Vulnerabilities > CVE-2012-1937 - Memory Corruption vulnerability in Mozilla Firefox/Thunderbird/SeaMonkey

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
mozilla
critical
nessus

Summary

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Vulnerable Configurations

Part Description Count
Application
Mozilla
175

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_13_0.NASL
    descriptionThe installed version of Firefox is earlier than 13.0 and thus, is potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. (CVE-2012-0441) - Two heap-based buffer overflows and one heap-based use- after-free error exist and are potentially exploitable. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947) - Multiple memory corruption errors exist. (CVE-2012-1937, CVE-2012-1938) - The inline-script blocking feature of the
    last seen2020-06-01
    modified2020-06-02
    plugin id59403
    published2012-06-07
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59403
    titleFirefox < 13.0 Multiple Vulnerabilities (Mac OS X)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(59403);
      script_version("1.15");
      script_cvs_date("Date: 2018/07/14  1:59:35");
    
      script_cve_id(
        "CVE-2012-0441",
        "CVE-2012-1937",
        "CVE-2012-1938",
        "CVE-2012-1940",
        "CVE-2012-1941",
        "CVE-2012-1944",
        "CVE-2012-1946",
        "CVE-2012-1947",
        "CVE-2012-1964"
      );
      script_bugtraq_id(
        53791,
        53792,
        53793,
        53794,
        53796,
        53798,
        53800,
        53801,
        54581
      );
    
      script_name(english:"Firefox < 13.0 Multiple Vulnerabilities (Mac OS X)");
      script_summary(english:"Checks version of Firefox");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote Mac OS X host contains a web browser that is affected by
    multiple vulnerabilities."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The installed version of Firefox is earlier than 13.0 and thus, is
    potentially affected by the following security issues :
    
      - An error exists in the ASN.1 decoder when handling zero
        length items that can lead to application crashes.
        (CVE-2012-0441)
    
      - Two heap-based buffer overflows and one heap-based use-
        after-free error exist and are potentially exploitable.
        (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947)
    
      - Multiple memory corruption errors exist. (CVE-2012-1937,
        CVE-2012-1938)
    
      - The inline-script blocking feature of the 'Content
        Security Policy' (CSP) does not properly block inline
        event handlers. This error allows remote attackers to
        more easily carry out cross-site scripting attacks.
        (CVE-2012-1944)
    
      - A use-after-free error exists related to replacing or
        inserting a node into a web document. (CVE-2012-1946)
    
      - An error exists related to the certificate warning page
        that can allow 'clickjacking' thereby tricking a user
        into accepting unintended certificates. (CVE-2012-1964)"
      );
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-34/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-36/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-38/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-39/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-40/");
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-54/");
    
      script_set_attribute(attribute:"solution", value:"Upgrade to Firefox 13.0 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/06/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/07");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
    
      script_dependencies("macosx_firefox_installed.nasl");
      script_require_keys("MacOSX/Firefox/Installed");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    kb_base = "MacOSX/Firefox";
    get_kb_item_or_exit(kb_base+"/Installed");
    
    version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
    path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);
    
    if (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');
    
    mozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'13.0', skippat:'^10\\.0\\.', severity:SECURITY_HOLE, xss:TRUE);
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-8189.NASL
    descriptionMozillaFirefox has been updated to 10.0.5ESR fixing various bugs and security issues. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2012-34) In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy reported memory safety problems and crashes that affect Firefox 12. (CVE-2012-1938) Christian Holler reported a memory safety problem that affects Firefox ESR. (CVE-2012-1939) Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman reported memory safety problems and crashes that affect Firefox ESR and Firefox 13. (CVE-2012-1937) Ken Russell of Google reported a bug in NVIDIA graphics drivers that they needed to work around in the Chromium WebGL implementation. Mozilla has done the same in Firefox 13 and ESR 10.0.5. (CVE-2011-3101) - Security researcher James Forshaw of Context Information Security found two issues with the Mozilla updater and the Mozilla updater service introduced in Firefox 12 for Windows. The first issue allows Mozilla
    last seen2020-06-05
    modified2012-06-15
    plugin id59520
    published2012-06-15
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59520
    titleSuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8189)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1463-4.NASL
    descriptionUSN-1463-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1937, CVE-2012-1938) It was discovered that Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id59654
    published2012-06-22
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59654
    titleUbuntu 10.04 LTS / 11.10 / 12.04 LTS : thunderbird vulnerabilities (USN-1463-4)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0715.NASL
    descriptionFrom Red Hat Security Advisory 2012:0715 : An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1947) Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers with graphics cards that have hardware acceleration enabled. It was found that the Content Security Policy (CSP) implementation in Thunderbird no longer blocked Thunderbird inline event handlers. Malicious content could possibly bypass intended restrictions if that content relied on CSP to protect against flaws such as cross-site scripting (XSS). (CVE-2012-1944) If a web server hosted content that is stored on a Microsoft Windows share, or a Samba share, loading such content with Thunderbird could result in Windows shortcut files (.lnk) in the same share also being loaded. An attacker could use this flaw to view the contents of local files and directories on the victim
    last seen2020-05-31
    modified2013-07-12
    plugin id68536
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68536
    titleOracle Linux 6 : thunderbird (ELSA-2012-0715)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_1005.NASL
    descriptionThe installed version of Thunderbird 10.0.x is potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. (CVE-2012-0441) - Multiple memory corruption errors exist. (CVE-2012-1937, CVE-2012-1939) - Two heap-based buffer overflows and one heap-based use- after-free error exist and are potentially exploitable. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947) - The inline-script blocking feature of the
    last seen2020-06-01
    modified2020-06-02
    plugin id59410
    published2012-06-07
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59410
    titleMozilla Thunderbird 10.0.x < 10.0.5 Multiple Vulnerabilities
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_1005.NASL
    descriptionThe installed version of Firefox 10.0.x is potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. (CVE-2012-0441) - Multiple memory corruption errors exist. (CVE-2012-1937, CVE-2012-1939) - Two heap-based buffer overflows and one heap-based use- after-free error exist and are potentially exploitable. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947) - The inline-script blocking feature of the
    last seen2020-06-01
    modified2020-06-02
    plugin id59408
    published2012-06-07
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59408
    titleFirefox 10.0.x < 10.0.5 Multiple Vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1463-6.NASL
    descriptionUSN-1463-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1937, CVE-2012-1938) It was discovered that Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id59725
    published2012-06-27
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59725
    titleUbuntu 11.04 : thunderbird vulnerabilities (USN-1463-6)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0715.NASL
    descriptionAn updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1947) Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers with graphics cards that have hardware acceleration enabled. It was found that the Content Security Policy (CSP) implementation in Thunderbird no longer blocked Thunderbird inline event handlers. Malicious content could possibly bypass intended restrictions if that content relied on CSP to protect against flaws such as cross-site scripting (XSS). (CVE-2012-1944) If a web server hosted content that is stored on a Microsoft Windows share, or a Samba share, loading such content with Thunderbird could result in Windows shortcut files (.lnk) in the same share also being loaded. An attacker could use this flaw to view the contents of local files and directories on the victim
    last seen2020-05-31
    modified2012-06-07
    plugin id59392
    published2012-06-07
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59392
    titleRHEL 5 / 6 : thunderbird (RHSA-2012:0715)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_MOZILLAFIREFOX-120611.NASL
    descriptionMozilla Firefox has been updated to 10.0.5ESR fixing various bugs and security issues. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2012-34) In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. References Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy reported memory safety problems and crashes that affect Firefox 12. (CVE-2012-1938) Christian Holler reported a memory safety problem that affects Firefox ESR. (CVE-2012-1939) Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman reported memory safety problems and crashes that affect Firefox ESR and Firefox 13. (CVE-2012-1937) Ken Russell of Google reported a bug in NVIDIA graphics drivers that they needed to work around in the Chromium WebGL implementation. Mozilla has done the same in Firefox 13 and ESR 10.0.5. (CVE-2011-3101) - Security researcher James Forshaw of Context Information Security found two issues with the Mozilla updater and the Mozilla updater service introduced in Firefox 12 for Windows. The first issue allows Mozilla
    last seen2020-06-05
    modified2013-01-25
    plugin id64208
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64208
    titleSuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 6425)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2499.NASL
    descriptionSeveral vulnerabilities have been discovered in Icedove, the Debian version of the Mozilla Thunderbird mail/news client. There were miscellaneous memory safety hazards (CVE-2012-1937, CVE-2012-1939 ) and a use-after-free issue (CVE-2012-1940 ).
    last seen2020-03-17
    modified2012-06-29
    plugin id59777
    published2012-06-29
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59777
    titleDebian DSA-2499-1 : icedove - several vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_13_0.NASL
    descriptionThe installed version of Thunderbird is earlier than 13.0 and thus, is potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. (CVE-2012-0441) - Multiple memory corruption errors exist. (CVE-2012-1937, CVE-2012-1938) - Two heap-based buffer overflows and one heap-based use- after-free error exist and are potentially exploitable. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947) - The inline-script blocking feature of the
    last seen2020-06-01
    modified2020-06-02
    plugin id59405
    published2012-06-07
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59405
    titleThunderbird < 13.0 Multiple Vulnerabilities (Mac OS X)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-088.NASL
    descriptionSecurity issues were identified and fixed in mozilla firefox and thunderbird : Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure (CVE-2012-1947) Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column (CVE-2012-1940). Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns (CVE-2012-1941). Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via document changes involving replacement or insertion of a node (CVE-2012-1946). Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba (CVE-2012-1945). The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document (CVE-2012-1944). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components (CVE-2012-1938). jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted JavaScript code (CVE-2012-1939). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2012-1937). Ken Russell of Google reported a bug in NVIDIA graphics drivers that they needed to work around in the Chromium WebGL implementation. Mozilla has done the same in Firefox 13 and ESR 10.0.5 (CVE-2011-3101). The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response (CVE-2012-0441). NOTE: This flaw was addressed earlier with the MDVA-2012:036 advisory. The mozilla firefox and thunderbird packages has been upgraded to the latest respective versions which is unaffected by these security flaws. Additionally the NSPR and the NSS packages has been upgraded to the latest versions which resolves various upstream bugs.
    last seen2020-06-01
    modified2020-06-02
    plugin id59681
    published2012-06-25
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59681
    titleMandriva Linux Security Advisory : mozilla (MDVSA-2012:088-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0710.NASL
    descriptionUpdated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1947) Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers with graphics cards that have hardware acceleration enabled. It was found that the Content Security Policy (CSP) implementation in Firefox no longer blocked Firefox inline event handlers. A remote attacker could use this flaw to possibly bypass a web application
    last seen2020-06-01
    modified2020-06-02
    plugin id59388
    published2012-06-07
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59388
    titleCentOS 5 / 6 : firefox (CESA-2012:0710)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_130.NASL
    descriptionThe installed version of Thunderbird is earlier than 13.0 and thus, is potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. (CVE-2012-0441) - Multiple memory corruption errors exist. (CVE-2012-1937, CVE-2012-1938) - Two heap-based buffer overflows and one heap-based use- after-free error exist and are potentially exploitable. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947) - Two arbitrary DLL load issues exist related to the application update and update service functionality. (CVE-2012-1942, CVE-2012-1943) - The inline-script blocking feature of the
    last seen2020-06-01
    modified2020-06-02
    plugin id59409
    published2012-06-07
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59409
    titleMozilla Thunderbird < 13.0 Multiple Vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120606_THUNDERBIRD_ON_SL5_X.NASL
    descriptionMozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1947) Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers with graphics cards that have hardware acceleration enabled. It was found that the Content Security Policy (CSP) implementation in Thunderbird no longer blocked Thunderbird inline event handlers. Malicious content could possibly bypass intended restrictions if that content relied on CSP to protect against flaws such as cross-site scripting (XSS). (CVE-2012-1944) If a web server hosted content that is stored on a Microsoft Windows share, or a Samba share, loading such content with Thunderbird could result in Windows shortcut files (.lnk) in the same share also being loaded. An attacker could use this flaw to view the contents of local files and directories on the victim
    last seen2020-03-18
    modified2012-08-01
    plugin id61323
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61323
    titleScientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20120606)
  • NASL familyWindows
    NASL idSEAMONKEY_210.NASL
    descriptionThe installed version of SeaMonkey is earlier than 2.10.0. Such versions are potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. (CVE-2012-0441) - Multiple memory corruption errors exist. (CVE-2012-1937, CVE-2012-1938) - Two heap-based buffer overflows and one heap-based use- after-free error exist and are potentially exploitable. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947) - Two arbitrary DLL load issues exist related to the application update and update service functionality. (CVE-2012-1942, CVE-2012-1943) - The inline-script blocking feature of the
    last seen2020-06-01
    modified2020-06-02
    plugin id59411
    published2012-06-07
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59411
    titleSeaMonkey < 2.10.0 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-333.NASL
    descriptionChanges in MozillaFirefox : - update to Firefox 13.0 (bnc#765204) - MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards - MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass - MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files - MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document - MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer - require NSS 3.13.4 - MFSA 2012-39/CVE-2012-0441 (bmo#715073) - fix sound notifications when filename/path contains a whitespace (bmo#749739) - fix build on arm - reenabled crashreporter for Factory/12.2 (fix in mozilla-gcc47.patch) Changes in MozillaThunderbird : - update to Thunderbird 13.0 (bnc#765204) - MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards - MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass - MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files - MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document - MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer - require NSS 3.13.4 - MFSA 2012-39/CVE-2012-0441 (bmo#715073) - fix build with system NSPR (mozilla-system-nspr.patch) - add dependentlibs.list for improved XRE startup - update enigmail to 1.4.2 - reenabled crashreporter for Factory/12.2 (fix in mozilla-gcc47.patch) - update to Thunderbird 12.0.1 - fix regressions - POP3 filters (bmo#748090) - Message Body not loaded when using
    last seen2020-06-05
    modified2014-06-13
    plugin id74655
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74655
    titleopenSUSE Security Update : MozillaFirefox / MozillaThunderbird / mozilla-nss / etc (openSUSE-SU-2012:0760-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2488.NASL
    descriptionSeveral vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. - CVE-2012-1937 Mozilla developers discovered several memory corruption bugs, which may lead to the execution of arbitrary code. - CVE-2012-1940 Abhishek Arya discovered a use-after-free problem when working with column layout with absolute positioning in a container that changes size, which may lead to the execution of arbitrary code. - CVE-2012-1947 Abhishek Arya discovered a heap buffer overflow in utf16 to latin1 character set conversion, allowing to execute arbitrary code. Note: We
    last seen2020-03-17
    modified2012-06-29
    plugin id59766
    published2012-06-29
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59766
    titleDebian DSA-2488-1 : iceweasel - several vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0715.NASL
    descriptionAn updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1947) Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers with graphics cards that have hardware acceleration enabled. It was found that the Content Security Policy (CSP) implementation in Thunderbird no longer blocked Thunderbird inline event handlers. Malicious content could possibly bypass intended restrictions if that content relied on CSP to protect against flaws such as cross-site scripting (XSS). (CVE-2012-1944) If a web server hosted content that is stored on a Microsoft Windows share, or a Samba share, loading such content with Thunderbird could result in Windows shortcut files (.lnk) in the same share also being loaded. An attacker could use this flaw to view the contents of local files and directories on the victim
    last seen2020-05-31
    modified2012-06-08
    plugin id59412
    published2012-06-08
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59412
    titleCentOS 5 / 6 : thunderbird (CESA-2012:0715)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1463-1.NASL
    descriptionJesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1937, CVE-2012-1938) It was discovered that Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id59394
    published2012-06-07
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59394
    titleUbuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : firefox vulnerabilities (USN-1463-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0710.NASL
    descriptionFrom Red Hat Security Advisory 2012:0710 : Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1947) Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers with graphics cards that have hardware acceleration enabled. It was found that the Content Security Policy (CSP) implementation in Firefox no longer blocked Firefox inline event handlers. A remote attacker could use this flaw to possibly bypass a web application
    last seen2020-05-31
    modified2013-07-12
    plugin id68535
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68535
    titleOracle Linux 5 / 6 : firefox (ELSA-2012-0710)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_BFECF7C1AF4711E195804061862B8C22.NASL
    descriptionThe Mozilla Project reports : MFSA 2012-34 Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) MFSA 2012-36 Content Security Policy inline-script bypass MFSA 2012-37 Information disclosure though Windows file shares and shortcut files MFSA 2012-38 Use-after-free while replacing/inserting a node in a document MFSA 2012-39 NSS parsing errors with zero length items MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer
    last seen2020-06-01
    modified2020-06-02
    plugin id59381
    published2012-06-06
    reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59381
    titleFreeBSD : mozilla -- multiple vulnerabilities (bfecf7c1-af47-11e1-9580-4061862b8c22)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201301-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id63402
    published2013-01-08
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63402
    titleGLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2489.NASL
    descriptionSeveral vulnerabilities have been found in the Iceape internet suite, an unbranded version of SeaMonkey. - CVE-2012-1937 Mozilla developers discovered several memory corruption bugs, which may lead to the execution of arbitrary code. - CVE-2012-1940 Abhishek Arya discovered a use-after-free problem when working with column layout with absolute positioning in a container that changes size, which may lead to the execution of arbitrary code. - CVE-2012-1947 Abhishek Arya discovered a heap buffer overflow in utf16 to latin1 character set conversion, allowing to execute arbitrary code.
    last seen2020-03-17
    modified2012-06-29
    plugin id59767
    published2012-06-29
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59767
    titleDebian DSA-2489-1 : iceape - several vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120605_FIREFOX_ON_SL5_X.NASL
    descriptionMozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1947) Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers with graphics cards that have hardware acceleration enabled. It was found that the Content Security Policy (CSP) implementation in Firefox no longer blocked Firefox inline event handlers. A remote attacker could use this flaw to possibly bypass a web application
    last seen2020-03-18
    modified2012-08-01
    plugin id61322
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61322
    titleScientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20120605)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_10_0_5.NASL
    descriptionThe installed version of Thunderbird 10.0.x is potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. (CVE-2012-0441) - Multiple memory corruption errors exist. (CVE-2012-1937, CVE-2012-1939) - Two heap-based buffer overflows and one heap-based use- after-free error exist and are potentially exploitable. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947) - The inline-script blocking feature of the
    last seen2020-06-01
    modified2020-06-02
    plugin id59406
    published2012-06-07
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59406
    titleThunderbird 10.0.x < 10.0.5 Multiple Vulnerabilities (Mac OS X)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1463-3.NASL
    descriptionUSN-1463-1 fixed vulnerabilities in Firefox. The new package caused a regression in the rendering of Hebrew text and the ability of the Hotmail inbox to auto-update. This update fixes the problem. Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-1937, CVE-2012-1938) It was discovered that Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id59640
    published2012-06-21
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59640
    titleUbuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : firefox regressions (USN-1463-3)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0710.NASL
    descriptionUpdated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1947) Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers with graphics cards that have hardware acceleration enabled. It was found that the Content Security Policy (CSP) implementation in Firefox no longer blocked Firefox inline event handlers. A remote attacker could use this flaw to possibly bypass a web application
    last seen2020-05-31
    modified2012-06-06
    plugin id59383
    published2012-06-06
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59383
    titleRHEL 5 / 6 : firefox (RHSA-2012:0710)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_10_0_5.NASL
    descriptionThe installed version of Firefox is earlier than 10.0.5 and thus, is potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. (CVE-2012-0441) - Multiple memory corruption errors exist. (CVE-2012-1937, CVE-2012-1939) - Two heap-based buffer overflows and one heap-based use- after-free error exist and are potentially exploitable. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947) - The inline-script blocking feature of the
    last seen2020-06-01
    modified2020-06-02
    plugin id59404
    published2012-06-07
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59404
    titleFirefox < 10.0.5 Multiple Vulnerabilities (Mac OS X)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_130.NASL
    descriptionThe installed version of Firefox is earlier than 13.0 and thus, is potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. (CVE-2012-0441) - Multiple memory corruption errors exist. (CVE-2012-1937, CVE-2012-1938) - Two heap-based buffer overflows and one heap-based use- after-free error exist and are potentially exploitable. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947) - Two arbitrary DLL load issues exist related to the application update and update service functionality. (CVE-2012-1942, CVE-2012-1943) - The inline-script blocking feature of the
    last seen2020-06-01
    modified2020-06-02
    plugin id59407
    published2012-06-07
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59407
    titleFirefox < 13.0 Multiple Vulnerabilities

Oval

accepted2014-10-06T04:02:31.624-04:00
classvulnerability
contributors
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameRichard Helbing
    organizationbaramundi software
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
definition_extensions
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Seamonkey is installed
    ovaloval:org.mitre.oval:def:6372
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox ESR is installed
    ovaloval:org.mitre.oval:def:22414
  • commentMozilla Thunderbird ESR is installed
    ovaloval:org.mitre.oval:def:22216
descriptionMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
familywindows
idoval:org.mitre.oval:def:17055
statusaccepted
submitted2013-05-13T10:26:26.748+04:00
titleMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
version37

Redhat

advisories
  • rhsa
    idRHSA-2012:0710
  • rhsa
    idRHSA-2012:0715
rpms
  • firefox-0:10.0.5-1.el5_8
  • firefox-0:10.0.5-1.el6_2
  • firefox-debuginfo-0:10.0.5-1.el5_8
  • firefox-debuginfo-0:10.0.5-1.el6_2
  • xulrunner-0:10.0.5-1.el5_8
  • xulrunner-0:10.0.5-1.el6_2
  • xulrunner-debuginfo-0:10.0.5-1.el5_8
  • xulrunner-debuginfo-0:10.0.5-1.el6_2
  • xulrunner-devel-0:10.0.5-1.el5_8
  • xulrunner-devel-0:10.0.5-1.el6_2
  • thunderbird-0:10.0.5-2.el5_8
  • thunderbird-0:10.0.5-2.el6_2
  • thunderbird-debuginfo-0:10.0.5-2.el5_8
  • thunderbird-debuginfo-0:10.0.5-2.el6_2