Vulnerabilities > CVE-2010-2754 - Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Subverting Environment Variable Values The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
- Footprinting An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
- Exploiting Trust in Client (aka Make the Client Invisible) An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
- Browser Fingerprinting An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
- Session Credential Falsification through Prediction This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-930-5.NASL description USN-930-4 fixed vulnerabilities in Firefox and Xulrunner on Ubuntu 9.04 and 9.10. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2. If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2010-1121) Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203) A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1198) An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1196) Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199) Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. (CVE-2010-1125) Ilja van Sprundel discovered that the last seen 2020-06-01 modified 2020-06-02 plugin id 47825 published 2010-07-26 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47825 title Ubuntu 9.04 / 9.10 : ant, apturl, epiphany-browser, gluezilla, gnome-python-extras, liferea, mozvoikko, openjdk-6, packagekit, ubufox, webfav, yelp update (USN-930-5) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-930-5. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(47825); script_version("1.14"); script_cvs_date("Date: 2019/09/19 12:54:26"); script_cve_id("CVE-2008-5913", "CVE-2010-0654", "CVE-2010-1121", "CVE-2010-1125", "CVE-2010-1196", "CVE-2010-1197", "CVE-2010-1198", "CVE-2010-1199", "CVE-2010-1200", "CVE-2010-1201", "CVE-2010-1202", "CVE-2010-1203", "CVE-2010-1205", "CVE-2010-1206", "CVE-2010-1207", "CVE-2010-1208", "CVE-2010-1209", "CVE-2010-1210", "CVE-2010-1211", "CVE-2010-1212", "CVE-2010-1213", "CVE-2010-1214", "CVE-2010-1215", "CVE-2010-2751", "CVE-2010-2752", "CVE-2010-2753", "CVE-2010-2754"); script_bugtraq_id(33276, 38952, 40701, 41055, 41082, 41087, 41090, 41093, 41094, 41099, 41102, 41103, 41174, 41842, 41845, 41849, 41852, 41853, 41859, 41860, 41866, 41871, 41872, 41878); script_xref(name:"USN", value:"930-5"); script_name(english:"Ubuntu 9.04 / 9.10 : ant, apturl, epiphany-browser, gluezilla, gnome-python-extras, liferea, mozvoikko, openjdk-6, packagekit, ubufox, webfav, yelp update (USN-930-5)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "USN-930-4 fixed vulnerabilities in Firefox and Xulrunner on Ubuntu 9.04 and 9.10. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2. If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2010-1121) Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203) A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1198) An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1196) Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199) Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. (CVE-2010-1125) Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. (CVE-2010-1197) Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different websites. (CVE-2008-5913) Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212) An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1214) A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. (CVE-2010-1215) An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752) An integer overflow was discovered in how Firefox interpreted the XUL <tree> element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753) Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205) Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-1213, CVE-2010-1207) O. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-1210) Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no content) code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-1206) Jordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-2751) Chris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0654) Soroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/930-5/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(94); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ant-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ant-gcj"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ant-optional"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ant-optional-gcj"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apturl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:epiphany-browser"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:epiphany-browser-data"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:epiphany-browser-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:epiphany-browser-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:epiphany-gecko"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gstreamer0.10-packagekit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgluezilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpackagekit-glib-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpackagekit-glib11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpackagekit-qt-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpackagekit-qt11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:liferea"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:liferea-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-packagekit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozvoikko"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:packagekit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:packagekit-backend-apt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:packagekit-backend-smart"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:packagekit-backend-yum"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-eggtrayicon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-gda"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-gdl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-gksu2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-gnome2-extras"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-gnome2-extras-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-gnome2-extras-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-gnome2-extras-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-gtkhtml2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-gtkhtml2-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-gtkmozembed"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-gtkspell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-packagekit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ubufox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:webfav"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:yelp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/01/20"); script_set_attribute(attribute:"patch_publication_date", value:"2010/07/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(9\.04|9\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 9.04 / 9.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"9.04", pkgname:"ant", pkgver:"1.7.1-0ubuntu2.2")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"ant-doc", pkgver:"1.7.1-0ubuntu2.2")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"ant-gcj", pkgver:"1.7.1-0ubuntu2.2")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"ant-optional", pkgver:"1.7.1-0ubuntu2.2")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"ant-optional-gcj", pkgver:"1.7.1-0ubuntu2.2")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"apturl", pkgver:"0.3.3ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"epiphany-browser", pkgver:"2.26.1-0ubuntu1.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"epiphany-browser-data", pkgver:"2.26.1-0ubuntu1.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"epiphany-browser-dbg", pkgver:"2.26.1-0ubuntu1.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"epiphany-browser-dev", pkgver:"2.26.1-0ubuntu1.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"epiphany-gecko", pkgver:"2.26.1-0ubuntu1.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"gstreamer0.10-packagekit", pkgver:"0.3.14-0ubuntu5.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"icedtea-6-jre-cacao", pkgver:"6b18-1.8-4ubuntu3~9.04.2")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"icedtea6-plugin", pkgver:"6b18-1.8-4ubuntu3~9.04.2")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libgluezilla", pkgver:"2.0-1ubuntu1.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libpackagekit-glib-dev", pkgver:"0.3.14-0ubuntu5.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libpackagekit-glib11", pkgver:"0.3.14-0ubuntu5.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libpackagekit-qt-dev", pkgver:"0.3.14-0ubuntu5.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libpackagekit-qt11", pkgver:"0.3.14-0ubuntu5.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"liferea", pkgver:"1.4.26-0ubuntu1.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"liferea-dbg", pkgver:"1.4.26-0ubuntu1.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"mozilla-packagekit", pkgver:"0.3.14-0ubuntu5.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"mozvoikko", pkgver:"0.9.5-1ubuntu2.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-dbg", pkgver:"6b18-1.8-4ubuntu3~9.04.2")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-demo", pkgver:"6b18-1.8-4ubuntu3~9.04.2")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-doc", pkgver:"6b18-1.8-4ubuntu3~9.04.2")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-jdk", pkgver:"6b18-1.8-4ubuntu3~9.04.2")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-jre", pkgver:"6b18-1.8-4ubuntu3~9.04.2")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-jre-headless", pkgver:"6b18-1.8-4ubuntu3~9.04.2")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-jre-lib", pkgver:"6b18-1.8-4ubuntu3~9.04.2")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-jre-zero", pkgver:"6b18-1.8-4ubuntu3~9.04.2")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-source", pkgver:"6b18-1.8-4ubuntu3~9.04.2")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"packagekit", pkgver:"0.3.14-0ubuntu5.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"packagekit-backend-apt", pkgver:"0.3.14-0ubuntu5.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"packagekit-backend-smart", pkgver:"0.3.14-0ubuntu5.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"packagekit-backend-yum", pkgver:"0.3.14-0ubuntu5.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"python-gnome2-extras", pkgver:"2.19.1-0ubuntu14.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"python-gnome2-extras-dbg", pkgver:"2.19.1-0ubuntu14.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"python-gnome2-extras-dev", pkgver:"2.19.1-0ubuntu14.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"python-gnome2-extras-doc", pkgver:"2.19.1-0ubuntu14.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"python-gtkhtml2", pkgver:"2.19.1-0ubuntu14.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"python-gtkhtml2-dbg", pkgver:"2.19.1-0ubuntu14.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"python-packagekit", pkgver:"0.3.14-0ubuntu5.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"ubufox", pkgver:"0.9~rc2-0ubuntu0.9.04.2")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"webfav", pkgver:"1.11-0ubuntu1.9.04.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"yelp", pkgver:"2.25.1-0ubuntu5.9.04.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"ant", pkgver:"1.7.1-4ubuntu0.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"ant-doc", pkgver:"1.7.1-4ubuntu0.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"ant-gcj", pkgver:"1.7.1-4ubuntu0.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"ant-optional", pkgver:"1.7.1-4ubuntu0.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"ant-optional-gcj", pkgver:"1.7.1-4ubuntu0.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"icedtea-6-jre-cacao", pkgver:"6b18-1.8-4ubuntu3~9.10.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"icedtea6-plugin", pkgver:"6b18-1.8-4ubuntu3~9.10.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"mozvoikko", pkgver:"1.0-1ubuntu3.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openjdk-6-dbg", pkgver:"6b18-1.8-4ubuntu3~9.10.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openjdk-6-demo", pkgver:"6b18-1.8-4ubuntu3~9.10.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openjdk-6-doc", pkgver:"6b18-1.8-4ubuntu3~9.10.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openjdk-6-jdk", pkgver:"6b18-1.8-4ubuntu3~9.10.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openjdk-6-jre", pkgver:"6b18-1.8-4ubuntu3~9.10.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openjdk-6-jre-headless", pkgver:"6b18-1.8-4ubuntu3~9.10.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openjdk-6-jre-lib", pkgver:"6b18-1.8-4ubuntu3~9.10.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openjdk-6-jre-zero", pkgver:"6b18-1.8-4ubuntu3~9.10.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openjdk-6-source", pkgver:"6b18-1.8-4ubuntu3~9.10.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"python-eggtrayicon", pkgver:"2.25.3-3ubuntu1.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"python-gda", pkgver:"2.25.3-3ubuntu1.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"python-gdl", pkgver:"2.25.3-3ubuntu1.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"python-gksu2", pkgver:"2.25.3-3ubuntu1.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"python-gnome2-extras", pkgver:"2.25.3-3ubuntu1.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"python-gnome2-extras-dbg", pkgver:"2.25.3-3ubuntu1.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"python-gnome2-extras-dev", pkgver:"2.25.3-3ubuntu1.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"python-gtkhtml2", pkgver:"2.25.3-3ubuntu1.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"python-gtkmozembed", pkgver:"2.25.3-3ubuntu1.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"python-gtkspell", pkgver:"2.25.3-3ubuntu1.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"ubufox", pkgver:"0.9~rc2-0ubuntu0.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"webfav", pkgver:"1.16-0ubuntu1.9.10.1")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"yelp", pkgver:"2.28.0-0ubuntu2.9.10.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ant / ant-doc / ant-gcj / ant-optional / ant-optional-gcj / apturl / etc"); }NASL family Windows NASL id MOZILLA_FIREFOX_367.NASL description The installed version of Firefox 3.6.x is earlier than 3.6.7. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could result in memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-34) - An error in DOM attribute cloning could result in arbitrary code execution. (MFSA 2010-35) - An error in Mozilla last seen 2020-06-01 modified 2020-06-02 plugin id 47782 published 2010-07-22 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47782 title Firefox 3.6 < 3.6.7 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(47782); script_version("1.20"); script_cvs_date("Date: 2018/07/16 14:09:14"); script_cve_id( "CVE-2010-0654", "CVE-2010-1206", "CVE-2010-1207", "CVE-2010-1208", "CVE-2010-1209", "CVE-2010-1210", "CVE-2010-1211", "CVE-2010-1212", "CVE-2010-1213", "CVE-2010-1214", "CVE-2010-1215", "CVE-2010-2751", "CVE-2010-2752", "CVE-2010-2753", "CVE-2010-2754" ); script_bugtraq_id( 41842, 41845, 41849, 41852, 41853, 41859, 41860, 41865, 41866, 41868, 41871, 41872, 41878, 41968 ); script_xref(name:"Secunia", value:"39925"); script_xref(name:"Secunia", value:"40283"); script_name(english:"Firefox 3.6 < 3.6.7 Multiple Vulnerabilities"); script_summary(english:"Checks version of Firefox"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a web browser that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The installed version of Firefox 3.6.x is earlier than 3.6.7. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could result in memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-34) - An error in DOM attribute cloning could result in arbitrary code execution. (MFSA 2010-35) - An error in Mozilla's 'NodeIterator' implementation could lead to arbitrary code execution. (MFSA 2010-36) - An error in the code to store the names and values of plugin parameters could lead arbitrary code execution. (MFSA 2010-37) - It may be possible to run arbitrary JavaScript with chrome privileges using SJOW and fast native function. (MFSA 2010-38) - The array class used to store CSS values is affected by an integer overflow vulnerability. (MFSA 2010-39) - An integer overflow vulnerability exists in the 'selection' attribute of XUL <tree> element. (MFSA 2010-40) - A buffer overflow vulnerability in Mozilla graphics code could lead to arbitrary code execution. (MFSA 2010-41) - It is possible to read and parse resources from other domains even when the content is not valid JavaScript leading to cross-domain data disclosure. (MFSA 2010-42) - The canvas element can be used to read data from another site leading to a same-origin bypass vulnerability. (MFSA 2010-43) - Characters mapped to U+FFFD in 8 bit encodings could cause subsequent characters to disappear, potentially contributing to cross-site scripting issues on certain websites. (MFSA 2010-44) - Multiple location bar spoofing vulnerabilities exist. (MFSA 2010-45) - It is possible to read data across domains by injecting bogus CSS selectors into a target site. (MFSA 2010-46) - Potentially sensitive URL parameters could be leaked across domains via script errors. (MFSA 2010-47)"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-34/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-35/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-36/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-37/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-38/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-39/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-40/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-41/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-42/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-43/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-44/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-45/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-46/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-47/"); script_set_attribute(attribute:"solution", value:"Upgrade to Firefox 3.6.7 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(94); script_set_attribute(attribute:"vuln_publication_date", value:"2009/10/23"); # (MFSA 2010-46) script_set_attribute(attribute:"patch_publication_date", value:"2010/07/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/22"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Firefox/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item_or_exit("SMB/transport"); installs = get_kb_list("SMB/Mozilla/Firefox/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox"); mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'3.6.7', min:'3.6', severity:SECURITY_HOLE);NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_8C2EA875949911DF8E32000F20797EDE.NASL description The Mozilla Project reports : MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11) MFSA 2010-35 DOM attribute cloning remote code execution vulnerability MFSA 2010-36 Use-after-free error in NodeIterator MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability MFSA 2010-38 Arbitrary code execution using SJOW and fast native function MFSA 2010-39 nsCSSValue::Array index integer overflow MFSA 2010-40 nsTreeSelection dangling pointer remote code execution vulnerability MFSA 2010-41 Remote code execution using malformed PNG image MFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts MFSA 2010-43 Same-origin bypass using canvas context MFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish MFSA 2010-45 Multiple location bar spoofing vulnerabilities MFSA 2010-46 Cross-domain data theft using CSS MFSA 2010-47 Cross-origin data leakage from script filename in error messages last seen 2020-06-01 modified 2020-06-02 plugin id 47794 published 2010-07-22 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47794 title FreeBSD : mozilla -- multiple vulnerabilities (8c2ea875-9499-11df-8e32-000f20797ede) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(47794); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:40"); script_cve_id("CVE-2010-0654", "CVE-2010-1205", "CVE-2010-1206", "CVE-2010-1207", "CVE-2010-1208", "CVE-2010-1209", "CVE-2010-1210", "CVE-2010-1211", "CVE-2010-1212", "CVE-2010-1213", "CVE-2010-1214", "CVE-2010-1215", "CVE-2010-2751", "CVE-2010-2752", "CVE-2010-2753", "CVE-2010-2754"); script_name(english:"FreeBSD : mozilla -- multiple vulnerabilities (8c2ea875-9499-11df-8e32-000f20797ede)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "The Mozilla Project reports : MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11) MFSA 2010-35 DOM attribute cloning remote code execution vulnerability MFSA 2010-36 Use-after-free error in NodeIterator MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability MFSA 2010-38 Arbitrary code execution using SJOW and fast native function MFSA 2010-39 nsCSSValue::Array index integer overflow MFSA 2010-40 nsTreeSelection dangling pointer remote code execution vulnerability MFSA 2010-41 Remote code execution using malformed PNG image MFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts MFSA 2010-43 Same-origin bypass using canvas context MFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish MFSA 2010-45 Multiple location bar spoofing vulnerabilities MFSA 2010-46 Cross-domain data theft using CSS MFSA 2010-47 Cross-origin data leakage from script filename in error messages" ); # http://www.mozilla.org/security/announce/2010/mfsa2010-34.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-34/" ); # http://www.mozilla.org/security/announce/2010/mfsa2010-35.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-35/" ); # http://www.mozilla.org/security/announce/2010/mfsa2010-36.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-36/" ); # http://www.mozilla.org/security/announce/2010/mfsa2010-37.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-37/" ); # http://www.mozilla.org/security/announce/2010/mfsa2010-38.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-38/" ); # http://www.mozilla.org/security/announce/2010/mfsa2010-39.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-39/" ); # http://www.mozilla.org/security/announce/2010/mfsa2010-40.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-40/" ); # http://www.mozilla.org/security/announce/2010/mfsa2010-41.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-41/" ); # http://www.mozilla.org/security/announce/2010/mfsa2010-42.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-42/" ); # http://www.mozilla.org/security/announce/2010/mfsa2010-43.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-43/" ); # http://www.mozilla.org/security/announce/2010/mfsa2010-44.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-44/" ); # http://www.mozilla.org/security/announce/2010/mfsa2010-45.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-45/" ); # http://www.mozilla.org/security/announce/2010/mfsa2010-46.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-46/" ); # http://www.mozilla.org/security/announce/2010/mfsa2010-47.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-47/" ); # https://vuxml.freebsd.org/freebsd/8c2ea875-9499-11df-8e32-000f20797ede.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?bc98ecc0" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(94); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-firefox-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:thunderbird"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/07/20"); script_set_attribute(attribute:"patch_publication_date", value:"2010/07/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"firefox>3.6.*,1<3.6.7,1")) flag++; if (pkg_test(save_report:TRUE, pkg:"firefox>3.5.*,1<3.5.11,1")) flag++; if (pkg_test(save_report:TRUE, pkg:"linux-firefox<3.6.7,1")) flag++; if (pkg_test(save_report:TRUE, pkg:"linux-firefox-devel<3.5.11")) flag++; if (pkg_test(save_report:TRUE, pkg:"seamonkey>2.0.*<2.0.6")) flag++; if (pkg_test(save_report:TRUE, pkg:"thunderbird>=3.0<3.0.6")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Windows NASL id MOZILLA_THUNDERBIRD_311.NASL description The installed version of Thunderbird is earlier than 3.1.1. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could result in memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-34) - It may be possible to run arbitrary JavaScript with chrome privileges using SJOW and fast native function. (MFSA 2010-38) - The array class used to store CSS values is affected by an integer overflow vulnerability. (MFSA 2010-39) - An integer overflow vulnerability exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 47784 published 2010-07-21 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47784 title Mozilla Thunderbird 3.1.x < 3.1.1 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(47784); script_version("1.20"); script_cvs_date("Date: 2018/07/16 14:09:15"); script_cve_id("CVE-2010-0654", "CVE-2010-1205", "CVE-2010-1207", "CVE-2010-1210", "CVE-2010-1211", "CVE-2010-1212", "CVE-2010-1213", "CVE-2010-1215", "CVE-2010-2752", "CVE-2010-2753", "CVE-2010-2754"); script_bugtraq_id(41852, 41853, 41859, 41860, 41866, 41871, 41872, 41878); script_xref(name:"Secunia", value:"40642"); script_name(english:"Mozilla Thunderbird 3.1.x < 3.1.1 Multiple Vulnerabilities"); script_summary(english:"Checks version of Thunderbird"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a mail client that is affected by multiple vulnerabilities." ); script_set_attribute(attribute:"description", value: "The installed version of Thunderbird is earlier than 3.1.1. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could result in memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-34) - It may be possible to run arbitrary JavaScript with chrome privileges using SJOW and fast native function. (MFSA 2010-38) - The array class used to store CSS values is affected by an integer overflow vulnerability. (MFSA 2010-39) - An integer overflow vulnerability exists in the 'selection' attribute of XUL <tree> element. (MFSA 2010-40) - A buffer overflow vulnerability in Mozilla graphics code could lead to arbitrary code execution. (MFSA 2010-41) - It is possible to read and parse resources from other domains even when the content is not valid JavaScript leading to cross-domain data disclosure. (MFSA 2010-42) - The canvas element can be used to read data from another site leading to a same-origin bypass vulnerability. (MFSA 2010-43) - Characters mapped to U+FFFD in 8 bit encodings could cause subsequent characters to disappear, potentially contributing to cross-site scripting issues on certain websites. (MFSA 2010-44) - It is possible to read data across domains by injecting bogus CSS selectors into a target site. (MFSA 2010-46) - Potentially sensitive URL parameters could be leaked across domains via script errors. (MFSA 2010-47)"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-34/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-38/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-39/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-40/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-41/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-42/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-43/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-44/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-46/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2010-47/"); script_set_attribute(attribute:"solution", value:"Upgrade to Thunderbird 3.1.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(94); script_set_attribute(attribute:"vuln_publication_date", value:"2009/10/23"); # (MFSA 2010-46) script_set_attribute(attribute:"patch_publication_date", value:"2010/07/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/21"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Thunderbird/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item_or_exit("SMB/transport"); installs = get_kb_list("SMB/Mozilla/Thunderbird/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Thunderbird"); mozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'3.1.1', min:'3.1.0', severity:SECURITY_HOLE);NASL family Scientific Linux Local Security Checks NASL id SL_20100720_FIREFOX_ON_SL4_X.NASL description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212, CVE-2010-1214, CVE-2010-1215, CVE-2010-2752, CVE-2010-2753) A memory corruption flaw was found in the way Firefox decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1205) Several same-origin policy bypass flaws were found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with Firefox. (CVE-2010-0654, CVE-2010-1207, CVE-2010-1213, CVE-2010-2754) A flaw was found in the way Firefox presented the location bar to a user. A malicious website could trick a user into thinking they are visiting the site reported by the location bar, when the page is actually content controlled by an attacker. (CVE-2010-1206) A flaw was found in the way Firefox displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) A flaw was found in the way Firefox displayed certain malformed characters. A malicious web page could use this flaw to bypass certain string sanitization methods, allowing it to display malicious information to users. (CVE-2010-1210) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.7. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60818 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60818 title Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_11_3_MOZILLATHUNDERBIRD-100721.NASL description This update brings Mozilla Thunderbird to the 3.0.6 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. MFSA 2010-39 / CVE-2010-2752: Security researcher J23 reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 75658 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75658 title openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2010:0430-2) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-957-1.NASL description Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212) An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1214) A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. (CVE-2010-1215) An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752) An integer overflow was discovered in how Firefox interpreted the XUL <tree> element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753) Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205) Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-1213, CVE-2010-1207) O. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-1210) Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no content) code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-1206) Jordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-2751) Chris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0654) Soroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47826 published 2010-07-26 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47826 title Ubuntu 8.04 LTS / 10.04 LTS : firefox, firefox-3.0, xulrunner-1.9.2 vulnerabilities (USN-957-1) NASL family SuSE Local Security Checks NASL id SUSE_11_3_MOZILLA-XULRUNNER191-100722.NASL description This update brings Mozilla XULRunner to the 1.9.1.11 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. MFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 75669 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/75669 title openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-2779) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-169.NASL description Multiple vulnerabilities has been found and corrected in mozilla-thunderbird : dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script last seen 2020-06-01 modified 2020-06-02 plugin id 49099 published 2010-09-03 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49099 title Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:169) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-930-4.NASL description USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides the corresponding updates for Ubuntu 9.04 and 9.10, along with additional updates affecting Firefox 3.6.6. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212) An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1214) A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. (CVE-2010-1215) An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752) An integer overflow was discovered in how Firefox interpreted the XUL <tree> element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753) Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205) Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-1213, CVE-2010-1207) O. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-1210) Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no content) code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-1206) Jordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-2751) Chris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0654) Soroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754) If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1121) Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203) A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1198) An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1196) Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199) Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. (CVE-2010-1125) Ilja van Sprundel discovered that the last seen 2020-06-01 modified 2020-06-02 plugin id 47824 published 2010-07-26 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47824 title Ubuntu 9.04 / 9.10 : firefox-3.0, firefox-3.5, xulrunner-1.9.2 vulnerabilities (USN-930-4) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-957-2.NASL description USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. (CVE-2010-2755) This update fixes the problem. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212) An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1214) A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. (CVE-2010-1215) An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752) An integer overflow was discovered in how Firefox interpreted the XUL <tree> element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753) Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205) Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-1213, CVE-2010-1207) O. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-1210) Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no content) code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-1206) Jordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-2751) Chris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0654) Soroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47856 published 2010-07-27 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47856 title Ubuntu 8.04 LTS / 10.04 LTS : firefox, firefox-3.0, xulrunner-1.9.2 vulnerability (USN-957-2) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0547.NASL description From Red Hat Security Advisory 2010:0547 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212, CVE-2010-1214, CVE-2010-1215, CVE-2010-2752, CVE-2010-2753) A memory corruption flaw was found in the way Firefox decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1205) Several same-origin policy bypass flaws were found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with Firefox. (CVE-2010-0654, CVE-2010-1207, CVE-2010-1213, CVE-2010-2754) A flaw was found in the way Firefox presented the location bar to a user. A malicious website could trick a user into thinking they are visiting the site reported by the location bar, when the page is actually content controlled by an attacker. (CVE-2010-1206) A flaw was found in the way Firefox displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) A flaw was found in the way Firefox displayed certain malformed characters. A malicious web page could use this flaw to bypass certain string sanitization methods, allowing it to display malicious information to users. (CVE-2010-1210) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.7. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.7, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68068 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68068 title Oracle Linux 4 / 5 : firefox (ELSA-2010-0547) NASL family Fedora Local Security Checks NASL id FEDORA_2010-11345.NASL description Update to new upstream Firefox version 3.6.7, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox36.html#firefox3.6.7 Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. CVE-2010-1211 CVE-2010-1212 CVE-2010-1208 CVE-2010-1209 CVE-2010-1214 CVE-2010-1215 CVE-2010-2752 CVE-2010-2753 CVE-2010-1205 CVE-2010-1213 CVE-2010-1207 CVE-2010-1210 CVE-2010-1206 CVE-2010-2751 CVE-2010-0654 CVE-2010-2754 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47809 published 2010-07-23 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47809 title Fedora 13 : firefox-3.6.7-1.fc13 / galeon-2.0.7-30.fc13 / gnome-python2-extras-2.25.3-20.fc13 / etc (2010-11345) NASL family Fedora Local Security Checks NASL id FEDORA_2010-11361.NASL description Update to new upstream Thunderbird version 3.0.6, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security /known-vulnerabilities/thunderbird30.html#thunderbird3.0.5 http://www.mozilla.org/security/known- vulnerabilities/thunderbird30.html#thunderbird3.0.6 Update also includes sunbird package rebuilt against new version of Thunderbird. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47810 published 2010-07-23 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47810 title Fedora 12 : sunbird-1.0-0.23.20090916hg.fc12 / thunderbird-3.0.6-1.fc12 (2010-11361) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0546.NASL description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1211, CVE-2010-2753, CVE-2010-1214) A memory corruption flaw was found in the way SeaMonkey decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1205) A same-origin policy bypass flaw was found in SeaMonkey. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with SeaMonkey. (CVE-2010-2754) A flaw was found in the way SeaMonkey displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 48342 published 2010-08-17 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48342 title CentOS 3 : seamonkey (CESA-2010:0546) NASL family SuSE Local Security Checks NASL id SUSE_11_MOZILLAFIREFOX-100722.NASL description This update brings Mozilla Firefox to the 3.5.11 security release. It fixes following security issues : - Several memory safety bugs in habe been identified in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs show evidence of memory corruption under certain circumstances, and it is presumed that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-34 / CVE-2010-1211) - An error in the DOM attribute cloning routine has been reported, where under certain circumstances an event attribute node can be deleted while another object still contains a reference to it. This reference could subsequently be accessed, potentially causing the execution of attacker controlled memory. (MFSA 2010-35 / CVE-2010-1208) - An error in Mozilla last seen 2020-06-01 modified 2020-06-02 plugin id 50874 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50874 title SuSE 11 / 11.1 Security Update : Mozilla Firefox (SAT Patch Numbers 2780 / 2781) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-958-1.NASL description Several flaws were discovered in the browser engine of Thunderbird. If a user were tricked into viewing malicious content, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-1211, CVE-2010-1212) An integer overflow was discovered in how Thunderbird processed CSS values. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752) An integer overflow was discovered in how Thunderbird interpreted the XUL element. If a user were tricked into viewing malicious content, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753) Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205) Yosuke Hasegawa discovered that the same-origin check in Thunderbird could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing malicious content, an attacker could exploit this to read data from other domains. (CVE-2010-1213) Chris Evans discovered that Thunderbird did not properly process improper CSS selectors. If a user were tricked into viewing malicious content, an attacker could exploit this to read data from other domains. (CVE-2010-0654) Soroush Dalili discovered that Thunderbird did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47857 published 2010-07-27 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47857 title Ubuntu 10.04 LTS : thunderbird vulnerabilities (USN-958-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0547.NASL description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212, CVE-2010-1214, CVE-2010-1215, CVE-2010-2752, CVE-2010-2753) A memory corruption flaw was found in the way Firefox decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1205) Several same-origin policy bypass flaws were found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with Firefox. (CVE-2010-0654, CVE-2010-1207, CVE-2010-1213, CVE-2010-2754) A flaw was found in the way Firefox presented the location bar to a user. A malicious website could trick a user into thinking they are visiting the site reported by the location bar, when the page is actually content controlled by an attacker. (CVE-2010-1206) A flaw was found in the way Firefox displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) A flaw was found in the way Firefox displayed certain malformed characters. A malicious web page could use this flaw to bypass certain string sanitization methods, allowing it to display malicious information to users. (CVE-2010-1210) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.7. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.7, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 47806 published 2010-07-23 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47806 title CentOS 4 / 5 : firefox (CESA-2010:0547) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0547.NASL description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212, CVE-2010-1214, CVE-2010-1215, CVE-2010-2752, CVE-2010-2753) A memory corruption flaw was found in the way Firefox decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1205) Several same-origin policy bypass flaws were found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with Firefox. (CVE-2010-0654, CVE-2010-1207, CVE-2010-1213, CVE-2010-2754) A flaw was found in the way Firefox presented the location bar to a user. A malicious website could trick a user into thinking they are visiting the site reported by the location bar, when the page is actually content controlled by an attacker. (CVE-2010-1206) A flaw was found in the way Firefox displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) A flaw was found in the way Firefox displayed certain malformed characters. A malicious web page could use this flaw to bypass certain string sanitization methods, allowing it to display malicious information to users. (CVE-2010-1210) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.7. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.7, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 47881 published 2010-07-28 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47881 title RHEL 4 / 5 : firefox (RHSA-2010:0547) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0545.NASL description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A memory corruption flaw was found in the way Thunderbird decoded certain PNG images. An attacker could create a mail message containing a specially crafted PNG image that, when opened, could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1205) Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753) An integer overflow flaw was found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1199) Several use-after-free flaws were found in Thunderbird. Viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in the way Thunderbird plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1198) A flaw was found in the way Thunderbird handled the last seen 2020-06-01 modified 2020-06-02 plugin id 63939 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63939 title RHEL 5 : thunderbird (RHSA-2010:0545) NASL family SuSE Local Security Checks NASL id SUSE_11_2_MOZILLAFIREFOX-100722.NASL description This update brings Mozilla Firefox to the 3.5.11 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. MFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 47907 published 2010-07-30 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47907 title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0430-3) NASL family Windows NASL id SEAMONKEY_206.NASL description The installed version of SeaMonkey is earlier than 2.0.6. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could result in memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-34) - An error in DOM attribute cloning could result in arbitrary code execution. (MFSA 2010-35) - An error in Mozilla last seen 2020-06-01 modified 2020-06-02 plugin id 47785 published 2010-07-21 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47785 title SeaMonkey < 2.0.6 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_2_MOZILLATHUNDERBIRD-100721.NASL description This update brings Mozilla Thunderbird to the 3.0.6 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. MFSA 2010-39 / CVE-2010-2752: Security researcher J23 reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 47868 published 2010-07-28 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47868 title openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2010:0430-2) NASL family SuSE Local Security Checks NASL id SUSE_11_2_SEAMONKEY-100721.NASL description This update brings Mozilla SeaMonkey to the 2.0.6 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. MFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 47854 published 2010-07-27 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47854 title openSUSE Security Update : seamonkey (openSUSE-SU-2010:0430-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0544.NASL description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753) An integer overflow flaw was found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1199) Several use-after-free flaws were found in Thunderbird. Viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in the way Thunderbird plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1198) A flaw was found in the way Thunderbird handled the last seen 2020-06-01 modified 2020-06-02 plugin id 47879 published 2010-07-28 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47879 title RHEL 4 : thunderbird (RHSA-2010:0544) NASL family Fedora Local Security Checks NASL id FEDORA_2010-11363.NASL description Update to new upstream SeaMonkey version 2.0.6, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/seamonkey20.html#seamonkey2.0.6 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47811 published 2010-07-23 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47811 title Fedora 12 : seamonkey-2.0.6-1.fc12 (2010-11363) NASL family Windows NASL id MOZILLA_FIREFOX_3511.NASL description The installed version of Firefox is earlier than 3.5.11. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could result in memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-34) - An error in DOM attribute cloning could result in arbitrary code execution. (MFSA 2010-35) - An error in Mozilla last seen 2020-06-01 modified 2020-06-02 plugin id 47781 published 2010-07-22 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47781 title Firefox < 3.5.11 Multiple Vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0544.NASL description From Red Hat Security Advisory 2010:0544 : An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753) An integer overflow flaw was found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1199) Several use-after-free flaws were found in Thunderbird. Viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in the way Thunderbird plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1198) A flaw was found in the way Thunderbird handled the last seen 2020-06-01 modified 2020-06-02 plugin id 68066 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68066 title Oracle Linux 4 : thunderbird (ELSA-2010-0544) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0546.NASL description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1211, CVE-2010-2753, CVE-2010-1214) A memory corruption flaw was found in the way SeaMonkey decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1205) A same-origin policy bypass flaw was found in SeaMonkey. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with SeaMonkey. (CVE-2010-2754) A flaw was found in the way SeaMonkey displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 47880 published 2010-07-28 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47880 title RHEL 3 / 4 : seamonkey (RHSA-2010:0546) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0545.NASL description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A memory corruption flaw was found in the way Thunderbird decoded certain PNG images. An attacker could create a mail message containing a specially crafted PNG image that, when opened, could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1205) Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753) An integer overflow flaw was found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1199) Several use-after-free flaws were found in Thunderbird. Viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in the way Thunderbird plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1198) A flaw was found in the way Thunderbird handled the last seen 2020-06-01 modified 2020-06-02 plugin id 47805 published 2010-07-23 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47805 title CentOS 5 : thunderbird (CESA-2010:0545) NASL family Scientific Linux Local Security Checks NASL id SL_20100720_THUNDERBIRD_ON_SL4_X.NASL description Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753) An integer overflow flaw was found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1199) Several use-after-free flaws were found in Thunderbird. Viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in the way Thunderbird plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1198) A flaw was found in the way Thunderbird handled the last seen 2020-06-01 modified 2020-06-02 plugin id 60821 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60821 title Scientific Linux Security Update : thunderbird on SL4.x i386/x86_64 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2075.NASL description Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0182 Wladimir Palant discovered that security checks in XML processing were insufficiently enforced. - CVE-2010-0654 Chris Evans discovered that insecure CSS handling could lead to reading data across domain boundaries. - CVE-2010-1205 Aki Helin discovered a buffer overflow in the internal copy of libpng, which could lead to the execution of arbitrary code. - CVE-2010-1208 last seen 2020-06-01 modified 2020-06-02 plugin id 47889 published 2010-07-29 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47889 title Debian DSA-2075-1 : xulrunner - several vulnerabilities NASL family Scientific Linux Local Security Checks NASL id SL_20100720_SEAMONKEY_ON_SL3_X.NASL description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1211, CVE-2010-2753, CVE-2010-1214) A memory corruption flaw was found in the way SeaMonkey decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1205) A same-origin policy bypass flaw was found in SeaMonkey. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with SeaMonkey. (CVE-2010-2754) A flaw was found in the way SeaMonkey displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) SeaMonkey must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60820 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60820 title Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64 NASL family Fedora Local Security Checks NASL id FEDORA_2010-11375.NASL description Update to new upstream Firefox version 3.5.11, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox35.html#firefox3.5.11 Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner. CVE-2010-1211 CVE-2010-1208 CVE-2010-1209 CVE-2010-1214 CVE-2010-2752 CVE-2010-2753 CVE-2010-1205 CVE-2010-1213 CVE-2010-1206 CVE-2010-2751 CVE-2010-0654 CVE-2010-2754 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47812 published 2010-07-23 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47812 title Fedora 12 : firefox-3.5.11-1.fc12 / galeon-2.0.7-24.fc12 / gnome-python2-extras-2.25.3-19.fc12 / etc (2010-11375) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-7101.NASL description This update brings Mozilla Firefox to the 3.5.11 security release. It fixes following security issues : - Several memory safety bugs in habe been identified in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs show evidence of memory corruption under certain circumstances, and it is presumed that with enough effort at least some of these could be exploited to run arbitrary code. . (MFSA 2010-34 / CVE-2010-1211) - An error in the DOM attribute cloning routine has been reported, where under certain circumstances an event attribute node can be deleted while another object still contains a reference to it. This reference could subsequently be accessed, potentially causing the execution of attacker controlled memory. . (MFSA 2010-35 / CVE-2010-1208) - An error in Mozilla last seen 2020-06-01 modified 2020-06-02 plugin id 49894 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49894 title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7101) NASL family Scientific Linux Local Security Checks NASL id SL_20100720_THUNDERBIRD_ON_SL5_X.NASL description A memory corruption flaw was found in the way Thunderbird decoded certain PNG images. An attacker could create a mail message containing a specially crafted PNG image that, when opened, could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1205) Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753) An integer overflow flaw was found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1199) Several use-after-free flaws were found in Thunderbird. Viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in the way Thunderbird plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1198) A flaw was found in the way Thunderbird handled the last seen 2020-06-01 modified 2020-06-02 plugin id 60822 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60822 title Scientific Linux Security Update : thunderbird on SL5.x i386/x86_64 NASL family Fedora Local Security Checks NASL id FEDORA_2010-11327.NASL description Update to new upstream SeaMonkey version 2.0.6, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/seamonkey20.html#seamonkey2.0.6 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47807 published 2010-07-23 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47807 title Fedora 13 : seamonkey-2.0.6-1.fc13 (2010-11327) NASL family Windows NASL id MOZILLA_THUNDERBIRD_306.NASL description The installed version of Thunderbird is earlier than 3.0.6. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could result in memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-34) - The array class used to store CSS values is affected by an integer overflow vulnerability. (MFSA 2010-39) - An integer overflow vulnerability exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 47783 published 2010-07-21 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47783 title Mozilla Thunderbird < 3.0.6 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_3_SEAMONKEY-100721.NASL description This update brings Mozilla SeaMonkey to the 2.0.6 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. MFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 75731 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75731 title openSUSE Security Update : seamonkey (openSUSE-SU-2010:0430-1) NASL family SuSE Local Security Checks NASL id SUSE_11_3_MOZILLAFIREFOX-100727.NASL description This update brings Mozilla Firefox to the 3.6.8 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211 / CVE-2010-1212: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 75646 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/75646 title openSUSE Security Update : MozillaFirefox (MozillaFirefox-2807) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201301-01.NASL description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 63402 published 2013-01-08 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63402 title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) NASL family Fedora Local Security Checks NASL id FEDORA_2010-11379.NASL description Update to new upstream Thunderbird version 3.1.1, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/announce/ Update also includes sunbird package rebuilt against new version of Thunderbird. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47813 published 2010-07-23 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47813 title Fedora 13 : sunbird-1.0-0.26.b2pre.fc13 / thunderbird-3.1.1-1.fc13 (2010-11379) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0546.NASL description From Red Hat Security Advisory 2010:0546 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1211, CVE-2010-2753, CVE-2010-1214) A memory corruption flaw was found in the way SeaMonkey decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1205) A same-origin policy bypass flaw was found in SeaMonkey. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with SeaMonkey. (CVE-2010-2754) A flaw was found in the way SeaMonkey displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68067 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68067 title Oracle Linux 3 / 4 : seamonkey (ELSA-2010-0546) NASL family SuSE Local Security Checks NASL id SUSE_11_1_MOZILLAFIREFOX-100722.NASL description This update brings Mozilla Firefox to the 3.5.11 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. MFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported via TippingPoint last seen 2020-06-01 modified 2020-06-02 plugin id 47906 published 2010-07-30 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47906 title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0430-3) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0544.NASL description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753) An integer overflow flaw was found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1199) Several use-after-free flaws were found in Thunderbird. Viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in the way Thunderbird plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1198) A flaw was found in the way Thunderbird handled the last seen 2020-06-01 modified 2020-06-02 plugin id 48266 published 2010-08-09 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48266 title CentOS 4 : thunderbird (CESA-2010:0544)
Oval
| accepted | 2014-10-06T04:00:21.979-04:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| description | dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:11770 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| submitted | 2010-07-21T17:30:00.000-05:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| title | Mozilla Firefox, Thunderbird, and SeaMonkey Cross-origin data leakage from script filename in error messages | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| version | 41 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 41860 CVE ID: CVE-2010-2754 Firefox是一款流行的开源WEB浏览器。 Firefox中的脚本出错处理方式会显示错误的来源,其中可能包含有敏感信息。假设 http://SampleSite.com/admin.asp 页面使用了以下逻辑: 1- 如果用户没有登录,重新定向到登录页面。 2- 如果用户不是管理员,重新定向到拒绝访问页面。 3- 如果用户为管理员,显示管理员菜单。 攻击者可以使用跨站URL劫持技术确认用户在SampleSite.com所处的状态,并继续执行有针对性的攻击。 Mozilla Firefox 3.6.x Mozilla Firefox 3.5.x Mozilla Thunderbird 3.1.x Mozilla Thunderbird 3.0.x Mozilla SeaMonkey < 2.0.6 厂商补丁: Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.mozilla.org/ RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2010:0546-01)以及相应补丁: RHSA-2010:0546-01:Critical: seamonkey security update 链接:https://www.redhat.com/support/errata/RHSA-2010-0546.html |
| id | SSV:19991 |
| last seen | 2017-11-19 |
| modified | 2010-07-27 |
| published | 2010-07-27 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-19991 |
| title | Mozilla Firefox出错消息脚本文件名信息泄露漏洞 |