Vulnerabilities > CVE-2011-3665 - Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
mozilla
CWE-399
nessus

Summary

Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling.

Vulnerable Configurations

Part Description Count
Application
Mozilla
128

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1343-1.NASL
    descriptionAlexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Thunderbird or execute arbitrary code as the user that invoked Thunderbird. (CVE-2011-3660) Aki Helin discovered a crash in the YARR regular expression library that could be triggered by JavaScript in web content. (CVE-2011-3661) It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. An attacker could potentially exploit this vulnerability to crash Thunderbird. (CVE-2011-3658) Mario Heiderich discovered it was possible to use SVG animation accessKey events to detect key strokes even when JavaScript was disabled. A malicious web page could potentially exploit this to trick a user into interacting with a prompt thinking it came from Thunderbird in a context where the user believed scripting was disabled. (CVE-2011-3663) It was discovered that it was possible to crash Thunderbird when scaling an OGG <video> element to extreme sizes. (CVE-2011-3665). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id57686
    published2012-01-25
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57686
    titleUbuntu 11.10 : thunderbird vulnerabilities (USN-1343-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1343-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57686);
      script_version("1.19");
      script_cvs_date("Date: 2019/09/19 12:54:27");
    
      script_cve_id("CVE-2011-3658", "CVE-2011-3660", "CVE-2011-3661", "CVE-2011-3663", "CVE-2011-3665");
      script_bugtraq_id(51133, 51134, 51135, 51136, 51138);
      script_xref(name:"USN", value:"1343-1");
    
      script_name(english:"Ubuntu 11.10 : thunderbird vulnerabilities (USN-1343-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian
    Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse
    Ruderman, Marcia Knous, and Rober Longson discovered several memory
    safety issues which could possibly be exploited to crash Thunderbird
    or execute arbitrary code as the user that invoked Thunderbird.
    (CVE-2011-3660)
    
    Aki Helin discovered a crash in the YARR regular expression library
    that could be triggered by JavaScript in web content. (CVE-2011-3661)
    
    It was discovered that a flaw in the Mozilla SVG implementation could
    result in an out-of-bounds memory access if SVG elements were removed
    during a DOMAttrModified event handler. An attacker could potentially
    exploit this vulnerability to crash Thunderbird. (CVE-2011-3658)
    
    Mario Heiderich discovered it was possible to use SVG animation
    accessKey events to detect key strokes even when JavaScript was
    disabled. A malicious web page could potentially exploit this to trick
    a user into interacting with a prompt thinking it came from
    Thunderbird in a context where the user believed scripting was
    disabled. (CVE-2011-3663)
    
    It was discovered that it was possible to crash Thunderbird when
    scaling an OGG <video> element to extreme sizes. (CVE-2011-3665).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1343-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected thunderbird package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox nsSVGValue Out-of-Bounds Access Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:thunderbird");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/01/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(11\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 11.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"11.10", pkgname:"thunderbird", pkgver:"9.0+build2-0ubuntu0.11.10.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_MOZILLAFIREFOX-111221.NASL
    descriptionMozilla Firefox Version 9 fixes several security issues : dbg114-MozillaFirefox-5577 MozillaFirefox-5577 new_updateinfo MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards dbg114-MozillaFirefox-5577 MozillaFirefox-5577 new_updateinfo MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library dbg114-MozillaFirefox-5577 MozillaFirefox-5577 new_updateinfo MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access dbg114-MozillaFirefox-5577 MozillaFirefox-5577 new_updateinfo MFSA 2011-56/CVE-2011-3663: Key detection without JavaScript via SVG animation dbg114-MozillaFirefox-5577 MozillaFirefox-5577 new_updateinfo MFSA 2011-58/CVE-2011-3665: Crash scaling <video> to extreme sizes
    last seen2020-06-01
    modified2020-06-02
    plugin id75950
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75950
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:0039-2)
  • NASL familyWindows
    NASL idSEAMONKEY_26.NASL
    descriptionThe installed version of SeaMonkey is earlier than 2.6.0. Such versions are potentially affected by the following security issues : - An out-of-bounds memory access error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id57353
    published2011-12-20
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57353
    titleSeaMonkey < 2.6.0 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_9_0.NASL
    descriptionThe installed version of Thunderbird 8.x is potentially affected by the following security issues : - An out-of-bounds memory access error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id57361
    published2011-12-21
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57361
    titleThunderbird 8.x Multiple Vulnerabilities (Mac OS X)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_9_0.NASL
    descriptionThe installed version of Firefox 8.x is potentially affected by the following security issues : - An out-of-bounds memory access error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id57359
    published2011-12-21
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57359
    titleFirefox 8.x Multiple Vulnerabilities (Mac OS X)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2011-192.NASL
    descriptionSecurity issues were identified and fixed in mozilla firefox and thunderbird : The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements (CVE-2011-3658). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors (CVE-2011-3660). YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript (CVE-2011-3661). Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page by using SVG animation accessKey events within that web page (CVE-2011-3663). Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling (CVE-2011-3665).
    last seen2020-06-01
    modified2020-06-02
    plugin id61940
    published2012-09-06
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61940
    titleMandriva Linux Security Advisory : mozilla (MDVSA-2011:192)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_90.NASL
    descriptionThe installed version of Thunderbird is earlier than 9.0 and thus, is potentially affected by the following security issues : - An out-of-bounds memory access error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id57352
    published2011-12-20
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57352
    titleMozilla Thunderbird < 9.0 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_SEAMONKEY-111221.NASL
    descriptionseamonkey version 2.6 fixes several security issues : dbg114-seamonkey-5574 new_updateinfo seamonkey-5574 MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards dbg114-seamonkey-5574 new_updateinfo seamonkey-5574 MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library dbg114-seamonkey-5574 new_updateinfo seamonkey-5574 MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access dbg114-seamonkey-5574 new_updateinfo seamonkey-5574 MFSA 2011-56/CVE-2011-3663: Key detection without JavaScript via SVG animation dbg114-seamonkey-5574 new_updateinfo seamonkey-5574 MFSA 2011-58/CVE-2011-3665: Crash scaling <video> to extreme sizes
    last seen2020-06-01
    modified2020-06-02
    plugin id76025
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76025
    titleopenSUSE Security Update : seamonkey (openSUSE-SU-2012:0007-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2011-101.NASL
    descriptionMozilla Firefox and Thunderbird version 9 and seamonkey version 2.6 updates fix several security issues : - MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards - MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library - MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access - MFSA 2011-56/CVE-2011-3663: Key detection without JavaScript via SVG animation - MFSA 2011-58/CVE-2011-3665: Crash scaling video elements to extreme sizes
    last seen2020-06-01
    modified2020-06-02
    plugin id74515
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74515
    titleopenSUSE Security Update : MozillaFirefox / MozillaThunderbird / seamonkey / etc (openSUSE-2011-101)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1306-2.NASL
    descriptionUSN-1306-1 fixed vulnerabilities in Firefox. This update provides updated Mozvoikko and ubufox packages for use with Firefox 9. Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Firefox or execute arbitrary code as the user that invoked Firefox. (CVE-2011-3660) Aki Helin discovered a crash in the YARR regular expression library that could be triggered by JavaScript in web content. (CVE-2011-3661) It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. An attacker could potentially exploit this vulnerability to crash Firefox. (CVE-2011-3658) Mario Heiderich discovered it was possible to use SVG animation accessKey events to detect key strokes even when JavaScript was disabled. A malicious web page could potentially exploit this to trick a user into interacting with a prompt thinking it came from the browser in a context where the user believed scripting was disabled. (CVE-2011-3663) It was discovered that it was possible to crash Firefox when scaling an OGG <video> element to extreme sizes. (CVE-2011-3665). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id57458
    published2012-01-09
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57458
    titleUbuntu 11.04 / 11.10 : mozvoikko, ubufox update (USN-1306-2)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_SEAMONKEY-111221.NASL
    descriptionseamonkey version 2.6 fixes several security issues : - MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards - MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library - MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access - MFSA 2011-56/CVE-2011-3663: Key detection without JavaScript via SVG animation - MFSA 2011-58/CVE-2011-3665: Crash scaling <video> to extreme sizes
    last seen2020-06-01
    modified2020-06-02
    plugin id75744
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75744
    titleopenSUSE Security Update : seamonkey (openSUSE-SU-2012:0007-1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_E3FF776B2BA611E193C60011856A6E37.NASL
    descriptionThe Mozilla Project reports : MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0) MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library MFSA 2011-55 nsSVGValue out-of-bounds access MFSA 2011-56 Key detection without JavaScript via SVG animation MFSA 2011-58 Crash scaling video to extreme sizes
    last seen2020-06-01
    modified2020-06-02
    plugin id57355
    published2011-12-21
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57355
    titleFreeBSD : mozilla -- multiple vulnerabilities (e3ff776b-2ba6-11e1-93c6-0011856a6e37)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_90.NASL
    descriptionThe installed version of Firefox is earlier than 9.0 and thus, is potentially affected by the following security issues : - An out-of-bounds memory access error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id57351
    published2011-12-20
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57351
    titleFirefox < 9.0 Multiple Vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201301-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id63402
    published2013-01-08
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63402
    titleGLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1306-1.NASL
    descriptionAlexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Firefox or execute arbitrary code as the user that invoked Firefox. (CVE-2011-3660) Aki Helin discovered a crash in the YARR regular expression library that could be triggered by JavaScript in web content. (CVE-2011-3661) It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. An attacker could potentially exploit this vulnerability to crash Firefox. (CVE-2011-3658) Mario Heiderich discovered it was possible to use SVG animation accessKey events to detect key strokes even when JavaScript was disabled. A malicious web page could potentially exploit this to trick a user into interacting with a prompt thinking it came from the browser in a context where the user believed scripting was disabled. (CVE-2011-3663) It was discovered that it was possible to crash Firefox when scaling an OGG <video> element to extreme sizes. (CVE-2011-3665). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id57457
    published2012-01-09
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57457
    titleUbuntu 11.04 / 11.10 : firefox vulnerabilities (USN-1306-1)

Oval

accepted2014-10-06T04:01:36.505-04:00
classvulnerability
contributors
  • nameScott Quint
    organizationDTCC
  • nameScott Quint
    organizationDTCC
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameRichard Helbing
    organizationbaramundi software
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
definition_extensions
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Seamonkey is installed
    ovaloval:org.mitre.oval:def:6372
  • commentMozilla Seamonkey is installed
    ovaloval:org.mitre.oval:def:6372
descriptionMozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling.
familywindows
idoval:org.mitre.oval:def:14640
statusaccepted
submitted2011-12-30T14:36:33.000-05:00
titleMozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling.
version38