Vulnerabilities > CVE-2011-2986 - Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
mozilla
CWE-200
nessus
NVD
Published: 2011-08-18
Updated: 2017-09-19

Summary

Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas.

Vulnerable Configurations

Part Description Count
Application
Mozilla
208

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_MOZILLAFIREFOX-110819.NASL
    descriptionMozilla Firefox was updated to version 6. It brings new features, fixes bugs and security issues. Following security issues were fixed: http://www.mozilla.org/security/announce/2011/mfsa2011-29.html Mozilla Foundation Security Advisory 2011-29 (MFSA 2011-29) dbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo Miscellaneous memory safety hazards: Mozilla identified and fixed several memory safety bugs in the browser engine used in Firefox 4, Firefox 5 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Aral Yaman reported a WebGL crash which affected Firefox 4 and Firefox 5. (CVE-2011-2989) Vivekanand Bolajwar reported a JavaScript crash which affected Firefox 4 and Firefox 5. (CVE-2011-2991) Bert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg reader which affected Firefox 4 and Firefox 5. (CVE-2011-2992) Mozilla developers and community members Robert Kaiser, Jesse Ruderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn Wargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory safety issues which affected Firefox 4 and Firefox 5. (CVE-2011-2985) dbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo Unsigned scripts can call script inside signed JAR Rafael Gieschke reported that unsigned JavaScript could call into script inside a signed JAR thereby inheriting the identity of the site that signed the JAR as well as any permissions that a user had granted the signed JAR. (CVE-2011-2993) dbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo String crash using WebGL shaders Michael Jordon of Context IS reported that an overly long shader program could cause a buffer overrun and crash in a string class used to store the shader source code. (CVE-2011-2988) dbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo Heap overflow in ANGLE library Michael Jordon of Context IS reported a potentially exploitable heap overflow in the ANGLE library used by Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id75945
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75945
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:0957-2)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update MozillaFirefox-5020.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(75945);
  script_version("1.6");
  script_cvs_date("Date: 2019/10/25 13:36:41");

  script_cve_id("CVE-2011-0084", "CVE-2011-2985", "CVE-2011-2986", "CVE-2011-2987", "CVE-2011-2988", "CVE-2011-2989", "CVE-2011-2990", "CVE-2011-2991", "CVE-2011-2992", "CVE-2011-2993");

  script_name(english:"openSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:0957-2)");
  script_summary(english:"Check for the MozillaFirefox-5020 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Mozilla Firefox was updated to version 6.

It brings new features, fixes bugs and security issues. Following
security issues were fixed:
http://www.mozilla.org/security/announce/2011/mfsa2011-29.html Mozilla
Foundation Security Advisory 2011-29 (MFSA 2011-29)

dbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo
Miscellaneous memory safety hazards: Mozilla identified and fixed
several memory safety bugs in the browser engine used in Firefox 4,
Firefox 5 and other Mozilla-based products. Some of these bugs showed
evidence of memory corruption under certain circumstances, and we
presume that with enough effort at least some of these could be
exploited to run arbitrary code.

Aral Yaman reported a WebGL crash which affected Firefox 4 and Firefox
5. (CVE-2011-2989)

Vivekanand Bolajwar reported a JavaScript crash which affected Firefox
4 and Firefox 5. (CVE-2011-2991)

Bert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg
reader which affected Firefox 4 and Firefox 5. (CVE-2011-2992)

Mozilla developers and community members Robert Kaiser, Jesse
Ruderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn
Wargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory
safety issues which affected Firefox 4 and Firefox 5. (CVE-2011-2985)

dbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo Unsigned
scripts can call script inside signed JAR Rafael Gieschke reported
that unsigned JavaScript could call into script inside a signed JAR
thereby inheriting the identity of the site that signed the JAR as
well as any permissions that a user had granted the signed JAR.
(CVE-2011-2993)

dbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo String
crash using WebGL shaders Michael Jordon of Context IS reported that
an overly long shader program could cause a buffer overrun and crash
in a string class used to store the shader source code.
(CVE-2011-2988)

dbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo Heap
overflow in ANGLE library Michael Jordon of Context IS reported a
potentially exploitable heap overflow in the ANGLE library used by
Mozilla's WebGL implementation. (CVE-2011-2987)

dbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo Crash in
SVGTextElement.getCharNumAtPosition() Security researcher regenrecht
reported via TippingPoint's Zero Day Initiative that a SVG text
manipulation routine contained a dangling pointer vulnerability.
(CVE-2011-0084)

dbg114-MozillaFirefox-5020 MozillaFirefox-5020 new_updateinfo
Credential leakage using Content Security Policy reports Mike Cardwell
reported that Content Security Policy violation reports failed to
strip out proxy authorization credentials from the list of request
headers. Daniel Veditz reported that redirecting to a website with
Content Security Policy resulted in the incorrect resolution of hosts
in the constructed policy. (CVE-2011-2990) dbg114-MozillaFirefox-5020
MozillaFirefox-5020 new_updateinfo Cross-origin data theft using
canvas and Windows D2D nasalislarvatus3000 reported that when using
Windows D2D hardware acceleration, image data from one domain could be
inserted into a canvas and read by a different domain. (CVE-2011-2986)"
  );
  # http://www.mozilla.org/security/announce/2011/mfsa2011-29.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2011-29/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=712224"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2011-08/msg00043.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected MozillaFirefox packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/08/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.4", reference:"MozillaFirefox-6.0-2.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"MozillaFirefox-branding-upstream-6.0-2.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"MozillaFirefox-buildsymbols-6.0-2.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"MozillaFirefox-debuginfo-6.0-2.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"MozillaFirefox-debugsource-6.0-2.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"MozillaFirefox-devel-6.0-2.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"MozillaFirefox-translations-common-6.0-2.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"MozillaFirefox-translations-other-6.0-2.2.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox");
}
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_60.NASL
    descriptionThe installed version of Firefox is earlier than 6.0 and thus, is potentially affected by the following security issues : - A dangling pointer vulnerability exists in an SVG text manipulation routine. (CVE-2011-0084) - Several memory safety bugs exist in the browser engine that may permit remote code execution. (CVE-2011-2985, CVE-2011-2989, CVE-2011-2991, CVE-2011-2992) - A cross-origin data theft vulnerability exists when using canvas and Windows D2D hardware acceleration. (CVE-2011-2986) - A heap overflow vulnerability exists in WebGL
    last seen2020-06-01
    modified2020-06-02
    plugin id55902
    published2011-08-18
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55902
    titleFirefox < 6.0 Multiple Vulnerabilities
  • NASL familyWindows
    NASL idSEAMONKEY_23.NASL
    descriptionThe installed version of SeaMonkey is earlier than 2.3.0. Such versions are potentially affected by the following security issues : - An error in SVG text manipulation code creates a dangling pointer vulnerability. (CVE-2011-0084) - Multiple, unspecified memory safety issues exist. (CVE-2011-2985) - An error in the D2D hardware acceleration code can allow image data from one domain to be read by another domain. (CVE-2011-2986) - An error in the ANGLE library used by the WebGL implementation can allow heap overflows, possibly leading to code execution. (CVE-2011-2987) - An error in the shader program handling code can allow a large shader program to overflow a buffer and crash. (CVE-2011-2988) - An unspecified error exists related to WebGL. (CVE-2011-2989) - Two errors exist related to Content Security Policy and can lead to information disclosure. (CVE-2011-2990) - An unspecified error exists that can allow JavaScript crashes. (CVE-2011-2991) - An unspecified error exists that can allow the Ogg reader to crash. (CVE-2011-2992) - An unspecified error exists that can allow unsigned JavaScript to call into a signed JAR and inherit the signed JAR
    last seen2020-06-01
    modified2020-06-02
    plugin id55885
    published2011-08-17
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55885
    titleSeaMonkey < 2.3.0 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-254.NASL
    descriptionChanges in xulrunner : - update to 12.0 (bnc#758408) - rebased patches - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - added mozilla-libnotify.patch to allow fallback from libnotify to xul based events if no notification-daemon is running - gcc 4.7 fixes - mozilla-gcc47.patch - disabled crashreporter temporarily for Factory Changes in MozillaFirefox : - update to Firefox 12.0 (bnc#758408) - rebased patches - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - added mozilla-libnotify.patch to allow fallback from libnotify to xul based events if no notification-daemon is running - gcc 4.7 fixes - mozilla-gcc47.patch - disabled crashreporter temporarily for Factory - recommend libcanberra0 for proper sound notifications Changes in MozillaThunderbird : - update to Thunderbird 12.0 (bnc#758408) - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - update Enigmail to 1.4.1 - added mozilla-revert_621446.patch - added mozilla-libnotify.patch (bmo#737646) - added mailnew-showalert.patch (bmo#739146) - added mozilla-gcc47.patch and mailnews-literals.patch to fix compilation issues with recent gcc 4.7 - disabled crashreporter temporarily for Factory (gcc 4.7 issue) Changes in seamonkey : - update to SeaMonkey 2.9 (bnc#758408) - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - update to 2.9b4 - added mozilla-sle11.patch and add exceptions to be able to build for SLE11/11.1 - exclude broken gl locale from build - fixed build on 11.2-x86_64 by adding mozilla-revert_621446.patch - added mozilla-gcc47.patch and mailnews-literals.patch to fix compilation issues with recent gcc 4.7
    last seen2020-06-05
    modified2014-06-13
    plugin id74612
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74612
    titleopenSUSE Security Update : MozillaFirefox / MozillaThunderbird / seamonkey / etc (openSUSE-SU-2012:0567-1)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_80.NASL
    descriptionThe installed version of Thunderbird is earlier than 8.0 and thus, is potentially affected by the following security issues : - Certain invalid sequences are not handled properly in
    last seen2020-06-01
    modified2020-06-02
    plugin id56753
    published2011-11-09
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56753
    titleMozilla Thunderbird < 8.0 Multiple Vulnerabilities
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_60.NASL
    descriptionThe installed version of Thunderbird is earlier than 6.0 and thus, is potentially affected by the following security issues : - Several memory safety bugs exist in the browser engine that may permit remote code execution. (CVE-2011-2985, CVE-2011-2989, CVE-2011-2991, CVE-2011-2992) - A dangling pointer vulnerability exists in an SVG text manipulation routine. (CVE-2011-0084) - A buffer overflow vulnerability exists in WebGL when using an overly long shader program. (CVE-2011-2988) - A heap overflow vulnerability exists in WebGL
    last seen2020-06-01
    modified2020-06-02
    plugin id55887
    published2011-08-17
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55887
    titleMozilla Thunderbird < 6.0 Multiple Vulnerabilities
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_80.NASL
    descriptionThe installed version of Firefox is earlier than 8.0 and thus, is potentially affected by the following security issues : - Certain invalid sequences are not handled properly in
    last seen2020-06-01
    modified2020-06-02
    plugin id56751
    published2011-11-09
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56751
    titleFirefox < 8.0 Multiple Vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_834591A9C82F11E0897D6C626DD55A41.NASL
    descriptionThe Mozilla Project reports : MFSA 2011-29 Security issues addressed in Firefox 6 MFSA 2011-28 Security issues addressed in Firefox 3.6.20
    last seen2020-06-01
    modified2020-06-02
    plugin id55878
    published2011-08-17
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55878
    titleFreeBSD : mozilla -- multiple vulnerabilities (834591a9-c82f-11e0-897d-6c626dd55a41)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201301-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id63402
    published2013-01-08
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63402
    titleGLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_SEAMONKEY-110819.NASL
    descriptionMozilla SeaMonkey suite was updated to version 2.3. The update fixes bugs and security issues. Following security issues were fixed: http://www.mozilla.org/security/announce/2011/mfsa2011-33.html Mozilla Foundation Security Advisory 2011-33 (MFSA 2011-33) Mozilla Foundation Security Advisory 2011-33 dbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Miscellaneous memory safety hazards (rv:4.0) Mozilla identified and fixed several memory safety bugs in the browser engine used in SeaMonkey 2.2 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Aral Yaman reported a WebGL crash which affected SeaMonkey 2.2. (CVE-2011-2989) Vivekanand Bolajwar reported a JavaScript crash which affected SeaMonkey 2.2. (CVE-2011-2991) Bert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg reader which affected SeaMonkey 2.2. (CVE-2011-2992) Mozilla developers and community members Robert Kaiser, Jesse Ruderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn Wargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory safety issues which affected SeaMonkey 2.2. (CVE-2011-2985) dbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Unsigned scripts can call script inside signed JAR Rafael Gieschke reported that unsigned JavaScript could call into script inside a signed JAR thereby inheriting the identity of the site that signed the JAR as well as any permissions that a user had granted the signed JAR. (CVE-2011-2993) dbg114-seamonkey-5024 new_updateinfo seamonkey-5024 String crash using WebGL shaders Michael Jordon of Context IS reported that an overly long shader program could cause a buffer overrun and crash in a string class used to store the shader source code. (CVE-2011-2988) dbg114-seamonkey-5024 new_updateinfo seamonkey-5024 Heap overflow in ANGLE library Michael Jordon of Context IS reported a potentially exploitable heap overflow in the ANGLE library used by Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id76020
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76020
    titleopenSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_SEAMONKEY-110819.NASL
    descriptionMozilla SeaMonkey suite was updated to version 2.3. The update fixes bugs and security issues. Following security issues were fixed: http://www.mozilla.org/security/announce/2011/mfsa2011-33.html Mozilla Foundation Security Advisory 2011-33 (MFSA 2011-33) Mozilla Foundation Security Advisory 2011-33 - Miscellaneous memory safety hazards (rv:4.0) Mozilla identified and fixed several memory safety bugs in the browser engine used in SeaMonkey 2.2 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Aral Yaman reported a WebGL crash which affected SeaMonkey 2.2. (CVE-2011-2989) Vivekanand Bolajwar reported a JavaScript crash which affected SeaMonkey 2.2. (CVE-2011-2991) Bert Hubert and Theo Snelleman of Fox-IT reported a crash in the Ogg reader which affected SeaMonkey 2.2. (CVE-2011-2992) Mozilla developers and community members Robert Kaiser, Jesse Ruderman, moz_bug_r_a4, Mardeg, Gary Kwong, Christoph Diehl, Martijn Wargers, Travis Emmitt, Bob Clary and Jonathan Watt reported memory safety issues which affected SeaMonkey 2.2. (CVE-2011-2985) - Unsigned scripts can call script inside signed JAR Rafael Gieschke reported that unsigned JavaScript could call into script inside a signed JAR thereby inheriting the identity of the site that signed the JAR as well as any permissions that a user had granted the signed JAR. (CVE-2011-2993) - String crash using WebGL shaders Michael Jordon of Context IS reported that an overly long shader program could cause a buffer overrun and crash in a string class used to store the shader source code. (CVE-2011-2988) - Heap overflow in ANGLE library Michael Jordon of Context IS reported a potentially exploitable heap overflow in the ANGLE library used by Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id75739
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75739
    titleopenSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)

Oval

accepted2014-10-06T04:01:33.485-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationDTCC
  • nameScott Quint
    organizationDTCC
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameRichard Helbing
    organizationbaramundi software
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
definition_extensions
  • commentMozilla Seamonkey is installed
    ovaloval:org.mitre.oval:def:6372
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Seamonkey is installed
    ovaloval:org.mitre.oval:def:6372
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
descriptionMozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas.
familywindows
idoval:org.mitre.oval:def:14497
statusaccepted
submitted2011-11-25T18:25:52.000-05:00
titleMozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas.
version38

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 49166 CVE ID: CVE-2011-0084,CVE-2011-2978,CVE-2011-2980,CVE-2011-2981,CVE-2011-2982,CVE-2011-2983,CVE-2011-2984,CVE-2011-2985,CVE-2011-2986,CVE-2011-2987,CVE-2011-2988,CVE-2011-2989,CVE-2011-2990,CVE-2011-2991,CVE-2011-2992,CVE-2011-2993 Firefox是一款非常流行的开源WEB浏览器。Thunderbird是一个邮件客户端,支持IMAP、POP邮件协议以及HTML邮件格式。SeaMonkey是开源的Web浏览器、邮件和新闻组客户端、IRC会话客户端和HTML编辑器。 Mozilla Firefox/Thunderbird/SeaMonkey在实现上存在多个漏洞,远程攻击者可利用此漏洞执行任意代码,使受影响应用程序崩溃,获取敏感信息。 Mozilla Thunderbird 3.x Mozilla Thunderbird 2.x 厂商补丁: Mozilla ------- Mozilla已经为此发布了一个安全公告(mfsa2011-29)以及相应补丁: mfsa2011-29:Mozilla Foundation Security Advisory 2011-29 链接:http://www.mozilla.org/security/announce/2011/mfsa2011-29.html
idSSV:20867
last seen2017-11-19
modified2011-08-18
published2011-08-18
reporterRoot
titleMozilla Firefox/Thunderbird/SeaMonkey多个安全漏洞

References