Executive Summary
Summary | |
---|---|
Title | Sun Alert 268448 Multiple Security Vulnerabilities in Firefox Versions Before 3.5.3 May Allow Execution of Arbitrary Code, Access to Unauthorized Data, or Denial of Service (DoS) |
Informations | |||
---|---|---|---|
Name | SUN-268448 | First vendor Publication | 2009-09-30 |
Vendor | Sun | Last vendor Modification | 2009-10-13 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: OpenSolaris Multiple security vulnerabilities with varying impacts affect Firefox (see firefox(1)) versions prior to 3.5.3 as shipped with OpenSolaris. These vulnerabilities may allow an unprivileged remote user to crash the Firefox application or possibly execute arbitrary code on the system where Firefox is being run, resulting in a Denial of service (DoS). Further vulnerabilities may allow a remote user to mislead a Firefox user into incorrectly trusting a site by providing a URL in the location bar which may appear to be another URL, or to compromise the cryptography features that are active within the browser application. The following Mozilla advisories describe the vulnerabilities: MFSA 2009-51 at http://www.mozilla.org/security/announce/2009/mfsa2009-51.html MFSA 2009-50 at http://www.mozilla.org/security/announce/2009/mfsa2009-50.html MFSA 2009-49 at http://www.mozilla.org/security/announce/2009/mfsa2009-49.html MFSA 2009-48 at http://www.mozilla.org/security/announce/2009/mfsa2009-48.html MFSA 2009-47 at http://www.mozilla.org/security/announce/2009/mfsa2009-47.html
CVE-2009-3069 at http://www.security-database.com/detail.php?cve=CVE-2009-3069 CVE-2009-3070 at http://www.security-database.com/detail.php?cve=CVE-2009-3070 CVE-2009-3071 at http://www.security-database.com/detail.php?cve=CVE-2009-3071 CVE-2009-3072 at http://www.security-database.com/detail.php?cve=CVE-2009-3072 CVE-2009-3073 at http://www.security-database.com/detail.php?cve=CVE-2009-3073 CVE-2009-3074 at http://www.security-database.com/detail.php?cve=CVE-2009-3074 CVE-2009-3075 at http://www.security-database.com/detail.php?cve=CVE-2009-3075 CVE-2009-3076 at http://www.security-database.com/detail.php?cve=CVE-2009-3076 CVE-2009-3077 at http://www.security-database.com/detail.php?cve=CVE-2009-3077 CVE-2009-3078 at http://www.security-database.com/detail.php?cve=CVE-2009-3078 CVE-2009-3079 at http://www.security-database.com/detail.php?cve=CVE-2009-3079 State: Resolved First released: 30-Sep-2009 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_268448_multiple_security |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
33 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10349 | |||
Oval ID: | oval:org.mitre.oval:def:10349 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3072 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10390 | |||
Oval ID: | oval:org.mitre.oval:def:10390 | ||
Title: | Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter. | ||
Description: | Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3079 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10698 | |||
Oval ID: | oval:org.mitre.oval:def:10698 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3071 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10871 | |||
Oval ID: | oval:org.mitre.oval:def:10871 | ||
Title: | Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property. | ||
Description: | Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3078 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11365 | |||
Oval ID: | oval:org.mitre.oval:def:11365 | ||
Title: | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3075 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11702 | |||
Oval ID: | oval:org.mitre.oval:def:11702 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3070 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13601 | |||
Oval ID: | oval:org.mitre.oval:def:13601 | ||
Title: | DSA-1886-1 iceweasel -- several | ||
Description: | Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3079 "moz_bug_r_a4" discovered that a programming error in the FeedWriter module could lead to the execution of Javascript code with elevated privileges. CVE-2009-1310 Prateek Saxena discovered a cross-site scripting vulnerability in the MozSearch plugin interface. For the stable distribution, these problems have been fixed in version 3.0.6-3. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the unstable distribution, these problems have been fixed in version 3.0.14-1. For the experimental distribution, these problems have been fixed in version 3.5.3-1. We recommend that you upgrade your iceweasel packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1886-1 CVE-2009-1310 CVE-2009-3079 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | iceweasel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13610 | |||
Oval ID: | oval:org.mitre.oval:def:13610 | ||
Title: | DSA-1885-1 xulrunner -- several | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3070 Jesse Ruderman discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3071 Daniel Holbert, Jesse Ruderman, Olli Pettay and "toshi" discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3072 Josh Soref, Jesse Ruderman and Martin Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3074 Jesse Ruderman discovered a crash in the Javascript engine, which might allow the execution of arbitrary code. CVE-2009-3075 Carsten Book and "Taral" discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3076 Jesse Ruderman discovered that the user interface for installing/ removing PCKS #11 securiy modules wasn’t informative enough, which might allow social engineering attacks. CVE-2009-3077 It was discovered that incorrect pointer handling in the XUL parser could lead to the execution of arbitrary code. CVE-2009-3078 Juan Pablo Lopez Yacubian discovered that incorrent rendering of some Unicode font characters could lead to spoofing attacks on the location bar. For the stable distribution, these problems have been fixed in version 1.9.0.14-0lenny1. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the unstable distribution, these problems have been fixed in version 1.9.0.14-1. For the experimental distribution, these problems have been fixed in version 1.9.1.3-1. We recommend that you upgrade your xulrunner package. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1885-1 CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3074 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 CVE-2009-3078 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22775 | |||
Oval ID: | oval:org.mitre.oval:def:22775 | ||
Title: | ELSA-2009:1430: firefox security update (Critical) | ||
Description: | Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1430-01 CVE-2009-2654 CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3074 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 CVE-2009-3078 CVE-2009-3079 | Version: | 45 |
Platform(s): | Oracle Linux 5 | Product(s): | firefox nspr xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29334 | |||
Oval ID: | oval:org.mitre.oval:def:29334 | ||
Title: | RHSA-2009:1430 -- firefox security update (Critical) | ||
Description: | Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime (NSPR). | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1430 CESA-2009:1430-CentOS 5 CVE-2009-2654 CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3074 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 CVE-2009-3078 CVE-2009-3079 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | firefox nspr xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5418 | |||
Oval ID: | oval:org.mitre.oval:def:5418 | ||
Title: | Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3 allow Visual truncation vulnerability | ||
Description: | Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3078 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5606 | |||
Oval ID: | oval:org.mitre.oval:def:5606 | ||
Title: | Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3 allow dangling pointer vulnerability | ||
Description: | Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3077 | Version: | 6 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5717 | |||
Oval ID: | oval:org.mitre.oval:def:5717 | ||
Title: | Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2 allow multiple DOS Vulnerabilities | ||
Description: | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3075 | Version: | 6 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5905 | |||
Oval ID: | oval:org.mitre.oval:def:5905 | ||
Title: | Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2 allow Denial of Service Vulnerability | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3071 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5989 | |||
Oval ID: | oval:org.mitre.oval:def:5989 | ||
Title: | Mozilla Firefox 3.5.x before 3.5.3 allow Denial of Service Vulnerability | ||
Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3069 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6053 | |||
Oval ID: | oval:org.mitre.oval:def:6053 | ||
Title: | Mozilla Firefox before 3.0.14 JavaScript engine allow denial of service Vulnerability | ||
Description: | Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3074 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6073 | |||
Oval ID: | oval:org.mitre.oval:def:6073 | ||
Title: | Mozilla Firefox before 3.0.14 allow Denial of Service Vulnerability | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3070 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6140 | |||
Oval ID: | oval:org.mitre.oval:def:6140 | ||
Title: | Mozilla Firefox before 3.0.14 allow remote arbitrary code execution Vulnerability | ||
Description: | Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3076 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6250 | |||
Oval ID: | oval:org.mitre.oval:def:6250 | ||
Title: | Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3 allow remote arbitrary code Vulnerability | ||
Description: | Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3079 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6315 | |||
Oval ID: | oval:org.mitre.oval:def:6315 | ||
Title: | Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3 allow denial of service Vulnerability | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3072 | Version: | 6 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6398 | |||
Oval ID: | oval:org.mitre.oval:def:6398 | ||
Title: | Mozilla Firefox 3.5.x before 3.5.3 JavaScript engine allow denial of service Vulnerability | ||
Description: | Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3073 | Version: | 6 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7766 | |||
Oval ID: | oval:org.mitre.oval:def:7766 | ||
Title: | DSA-1885 xulrunner -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Jesse Ruderman discovered crashes in the layout engine, which might allow the execution of arbitrary code. Daniel Holbert, Jesse Ruderman, Olli Pettay and "toshi" discovered crashes in the layout engine, which might allow the execution of arbitrary code. Josh Soref, Jesse Ruderman and Martin Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. Jesse Ruderman discovered a crash in the Javascript engine, which might allow the execution of arbitrary code. Carsten Book and "Taral" discovered crashes in the layout engine, which might allow the execution of arbitrary code. Jesse Ruderman discovered that the user interface for installing/ removing PCKS #11 securiy modules wasn't informative enough, which might allow social engineering attacks. It was discovered that incorrect pointer handling in the XUL parser could lead to the execution of arbitrary code. Juan Pablo Lopez Yacubian discovered that incorrent rendering of some Unicode font characters could lead to spoofing attacks on the location bar. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1885 CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3074 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 CVE-2009-3078 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8008 | |||
Oval ID: | oval:org.mitre.oval:def:8008 | ||
Title: | DSA-1886 iceweasel -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: "moz_bug_r_a4" discovered that a programming error in the FeedWriter module could lead to the execution of Javascript code with elevated privileges. Prateek Saxena discovered a cross-site scripting vulnerability in the MozSearch plugin interface. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1886 CVE-2009-1310 CVE-2009-3079 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | iceweasel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9444 | |||
Oval ID: | oval:org.mitre.oval:def:9444 | ||
Title: | Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3074 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Mozilla Firefox PKCS11 Module Installation Code Execution | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for firefox CESA-2009:1430 centos4 i386 File : nvt/gb_CESA-2009_1430_firefox_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:1430 centos5 i386 File : nvt/gb_CESA-2009_1430_firefox_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1431 centos4 i386 File : nvt/gb_CESA-2009_1431_seamonkey_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1432 centos3 i386 File : nvt/gb_CESA-2009_1432_seamonkey_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for thunderbird CESA-2010:0153 centos5 i386 File : nvt/gb_CESA-2010_0153_thunderbird_centos5_i386.nasl |
2010-04-29 | Name : Fedora Update for seamonkey FEDORA-2010-7100 File : nvt/gb_fedora_2010_7100_seamonkey_fc11.nasl |
2010-04-06 | Name : Debian Security Advisory DSA 2025-1 (icedove) File : nvt/deb_2025_1.nasl |
2010-03-30 | Name : FreeBSD Ports: seamonkey, linux-seamonkey File : nvt/freebsd_seamonkey.nasl |
2010-03-22 | Name : Ubuntu Update for thunderbird vulnerabilities USN-915-1 File : nvt/gb_ubuntu_USN_915_1.nasl |
2010-03-22 | Name : RedHat Update for thunderbird RHSA-2010:0154-02 File : nvt/gb_RHSA-2010_0154-02_thunderbird.nasl |
2010-03-22 | Name : CentOS Update for thunderbird CESA-2010:0154 centos4 i386 File : nvt/gb_CESA-2010_0154_thunderbird_centos4_i386.nasl |
2009-10-27 | Name : SuSE Security Advisory SUSE-SA:2009:048 (MozillaFirefox) File : nvt/suse_sa_2009_048.nasl |
2009-10-27 | Name : SLES10: Security update for Mozilla Firefox File : nvt/sles10_firefox35upgrad.nasl |
2009-10-11 | Name : SLES11: Security update for Mozilla File : nvt/sles11_mozilla-xulrunn0.nasl |
2009-10-11 | Name : SLES11: Security update for Firefox File : nvt/sles11_MozillaFirefox6.nasl |
2009-09-21 | Name : Mandrake Security Advisory MDVSA-2009:236 (firefox) File : nvt/mdksa_2009_236.nasl |
2009-09-15 | Name : CentOS Security Advisory CESA-2009:1431 (seamonkey) File : nvt/ovcesa2009_1431.nasl |
2009-09-15 | Name : CentOS Security Advisory CESA-2009:1432 (seamonkey) File : nvt/ovcesa2009_1432.nasl |
2009-09-15 | Name : RedHat Security Advisory RHSA-2009:1430 File : nvt/RHSA_2009_1430.nasl |
2009-09-15 | Name : Ubuntu USN-821-1 (xulrunner-1.9) File : nvt/ubuntu_821_1.nasl |
2009-09-15 | Name : CentOS Security Advisory CESA-2009:1430 (seamonkey) File : nvt/ovcesa2009_1430.nasl |
2009-09-15 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox41.nasl |
2009-09-15 | Name : Fedora Core 11 FEDORA-2009-9505 (epiphany-extensions) File : nvt/fcore_2009_9505.nasl |
2009-09-15 | Name : Fedora Core 10 FEDORA-2009-9494 (epiphany) File : nvt/fcore_2009_9494.nasl |
2009-09-15 | Name : Debian Security Advisory DSA 1886-1 (iceweasel) File : nvt/deb_1886_1.nasl |
2009-09-15 | Name : Debian Security Advisory DSA 1885-1 (xulrunner) File : nvt/deb_1885_1.nasl |
2009-09-15 | Name : RedHat Security Advisory RHSA-2009:1432 File : nvt/RHSA_2009_1432.nasl |
2009-09-15 | Name : RedHat Security Advisory RHSA-2009:1431 File : nvt/RHSA_2009_1431.nasl |
2009-09-11 | Name : Mozilla Firefox Denial Of Service Vulnerability - Sep09 (Linux) File : nvt/secpod_firefox_dos_vuln_sep09_lin.nasl |
2009-09-11 | Name : Mozilla Firefox Denial Of Service Vulnerability - Sep09 (Win) File : nvt/secpod_firefox_dos_vuln_sep09_win.nasl |
2009-09-11 | Name : Mozilla Firefox 'JavaScript' DoS Vulnerabilities - Sep09 (Linux) File : nvt/secpod_firefox_js_dos_vuln_sep09_lin.nasl |
2009-09-11 | Name : Mozilla Firefox 'JavaScript' DoS Vulnerabilities - Sep09 (Win) File : nvt/secpod_firefox_js_dos_vuln_sep09_win.nasl |
2009-09-11 | Name : Mozilla Firefox Multiple Denial Of Service Vulnerabilities - Sep09 (Linux) File : nvt/secpod_firefox_mult_dos_vuln_sep09_lin.nasl |
2009-09-11 | Name : Mozilla Firefox Multiple Denial Of Service Vulnerabilities - Sep09 (Win) File : nvt/secpod_firefox_mult_dos_vuln_sep09_win.nasl |
2009-09-11 | Name : Mozilla Firefox Multiple Vulnerabilities - Sep09 (Linux) File : nvt/secpod_firefox_mult_vuln_sep09_lin.nasl |
2009-09-11 | Name : Mozilla Firefox Multiple Vulnerabilities - Sep09 (Win) File : nvt/secpod_firefox_mult_vuln_sep09_win.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
57980 | Mozilla Firefox FeedWriter Privileged JavaScript Execution |
57979 | Mozilla Firefox Tall Line-height Unicode Character Handling Address Bar Spoofing |
57978 | Mozilla Firefox XUL Document TreeColumn Rendering Arbitrary Code Execution |
57977 | Mozilla Firefox PKCS11 Module Installation Warning Dialogue Weakness |
57976 | Mozilla Firefox JavaScript Engine Multiple Unspecified Memory Corruption Firefox contains a flaw related to the JavaScript engine that may allow an attacker to execute arbitrary code via memory corruption. No further details have been provided. |
57975 | Mozilla Firefox JavaScript Engine Unspecified Remote Memory Corruption (2009-... |
57974 | Mozilla Firefox JavaScript Engine Unspecified Remote Memory Corruption (2009-... |
57973 | Mozilla Firefox Browser Engine Multiple Unspecified Memory Corruption (2009-3... |
57972 | Mozilla Firefox Browser Engine Multiple Unspecified Memory Corruption (2009-3... |
57971 | Mozilla Firefox Browser Engine Multiple Unspecified Memory Corruption (2009-3... Firefox contains an unspecified memory corruption flaw in the browser engine that may allow a malicious user to crash the browser or execute arbitrary code, leading to a loss of integrity and/or availability. |
57970 | Mozilla Firefox Browser Engine Multiple Unspecified Memory Corruption (2009-3... |
Snort® IPS/IDS
Date | Description |
---|---|
2018-07-10 | Mozilla multiple products JavaScript string replace buffer overflow attempt RuleID : 46913 - Revision : 1 - Type : BROWSER-FIREFOX |
2018-07-10 | Mozilla multiple products JavaScript string replace buffer overflow attempt RuleID : 46912 - Revision : 1 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt RuleID : 17236 - Revision : 12 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla multiple products JavaScript string replace buffer overflow attempt RuleID : 17166 - Revision : 10 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox top-level script object offset calculation memory corruption ... RuleID : 16344 - Revision : 13 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox PKCS11 module installation code execution attempt RuleID : 16142 - Revision : 9 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1432.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1431.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1430.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100317_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090909_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090909_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2011-03-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-090922.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_firefox35upgrade-6563.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-7100.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-100430.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_seamonkey-100430.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12616.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
2010-04-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-071.nasl - Type : ACT_GATHER_INFO |
2010-04-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2025.nasl - Type : ACT_GATHER_INFO |
2010-03-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO |
2010-03-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO |
2010-03-22 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_56cfe192329f11dfabb2000f20797ede.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_20024.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-915-1.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1119.nasl - Type : ACT_GATHER_INFO |
2010-03-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6562.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1885.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1886.nasl - Type : ACT_GATHER_INFO |
2009-10-20 | Name : The remote SuSE system is missing the security patch firefox35upgrade-6562 File : suse_firefox35upgrade-6562.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-6495.nasl - Type : ACT_GATHER_INFO |
2009-10-01 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-090924.nasl - Type : ACT_GATHER_INFO |
2009-10-01 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-090917.nasl - Type : ACT_GATHER_INFO |
2009-09-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090916.nasl - Type : ACT_GATHER_INFO |
2009-09-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090916.nasl - Type : ACT_GATHER_INFO |
2009-09-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-236.nasl - Type : ACT_GATHER_INFO |
2009-09-14 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-9494.nasl - Type : ACT_GATHER_INFO |
2009-09-14 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-9505.nasl - Type : ACT_GATHER_INFO |
2009-09-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-821-1.nasl - Type : ACT_GATHER_INFO |
2009-09-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1431.nasl - Type : ACT_GATHER_INFO |
2009-09-11 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_922d23989e2d11dea9980030843d3802.nasl - Type : ACT_GATHER_INFO |
2009-09-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1432.nasl - Type : ACT_GATHER_INFO |
2009-09-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1430.nasl - Type : ACT_GATHER_INFO |
2009-09-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1432.nasl - Type : ACT_GATHER_INFO |
2009-09-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1431.nasl - Type : ACT_GATHER_INFO |
2009-09-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1430.nasl - Type : ACT_GATHER_INFO |
2009-09-10 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_353.nasl - Type : ACT_GATHER_INFO |
2009-09-10 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3014.nasl - Type : ACT_GATHER_INFO |
2009-08-04 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_352.nasl - Type : ACT_GATHER_INFO |