CVE-2009-3979", "CVE-2009-3981", "CVE-2009-3983", "CVE-2009-3984", "CVE-2009-3985", "CVE-2009-3986");
    
      script_name(english:"SuSE 11 Security Update : XULRunner (SAT Patch Number 1716)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Mozilla XULRunner engine was updated to version 1.9.0.16, fixing
    lots of bugs and various security issues.
    
    The following issues were fixed :
    
      - Crashes with evidence of memory corruption (1.9.0.16).
        (MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3981)
    
      - (bmo#487872) NTLM reflection vulnerability. (MFSA
        2009-68 / CVE-2009-3983)
    
      - (bmo#521461,bmo#514232) Location bar spoofing
        vulnerabilities. (MFSA 2009-69 / CVE-2009-3984 /
        CVE-2009-3985)
    
      - (bmo#522430) Privilege escalation via chrome
        window.opener. (MFSA 2009-70 / CVE-2009-3986)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2009/mfsa2009-65.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2009/mfsa2009-68.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2009/mfsa2009-69.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.mozilla.org/security/announce/2009/mfsa2009-70.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=559807"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-3979.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-3981.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-3983.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-3984.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-3985.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-3986.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 1716.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(94);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-gnomevfs-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner190-translations-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/12/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (pl) audit(AUDIT_OS_NOT, "SuSE 11.0");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"mozilla-xulrunner190-1.9.0.16-0.1.1")) flag++;
    if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"mozilla-xulrunner190-gnomevfs-1.9.0.16-0.1.1")) flag++;
    if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"mozilla-xulrunner190-translations-1.9.0.16-0.1.1")) flag++;
    if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner190-1.9.0.16-0.1.1")) flag++;
    if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner190-32bit-1.9.0.16-0.1.1")) flag++;
    if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner190-gnomevfs-1.9.0.16-0.1.1")) flag++;
    if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner190-gnomevfs-32bit-1.9.0.16-0.1.1")) flag++;
    if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner190-translations-1.9.0.16-0.1.1")) flag++;
    if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner190-translations-32bit-1.9.0.16-0.1.1")) flag++;
    if (rpm_check(release:"SLES11", sp:0, reference:"mozilla-xulrunner190-1.9.0.16-0.1.1")) flag++;
    if (rpm_check(release:"SLES11", sp:0, reference:"mozilla-xulrunner190-gnomevfs-1.9.0.16-0.1.1")) flag++;
    if (rpm_check(release:"SLES11", sp:0, reference:"mozilla-xulrunner190-translations-1.9.0.16-0.1.1")) flag++;
    if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"mozilla-xulrunner190-32bit-1.9.0.16-0.1.1")) flag++;
    if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner190-32bit-1.9.0.16-0.1.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-878-1.NASL
    descriptionUSN-874-1 fixed vulnerabilities in Firefox and Xulrunner. The upstream changes introduced a regression when using NTLM authentication. This update fixes the problem and adds additional stability fixes. We apologize for the inconvenience. Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and David James discovered several flaws in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3979, CVE-2009-3980, CVE-2009-3982, CVE-2009-3986) Takehiro Takahashi discovered flaws in the NTLM implementation in Firefox. If an NTLM authenticated user visited a malicious website, a remote attacker could send requests to other applications, authenticated as the user. (CVE-2009-3983) Jonathan Morgan discovered that Firefox did not properly display SSL indicators under certain circumstances. This could be used by an attacker to spoof an encrypted page, such as in a phishing attack. (CVE-2009-3984) Jordi Chancel discovered that Firefox did not properly display invalid URLs for a blank page. If a user were tricked into accessing a malicious website, an attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2009-3985) David Keeler, Bob Clary, and Dan Kaminsky discovered several flaws in third party media libraries. If a user were tricked into opening a crafted media file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3388, CVE-2009-3389). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43824
    published2010-01-08
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43824
    titleUbuntu 9.10 : firefox-3.5, xulrunner-1.9.1 regression (USN-878-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-878-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(43824);
      script_version("1.18");
      script_cvs_date("Date: 2019/09/19 12:54:26");
    
      script_cve_id("CVE-2009-3388", "CVE-2009-3389", "CVE-2009-3979", "CVE-2009-3980", "CVE-2009-3982", "CVE-2009-3983", "CVE-2009-3984", "CVE-2009-3985", "CVE-2009-3986");
      script_bugtraq_id(37361, 37362, 37364, 37365, 37366, 37367, 37368, 37369, 37370);
      script_xref(name:"USN", value:"878-1");
    
      script_name(english:"Ubuntu 9.10 : firefox-3.5, xulrunner-1.9.1 regression (USN-878-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-874-1 fixed vulnerabilities in Firefox and Xulrunner. The upstream
    changes introduced a regression when using NTLM authentication. This
    update fixes the problem and adds additional stability fixes.
    
    We apologize for the inconvenience.
    
    Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay,
    and David James discovered several flaws in the browser and JavaScript
    engines of Firefox. If a user were tricked into viewing a malicious
    website, a remote attacker could cause a denial of service or possibly
    execute arbitrary code with the privileges of the user invoking the
    program. (CVE-2009-3979, CVE-2009-3980, CVE-2009-3982, CVE-2009-3986)
    
    Takehiro Takahashi discovered flaws in the NTLM
    implementation in Firefox. If an NTLM authenticated user
    visited a malicious website, a remote attacker could send
    requests to other applications, authenticated as the user.
    (CVE-2009-3983)
    
    Jonathan Morgan discovered that Firefox did not properly
    display SSL indicators under certain circumstances. This
    could be used by an attacker to spoof an encrypted page,
    such as in a phishing attack. (CVE-2009-3984)
    
    Jordi Chancel discovered that Firefox did not properly
    display invalid URLs for a blank page. If a user were
    tricked into accessing a malicious website, an attacker
    could exploit this to spoof the location bar, such as in a
    phishing attack. (CVE-2009-3985)
    
    David Keeler, Bob Clary, and Dan Kaminsky discovered several
    flaws in third party media libraries. If a user were tricked
    into opening a crafted media file, a remote attacker could
    cause a denial of service or possibly execute arbitrary code
    with the privileges of the user invoking the program.
    (CVE-2009-3388, CVE-2009-3389).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/878-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(94, 189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.0-branding");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.1-branding");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:abrowser-3.5-branding");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-branding");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-gnome-support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-venkman");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-branding");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.1-gnome-support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-branding");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-3.5-gnome-support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-gnome-support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-testsuite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.1-testsuite-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-dev");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/12/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/01/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(9\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 9.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"9.10", pkgname:"abrowser", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"abrowser-3.0", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"abrowser-3.0-branding", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"abrowser-3.1", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"abrowser-3.1-branding", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"abrowser-3.5", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"abrowser-3.5-branding", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.0", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.0-branding", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.0-dev", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.0-dom-inspector", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.0-gnome-support", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.0-venkman", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.1", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.1-branding", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.1-dbg", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.1-dev", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.1-gnome-support", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.5", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.5-branding", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.5-dbg", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.5-dev", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-3.5-gnome-support", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-dom-inspector", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"firefox-gnome-support", pkgver:"3.5.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.1", pkgver:"1.9.1.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.1-dbg", pkgver:"1.9.1.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.1-dev", pkgver:"1.9.1.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.1-gnome-support", pkgver:"1.9.1.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.1-testsuite", pkgver:"1.9.1.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-1.9.1-testsuite-dev", pkgver:"1.9.1.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"xulrunner-dev", pkgver:"1.9.1.7+nobinonly-0ubuntu0.9.10.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "abrowser / abrowser-3.0 / abrowser-3.0-branding / abrowser-3.1 / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLA-XULRUNNER190-6734.NASL
    descriptionThe Mozilla XULRunner engine was updated to version 1.9.0.16, fixing lots of bugs and various security issues. The following issues were fixed : - Crashes with evidence of memory corruption (1.9.0.16). (MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3981) - (bmo#487872) NTLM reflection vulnerability. (MFSA 2009-68 / CVE-2009-3983) - (bmo#521461,bmo#514232) Location bar spoofing vulnerabilities. (MFSA 2009-69 / CVE-2009-3984 / CVE-2009-3985) - (bmo#522430) Privilege escalation via chrome window.opener. (MFSA 2009-70 / CVE-2009-3986)
    last seen2020-06-01
    modified2020-06-02
    plugin id49898
    published2010-10-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49898
    titleSuSE 10 Security Update : XULRunner (ZYPP Patch Number 6734)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20091215_SEAMONKEY_ON_SL3_X.NASL
    descriptionSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3979) A flaw was found in the SeaMonkey NT Lan Manager (NTLM) authentication protocol implementation. If an attacker could trick a local user that has NTLM credentials into visiting a specially crafted web page, they could send arbitrary requests, authenticated with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id60707
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60707
    titleScientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-873-1.NASL
    descriptionJesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and David James discovered several flaws in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986) Takehiro Takahashi discovered flaws in the NTLM implementation in Firefox. If an NTLM authenticated user visited a malicious website, a remote attacker could send requests to other applications, authenticated as the user. (CVE-2009-3983) Jonathan Morgan discovered that Firefox did not properly display SSL indicators under certain circumstances. This could be used by an attacker to spoof an encrypted page, such as in a phishing attack. (CVE-2009-3984) Jordi Chancel discovered that Firefox did not properly display invalid URLs for a blank page. If a user were tricked into accessing a malicious website, an attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2009-3985). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43366
    published2009-12-21
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43366
    titleUbuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-873-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-338.NASL
    descriptionSecurity issues were identified and fixed in firefox 3.5.x : liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to memory safety issues. (CVE-2009-3388) Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions (CVE-2009-3389). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3979). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3980). Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3982). Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user (CVE-2009-3983). Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body (CVE-2009-3984). Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654 (CVE-2009-3985). Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property (CVE-2009-3986). The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects (CVE-2009-3987). Additionally, some packages which require so, have been rebuilt and are being provided as updates.
    last seen2020-06-01
    modified2020-06-02
    plugin id48162
    published2010-07-30
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/48162
    titleMandriva Linux Security Advisory : firefox (MDVSA-2009:338)
  • NASL familyWindows
    NASL idSEAMONKEY_201.NASL
    descriptionThe installed version of SeaMonkey is earlier than 2.0.1. Such versions are potentially affected by the following security issues : - Multiple crashes can result in arbitrary code execution. (MFSA 2009-65) - Multiple vulnerabilities in
    last seen2020-06-01
    modified2020-06-02
    plugin id43175
    published2009-12-16
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43175
    titleSeaMonkey < 2.0.1 Multiple Vulnerabilities
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_3016.NASL
    descriptionThe installed version of Firefox is earlier than 3.0.16. Such versions are potentially affected by the following security issues : - Multiple crashes can result in arbitrary code execution. (MFSA 2009-65) - The NTLM implementation is vulnerable to reflection attacks in which NTLM credentials from one application can be forwarded to another application. (MFSA 2009-68) - Multiple location bar spoofing vulnerabilities exist. (MFSA 2009-69) - A content window which is opened by a chrome window retains a reference to the chrome window via the
    last seen2020-06-01
    modified2020-06-02
    plugin id43173
    published2009-12-16
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43173
    titleFirefox < 3.0.16 Multiple Vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-339.NASL
    descriptionSecurity issues were identified and fixed in firefox 3.0.x : Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3979). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3980). Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3981). Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user (CVE-2009-3983). Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body (CVE-2009-3984). Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654 (CVE-2009-3985). Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property (CVE-2009-3986). The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects (CVE-2009-3987). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. Additionally, some packages which require so, have been rebuilt and are being provided as updates.
    last seen2020-06-01
    modified2020-06-02
    plugin id43394
    published2009-12-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43394
    titleMandriva Linux Security Advisory : firefox (MDVSA-2009:339)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_MOZILLAFIREFOX-091217.NASL
    descriptionThe Mozilla Firefox was updated to version 3.5.6, fixing lots of bugs and various security issues. The following issues were fixed : - Crashes with evidence of memory corruption (rv:1.9.1.6). (MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3980 / CVE-2009-3982) - (bmo#504843,bmo#523816) Memory safety fixes in liboggplay media library. (MFSA 2009-66 / CVE-2009-3388) - (bmo#515882,bmo#504613) Integer overflow, crash in libtheora video library. (MFSA 2009-67 / CVE-2009-3389) - (bmo#487872) NTLM reflection vulnerability. (MFSA 2009-68 / CVE-2009-3983) - (bmo#521461,bmo#514232) Location bar spoofing vulnerabilities. (MFSA 2009-69 / CVE-2009-3984 / CVE-2009-3985) - (bmo#522430) Privilege escalation via chrome window.opener. (MFSA 2009-70 / CVE-2009-3986)
    last seen2020-06-01
    modified2020-06-02
    plugin id43386
    published2009-12-22
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43386
    titleSuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 1709)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-13366.NASL
    descriptionUpdate to new upstream Firefox version 3.5.6, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox35.html#firefox3.5.6 Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. CVE-2009-3979 CVE-2009-3980 CVE-2009-3982 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3986 CVE-2009-3388 CVE-2009-3389 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43339
    published2009-12-18
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43339
    titleFedora 12 : Miro-2.5.2-7.fc12 / blam-1.8.5-21.fc12 / firefox-3.5.6-1.fc12 / galeon-2.0.7-19.fc12 / etc (2009-13366)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_SEAMONKEY-091223.NASL
    descriptionThe Mozilla SeaMonkey browser suite was updated to version 2.0.1, fixing lots of bugs and various security issues. The following issues were fixed : - MFSA 2009-65/CVE-2009-3979/CVE-2009-3981 Crashes with evidence of memory corruption (1.9.0.16) - MFSA 2009-68/CVE-2009-3983 (bmo#487872) NTLM reflection vulnerability - MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232) Location bar spoofing vulnerabilities - MFSA 2009-70/CVE-2009-3986 (bmo#522430) Privilege escalation via chrome window.opener - MFSA 2009-71/CVE-2009-3987: COM object enumeration only affects Windows operating systems.
    last seen2020-06-01
    modified2020-06-02
    plugin id43619
    published2010-01-03
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43619
    titleopenSUSE Security Update : seamonkey (seamonkey-1738)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-874-1.NASL
    descriptionJesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and David James discovered several flaws in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3979, CVE-2009-3980, CVE-2009-3982, CVE-2009-3986) Takehiro Takahashi discovered flaws in the NTLM implementation in Firefox. If an NTLM authenticated user visited a malicious website, a remote attacker could send requests to other applications, authenticated as the user. (CVE-2009-3983) Jonathan Morgan discovered that Firefox did not properly display SSL indicators under certain circumstances. This could be used by an attacker to spoof an encrypted page, such as in a phishing attack. (CVE-2009-3984) Jordi Chancel discovered that Firefox did not properly display invalid URLs for a blank page. If a user were tricked into accessing a malicious website, an attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2009-3985) David Keeler, Bob Clary, and Dan Kaminsky discovered several flaws in third party media libraries. If a user were tricked into opening a crafted media file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3388, CVE-2009-3389). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43367
    published2009-12-21
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43367
    titleUbuntu 9.10 : firefox-3.5, xulrunner-1.9.1 vulnerabilities (USN-874-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-6735.NASL
    descriptionThe Mozilla Firefox was updated to version 3.5.6, fixing lots of bugs and various security issues. The following issues were fixed : - Crashes with evidence of memory corruption (rv:1.9.1.6). (MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3980 / CVE-2009-3982) - (bmo#504843,bmo#523816) Memory safety fixes in liboggplay media library. (MFSA 2009-66 / CVE-2009-3388) - (bmo#515882,bmo#504613) Integer overflow, crash in libtheora video library. (MFSA 2009-67 / CVE-2009-3389) - (bmo#487872) NTLM reflection vulnerability. (MFSA 2009-68 / CVE-2009-3983) - (bmo#521461,bmo#514232) Location bar spoofing vulnerabilities. (MFSA 2009-69 / CVE-2009-3984 / CVE-2009-3985) - (bmo#522430) Privilege escalation via chrome window.opener. (MFSA 2009-70 / CVE-2009-3986)
    last seen2020-06-01
    modified2020-06-02
    plugin id49889
    published2010-10-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49889
    titleSuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6735)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-13333.NASL
    descriptionUpdate to new upstream Firefox version 3.5.6, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox35.html#firefox3.5.6 Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. CVE-2009-3979 CVE-2009-3980 CVE-2009-3982 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3986 CVE-2009-3388 CVE-2009-3389 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43334
    published2009-12-18
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43334
    titleFedora 11 : Miro-2.5.2-7.fc11 / blam-1.8.5-17.fc11 / chmsee-1.0.1-14.fc11 / epiphany-2.26.3-7.fc11 / etc (2009-13333)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-6733.NASL
    descriptionThe Mozilla Firefox was updated to version 3.5.6, fixing lots of bugs and various security issues. The following issues were fixed : - Crashes with evidence of memory corruption (rv:1.9.1.6). (MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3980 / CVE-2009-3982) - (bmo#504843,bmo#523816) Memory safety fixes in liboggplay media library. (MFSA 2009-66 / CVE-2009-3388) - (bmo#515882,bmo#504613) Integer overflow, crash in libtheora video library. (MFSA 2009-67 / CVE-2009-3389) - (bmo#487872) NTLM reflection vulnerability. (MFSA 2009-68 / CVE-2009-3983) - (bmo#521461,bmo#514232) Location bar spoofing vulnerabilities. (MFSA 2009-69 / CVE-2009-3984 / CVE-2009-3985) - (bmo#522430) Privilege escalation via chrome window.opener. (MFSA 2009-70 / CVE-2009-3986)
    last seen2020-06-01
    modified2020-06-02
    plugin id43397
    published2009-12-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43397
    titleSuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6733)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1674.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986) A flaw was found in the Firefox NT Lan Manager (NTLM) authentication protocol implementation. If an attacker could trick a local user that has NTLM credentials into visiting a specially crafted web page, they could send arbitrary requests, authenticated with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id43171
    published2009-12-16
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43171
    titleRHEL 4 / 5 : firefox (RHSA-2009:1674)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_356.NASL
    descriptionThe installed version of Firefox is 3.5.x earlier than 3.5.6. Such versions are potentially affected by the following security issues : - Multiple crashes can result in arbitrary code execution. (MFSA 2009-65) - Multiple vulnerabilities in
    last seen2020-06-01
    modified2020-06-02
    plugin id43174
    published2009-12-16
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43174
    titleFirefox 3.5 < 3.5.6 Multiple Vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-877-1.NASL
    descriptionUSN-873-1 fixed vulnerabilities in Firefox and Xulrunner. The upstream changes introduced a regression when using NTLM authentication. This update fixes the problem and adds additional stability fixes. We apologize for the inconvenience. Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and David James discovered several flaws in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986) Takehiro Takahashi discovered flaws in the NTLM implementation in Firefox. If an NTLM authenticated user visited a malicious website, a remote attacker could send requests to other applications, authenticated as the user. (CVE-2009-3983) Jonathan Morgan discovered that Firefox did not properly display SSL indicators under certain circumstances. This could be used by an attacker to spoof an encrypted page, such as in a phishing attack. (CVE-2009-3984) Jordi Chancel discovered that Firefox did not properly display invalid URLs for a blank page. If a user were tricked into accessing a malicious website, an attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2009-3985). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43823
    published2010-01-08
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43823
    titleUbuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 regression (USN-877-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1956.NASL
    descriptionSeveral remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-3986 : David James discovered that the window.opener property allows Chrome privilege escalation. - CVE-2009-3985 : Jordi Chanel discovered a spoofing vulnerability of the URL location bar using the document.location property. - CVE-2009-3984 : Jonathan Morgan discovered that the icon indicating a secure connection could be spoofed through the document.location property. - CVE-2009-3983 : Takehiro Takahashi discovered that the NTLM implementation is vulnerable to reflection attacks. - CVE-2009-3981 : Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. - CVE-2009-3979 : Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel and Olli Pettay discovered crashes in the layout engine, which might allow the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id44821
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44821
    titleDebian DSA-1956-1 : xulrunner - several vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1674.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986) A flaw was found in the Firefox NT Lan Manager (NTLM) authentication protocol implementation. If an attacker could trick a local user that has NTLM credentials into visiting a specially crafted web page, they could send arbitrary requests, authenticated with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id43356
    published2009-12-21
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43356
    titleCentOS 4 / 5 : firefox (CESA-2009:1674)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_MOZILLAFIREFOX-091221.NASL
    descriptionThe Mozilla Firefox was updated to version 3.0.16, fixing lots of bugs and various security issues. The following issues were fixed : - MFSA 2009-65/CVE-2009-3979/CVE-2009-3981 Crashes with evidence of memory corruption (1.9.0.16) - MFSA 2009-68/CVE-2009-3983 (bmo#487872) NTLM reflection vulnerability - MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232) Location bar spoofing vulnerabilities - MFSA 2009-70/CVE-2009-3986 (bmo#522430) Privilege escalation via chrome window.opener
    last seen2020-06-01
    modified2020-06-02
    plugin id43396
    published2009-12-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43396
    titleopenSUSE Security Update : MozillaFirefox (MozillaFirefox-1727)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1673.NASL
    descriptionFrom Red Hat Security Advisory 2009:1673 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3979) A flaw was found in the SeaMonkey NT Lan Manager (NTLM) authentication protocol implementation. If an attacker could trick a local user that has NTLM credentials into visiting a specially crafted web page, they could send arbitrary requests, authenticated with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id67974
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67974
    titleOracle Linux 3 / 4 : seamonkey (ELSA-2009-1673)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20091216_FIREFOX_ON_SL4_X.NASL
    descriptionSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986) A flaw was found in the Firefox NT Lan Manager (NTLM) authentication protocol implementation. If an attacker could trick a local user that has NTLM credentials into visiting a specially crafted web page, they could send arbitrary requests, authenticated with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id60709
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60709
    titleScientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1674.NASL
    descriptionFrom Red Hat Security Advisory 2009:1674 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986) A flaw was found in the Firefox NT Lan Manager (NTLM) authentication protocol implementation. If an attacker could trick a local user that has NTLM credentials into visiting a specially crafted web page, they could send arbitrary requests, authenticated with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id67975
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67975
    titleOracle Linux 4 / 5 : firefox (ELSA-2009-1674)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201301-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id63402
    published2013-01-08
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63402
    titleGLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLA-XULRUNNER190-6736.NASL
    descriptionThe Mozilla XULRunner engine was updated to version 1.9.0.16, fixing lots of bugs and various security issues. The following issues were fixed : - Crashes with evidence of memory corruption (1.9.0.16). (MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3981) - (bmo#487872) NTLM reflection vulnerability. (MFSA 2009-68 / CVE-2009-3983) - (bmo#521461, bmo#514232) Location bar spoofing vulnerabilities. (MFSA 2009-69 / CVE-2009-3984 / CVE-2009-3985) - (bmo#522430) Privilege escalation via chrome window.opener. (MFSA 2009-70 / CVE-2009-3986)
    last seen2020-06-01
    modified2020-06-02
    plugin id43399
    published2009-12-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43399
    titleSuSE 10 Security Update : XULRunner (ZYPP Patch Number 6736)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_MOZILLAFIREFOX-091217.NASL
    descriptionThe Mozilla Firefox was updated to version 3.0.16, fixing lots of bugs and various security issues. The following issues were fixed : - MFSA 2009-65/CVE-2009-3979/CVE-2009-3981 Crashes with evidence of memory corruption (1.9.0.16) - MFSA 2009-68/CVE-2009-3983 (bmo#487872) NTLM reflection vulnerability - MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232) Location bar spoofing vulnerabilities - MFSA 2009-70/CVE-2009-3986 (bmo#522430) Privilege escalation via chrome window.opener
    last seen2020-06-01
    modified2020-06-02
    plugin id43395
    published2009-12-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43395
    titleopenSUSE Security Update : MozillaFirefox (MozillaFirefox-1727)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-13362.NASL
    descriptionUpdate to new upstream SeaMonkey version 2.0.1, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/seamonkey20.html#seamonkey2.0.1 CVE-2009-3979 CVE-2009-3980 CVE-2009-3982 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3986 CVE-2009-3388 CVE-2009-3389 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43336
    published2009-12-18
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43336
    titleFedora 12 : seamonkey-2.0.1-1.fc12 (2009-13362)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_MOZILLAFIREFOX-091217.NASL
    descriptionThe Mozilla Firefox was updated to version 3.5.6, fixing lots of bugs and various security issues. The following issues were fixed : - MFSA 2009-65/CVE-2009-3979/CVE-2009-3980/CVE-2009-3982 Crashes with evidence of memory corruption (rv:1.9.1.6) - MFSA 2009-66/CVE-2009-3388 (bmo#504843,bmo#523816) Memory safety fixes in liboggplay media library - MFSA 2009-67/CVE-2009-3389 (bmo#515882,bmo#504613) Integer overflow, crash in libtheora video library - MFSA 2009-68/CVE-2009-3983 (bmo#487872) NTLM reflection vulnerability - MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232) Location bar spoofing vulnerabilities - MFSA 2009-70/CVE-2009-3986 (bmo#522430) Privilege escalation via chrome window.opener
    last seen2020-06-01
    modified2020-06-02
    plugin id43383
    published2009-12-22
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43383
    titleopenSUSE Security Update : MozillaFirefox (MozillaFirefox-1708)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1673.NASL
    descriptionUpdated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3979) A flaw was found in the SeaMonkey NT Lan Manager (NTLM) authentication protocol implementation. If an attacker could trick a local user that has NTLM credentials into visiting a specially crafted web page, they could send arbitrary requests, authenticated with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id43170
    published2009-12-16
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43170
    titleRHEL 3 / 4 : seamonkey (RHSA-2009:1673)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1673.NASL
    descriptionUpdated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3979) A flaw was found in the SeaMonkey NT Lan Manager (NTLM) authentication protocol implementation. If an attacker could trick a local user that has NTLM credentials into visiting a specially crafted web page, they could send arbitrary requests, authenticated with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id43355
    published2009-12-21
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43355
    titleCentOS 4 : seamonkey (CESA-2009:1673)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_01C57D20EA2611DEBD3900248C9B4BE7.NASL
    descriptionMozilla Project reports : MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects MFSA 2009-70 Privilege escalation via chrome window.opener MFSA 2009-69 Location bar spoofing vulnerabilities MFSA 2009-68 NTLM reflection vulnerability MFSA 2009-67 Integer overflow, crash in libtheora video library MFSA 2009-66 Memory safety fixes in liboggplay media library MFSA 2009-65 Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16)
    last seen2020-06-01
    modified2020-06-02
    plugin id43176
    published2009-12-17
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43176
    titleFreeBSD : mozilla -- multiple vulnerabilities (01c57d20-ea26-11de-bd39-00248c9b4be7)

Oval

  • accepted2014-10-06T04:04:36.878-04:00
    classvulnerability
    contributors
    • nameJ. Daniel Brown
      organizationDTCC
    • nameSergey Artykhov
      organizationALTX-SOFT
    • nameSergey Artykhov
      organizationALTX-SOFT
    • nameShane Shaffer
      organizationG2, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    • nameEvgeniy Pavlov
      organizationALTX-SOFT
    • nameEvgeniy Pavlov
      organizationALTX-SOFT
    • nameEvgeniy Pavlov
      organizationALTX-SOFT
    definition_extensions
    • commentMozilla Firefox Mainline release is installed
      ovaloval:org.mitre.oval:def:22259
    • commentMozilla Seamonkey is installed
      ovaloval:org.mitre.oval:def:6372
    descriptionMozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body.
    familywindows
    idoval:org.mitre.oval:def:8379
    statusaccepted
    submitted2010-01-07T17:30:00.000-05:00
    titleMozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
    version29
  • accepted2013-04-29T04:22:15.561-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionMozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body.
    familyunix
    idoval:org.mitre.oval:def:9791
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleMozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body.
    version27

Redhat

advisories
  • bugzilla
    id546722
    titleCVE-2009-3984 Mozilla SSL spoofing with document.location and empty SSL response page
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commentseamonkey-devel is earlier than 0:1.0.9-51.el4_8
            ovaloval:com.redhat.rhsa:tst:20091673001
          • commentseamonkey-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609010
        • AND
          • commentseamonkey-dom-inspector is earlier than 0:1.0.9-51.el4_8
            ovaloval:com.redhat.rhsa:tst:20091673003
          • commentseamonkey-dom-inspector is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609008
        • AND
          • commentseamonkey is earlier than 0:1.0.9-51.el4_8
            ovaloval:com.redhat.rhsa:tst:20091673005
          • commentseamonkey is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609006
        • AND
          • commentseamonkey-chat is earlier than 0:1.0.9-51.el4_8
            ovaloval:com.redhat.rhsa:tst:20091673007
          • commentseamonkey-chat is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609004
        • AND
          • commentseamonkey-mail is earlier than 0:1.0.9-51.el4_8
            ovaloval:com.redhat.rhsa:tst:20091673009
          • commentseamonkey-mail is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609012
        • AND
          • commentseamonkey-js-debugger is earlier than 0:1.0.9-51.el4_8
            ovaloval:com.redhat.rhsa:tst:20091673011
          • commentseamonkey-js-debugger is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060609002
    rhsa
    idRHSA-2009:1673
    released2009-12-15
    severityCritical
    titleRHSA-2009:1673: seamonkey security update (Critical)
  • rhsa
    idRHSA-2009:1674
rpms
  • seamonkey-0:1.0.9-0.48.el3
  • seamonkey-0:1.0.9-51.el4_8
  • seamonkey-chat-0:1.0.9-0.48.el3
  • seamonkey-chat-0:1.0.9-51.el4_8
  • seamonkey-debuginfo-0:1.0.9-0.48.el3
  • seamonkey-debuginfo-0:1.0.9-51.el4_8
  • seamonkey-devel-0:1.0.9-0.48.el3
  • seamonkey-devel-0:1.0.9-51.el4_8
  • seamonkey-dom-inspector-0:1.0.9-0.48.el3
  • seamonkey-dom-inspector-0:1.0.9-51.el4_8
  • seamonkey-js-debugger-0:1.0.9-0.48.el3
  • seamonkey-js-debugger-0:1.0.9-51.el4_8
  • seamonkey-mail-0:1.0.9-0.48.el3
  • seamonkey-mail-0:1.0.9-51.el4_8
  • seamonkey-nspr-0:1.0.9-0.48.el3
  • seamonkey-nspr-devel-0:1.0.9-0.48.el3
  • seamonkey-nss-0:1.0.9-0.48.el3
  • seamonkey-nss-devel-0:1.0.9-0.48.el3
  • firefox-0:3.0.16-1.el5_4
  • firefox-0:3.0.16-4.el4
  • firefox-debuginfo-0:3.0.16-1.el5_4
  • firefox-debuginfo-0:3.0.16-4.el4
  • xulrunner-0:1.9.0.16-2.el5_4
  • xulrunner-debuginfo-0:1.9.0.16-2.el5_4
  • xulrunner-devel-0:1.9.0.16-2.el5_4
  • xulrunner-devel-unstable-0:1.9.0.16-2.el5_4

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 37367 CVE ID: CVE-2009-3984 Firefox是一款流行的开源WEB浏览器。 通过http:或file:等不安全协议所加载的页面将其document.location设置为响应204状态和空响应体的https: URL。不安全的网页接受地址栏边的SSL指示符,但没有对页面进行任何修改,这可能导致用户在访问不安全网页的时候误以为正在访问安全的网页。 Mozilla Firefox 3.5.x Mozilla Firefox 3.0.x Mozilla SeaMonkey 2.0 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1956-1)以及相应补丁: DSA-1956-1:New xulrunner packages fix several vulnerabilities 链接:http://www.debian.org/security/2009/dsa-1956 补丁下载: Source archives: http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.16-1.dsc Size/MD5 checksum: 1755 661a7213945541c3aff7c1225f4a4e4b http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.16.orig.tar.gz Size/MD5 checksum: 44158276 49eccba737701abfd9f0405dc91fb848 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.16-1.diff.gz Size/MD5 checksum: 116218 6d5380e0a12ea65cbfa98059641c5b1b Architecture independent packages: http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.16-1_all.deb Size/MD5 checksum: 1464570 40a5ae6f705fe11bb244e039804233ea alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_alpha.deb Size/MD5 checksum: 51094414 36f539011a5ee228fae0195020709cc7 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_alpha.deb Size/MD5 checksum: 432242 c5110bdb4836a6e20a9b9b8e6959c1e9 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_alpha.deb Size/MD5 checksum: 9494198 0139dd56d61b77e77316ab24937df305 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_alpha.deb Size/MD5 checksum: 938424 b52ef8d6a5671df01a179e42379af747 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_alpha.deb Size/MD5 checksum: 72044 2fe658f8d17e1547d7c18d7e382b1c02 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_alpha.deb Size/MD5 checksum: 163948 ee725d4c448ebf6d3c3def1ec0302e8a http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_alpha.deb Size/MD5 checksum: 3651674 4f728529795d19de42ee07c1a994d84e http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_alpha.deb Size/MD5 checksum: 221628 578247ecd3b3c21230b272fe446c85b8 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_alpha.deb Size/MD5 checksum: 112068 52292e961eea13ac499f0923f8f56afe amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_amd64.deb Size/MD5 checksum: 3288346 c4994fb96c217a3d16d718b919c5488a http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_amd64.deb Size/MD5 checksum: 151976 db96efb00277b2eae199c26b99ea043e http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_amd64.deb Size/MD5 checksum: 69948 db7a93f30248ee123430c0ec8fc51388 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_amd64.deb Size/MD5 checksum: 101544 804243e7ed5e3fadb407f16d9d78f081 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_amd64.deb Size/MD5 checksum: 890384 5dfe153e3eafca3a3590d44692088152 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_amd64.deb Size/MD5 checksum: 374232 dfee7250cbe693362d58228d815b17a1 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_amd64.deb Size/MD5 checksum: 50332174 0c1988f9cff6d4718d0965f6fe2ca00c http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_amd64.deb Size/MD5 checksum: 7724684 2ece5643c14ae34a0270d1bb740d0190 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_amd64.deb Size/MD5 checksum: 223014 368b9f81b97bedfd51ea46cef4bfed9c hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_hppa.deb Size/MD5 checksum: 223372 f14b9641604130cbd1316684ce80eea4 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_hppa.deb Size/MD5 checksum: 72040 cee4430fd91f516a3a6b64a851cba9d1 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_hppa.deb Size/MD5 checksum: 898940 adc9f60d3478ac3efac390b54f758c08 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_hppa.deb Size/MD5 checksum: 413076 fa0451857abe00213b1c2fdbbeeb9216 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_hppa.deb Size/MD5 checksum: 158510 c33508922abba00e2db82b4330cfe556 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_hppa.deb Size/MD5 checksum: 51227746 215c15bee82bd5ee69c1603c93e47c74 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_hppa.deb Size/MD5 checksum: 3629732 24ae38db87e085986b45cbfbf51596b5 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_hppa.deb Size/MD5 checksum: 106760 9d9f796627813bf63d3d59cbc80cae94 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_hppa.deb Size/MD5 checksum: 9512538 053e525101326d09b2b302090b172496 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_i386.deb Size/MD5 checksum: 6603188 5a7d3778788b71f3214ed981d2158481 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_i386.deb Size/MD5 checksum: 141452 0281b88b7c5efcd28e70283d9083a78c http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_i386.deb Size/MD5 checksum: 350878 d2977664d676cf868f1945c7949ff91b http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_i386.deb Size/MD5 checksum: 3565586 3a069b19bc73d53ace1bd816412b4672 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_i386.deb Size/MD5 checksum: 851826 a7b7b5596d788b006125e1af9f50b9e2 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_i386.deb Size/MD5 checksum: 223270 46166eab3e8d094223f19cf7024f00f5 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_i386.deb Size/MD5 checksum: 49496458 37d985ecce882e81a20e797ad1ea3618 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_i386.deb Size/MD5 checksum: 68158 8b79e51fcd2e87aba9db39b000027e5f http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_i386.deb Size/MD5 checksum: 79204 52f55479a92095e5e410680a64c35a69 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_ia64.deb Size/MD5 checksum: 223178 56b4d13963a5417365ac98e7cb68f9c2 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_ia64.deb Size/MD5 checksum: 180234 118576ab26bd4bc6e98a32574d30aa21 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_ia64.deb Size/MD5 checksum: 76530 5d78eca360e0d75cb28ca38fed899d91 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_ia64.deb Size/MD5 checksum: 811202 72192683bea462cc1f5f672c7988d9e9 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_ia64.deb Size/MD5 checksum: 121554 ac350b3e945c3d6b619d07f099af37ce http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_ia64.deb Size/MD5 checksum: 3397796 8d200fb548f982d0752ade5d0c28f593 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_ia64.deb Size/MD5 checksum: 49671280 16b4ad4e4ab3f9eab9ff83baf69e098f http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_ia64.deb Size/MD5 checksum: 11302800 b071e5b863130a778ab494c853617ca6 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_ia64.deb Size/MD5 checksum: 542146 141726b2753b7921fed58c5ffba4c2df mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_mips.deb Size/MD5 checksum: 918282 528a68827030f8761ab114e74fafc1e4 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_mips.deb Size/MD5 checksum: 3308002 bf1f6036812f8848332a98197b46e8ac http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_mips.deb Size/MD5 checksum: 223192 2c1f794ad7ff07396a5290c0fb39885d http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_mips.deb Size/MD5 checksum: 97104 2bdf01e5ce9380788078e3da3dce886a http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_mips.deb Size/MD5 checksum: 69950 5e7d343695b4b895020e7346daf6dad8 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_mips.deb Size/MD5 checksum: 51850028 8d341a8e7ef18c24778b61ae228dfcd7 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_mips.deb Size/MD5 checksum: 380128 d1394d5bbc20bb7822aede419206733d http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_mips.deb Size/MD5 checksum: 145388 263d12d202370293e8eb3b4c5374365d http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_mips.deb Size/MD5 checksum: 7649668 6d6cf7e6a00da066b8e5fbdeba9d61ed mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_mipsel.deb Size/MD5 checksum: 145050 ebdb58e0370aef9bef4ebf5f2736f4ad http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_mipsel.deb Size/MD5 checksum: 223200 caf058f99c969d46b9a7a40f0d0e3fc8 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_mipsel.deb Size/MD5 checksum: 7375656 83fea69a0f228bdd1f346cae0e4fce83 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_mipsel.deb Size/MD5 checksum: 3309390 02be3ae69ff0bb0e74511c90e65ee397 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_mipsel.deb Size/MD5 checksum: 900198 c47c7a1172694e5bba824f8d8f0da98e http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_mipsel.deb Size/MD5 checksum: 49967230 1aa11add1436ac50da0e7098b7858fcf http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_mipsel.deb Size/MD5 checksum: 96810 d1d70a9ac6cd40722fd448822bb41d42 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_mipsel.deb Size/MD5 checksum: 69892 1b8c2bd977102cfa5e84e227fbb95324 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_mipsel.deb Size/MD5 checksum: 378640 18bf07b633c1eaa5a6766e0043491e1d powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_powerpc.deb Size/MD5 checksum: 223186 a98c3d606008370b58426e68aa1d74eb http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_powerpc.deb Size/MD5 checksum: 73036 420365b25bd6586f30ad15a532b7f711 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_powerpc.deb Size/MD5 checksum: 3283746 eb8cd1cc29aad06c45f912b39dd1d35c http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_powerpc.deb Size/MD5 checksum: 7276356 1ff0a306c07d06af8692c569e65e4370 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_powerpc.deb Size/MD5 checksum: 887834 00ddf03b5858a38abb4c1268e14b8deb http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_powerpc.deb Size/MD5 checksum: 362562 403794ddb64118af431bae437aa83f55 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_powerpc.deb Size/MD5 checksum: 94824 68a744cc480c2bb91e5fccd0bbe2b8f7 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_powerpc.deb Size/MD5 checksum: 51392064 99becd6b3e9926f6b9ad06d35273bb96 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_powerpc.deb Size/MD5 checksum: 152322 5496044d62fc184a0207d8a1f7b16528 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_s390.deb Size/MD5 checksum: 105586 a049e14abd47bd52222d230d0ab5a779 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_s390.deb Size/MD5 checksum: 406744 93ef047be735be315259b074218e86d7 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_s390.deb Size/MD5 checksum: 8389742 4eb282c84e3c7e9f152e4039517d1937 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_s390.deb Size/MD5 checksum: 223184 7286a158dab58e76054ed3af5ec04a09 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_s390.deb Size/MD5 checksum: 909268 db230812204f07871e429bd7905ec502 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_s390.deb Size/MD5 checksum: 72922 3c5bedcaba5e9ea016983a0f00f54f7c http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_s390.deb Size/MD5 checksum: 156154 3b6f6e83b5019f2b85ede8d18e7bb108 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_s390.deb Size/MD5 checksum: 3306442 8c65f811bc4738b29e2b380e278cacc4 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_s390.deb Size/MD5 checksum: 51168676 4707184c455836b99d06075a06776866 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_sparc.deb Size/MD5 checksum: 88242 41d0bc936d44d0ae634785b40612c795 http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_sparc.deb Size/MD5 checksum: 143282 658b3bbe4a734b9b1b17d7427d61baec http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_sparc.deb Size/MD5 checksum: 49355150 e2f70f19c1e526dc0bd2b324d25476e8 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_sparc.deb Size/MD5 checksum: 350094 0dcf1d199dabaa5207adfd370f391592 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_sparc.deb Size/MD5 checksum: 3577426 9c84a634aacd4ec64592ca24f5bec695 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_sparc.deb Size/MD5 checksum: 223282 4ca30dc0fc7989ee4045df25fa3df454 http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_sparc.deb Size/MD5 checksum: 7175610 7ed182660d5e25fd16ffd5e65e3af587 http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_sparc.deb Size/MD5 checksum: 821316 6fc3418c8abe57536e00b579970efaf9 http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_sparc.deb Size/MD5 checksum: 69406 9a525e6314a592841214dc2c77186c8c 补丁安装方法: 1. 手工安装补丁包: 首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址) 然后,使用下面的命令来安装补丁: # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包: 首先,使用下面的命令更新内部数据库: # apt-get update 然后,使用下面的命令安装更新软件包: # apt-get upgrade Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.mozilla.org/ RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2009:1673-01)以及相应补丁: RHSA-2009:1673-01:Critical: seamonkey security update 链接:https://www.redhat.com/support/errata/RHSA-2009-1673.html
idSSV:15106
last seen2017-11-19
modified2009-12-18
published2009-12-18
reporterRoot
titleFirefox不安全协议地址栏欺骗漏洞