Search...

SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)

2010-12-02T00:00:00

ID SUSE_11_MOZILLA-XULRUNNER191-101118.NASL
Type nessus
Reporter Tenable
Modified 2013-11-27T00:00:00

Description

This update brings the Mozilla XULRunner engine to version 1.9.1.15, fixing various bugs and security issues.

The following security issues were fixed :

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References. (MFSA 2010-64)

Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.

Memory safety bugs - Firefox 3.6, Firefox 3.5

Gary Kwong, Martijn Wargers and Siddharth Agarwal reported memory safety problems that affected Firefox 3.6 only. (CVE-2010-3176)

Memory safety bugs - Firefox 3.6

CVE-2010-3175

Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim's browser and potentially run arbitrary code on their computer. (MFSA 2010-65 / CVE-2010-3179)

Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window's memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property could result in the execution of attacker-controlled memory. (MFSA 2010-66 / CVE-2010-3180)

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that when window.lookupGetter is called with no arguments the code assumes the top JavaScript stack value is a property name. Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine which calls through the dangling pointer, potentially executing attacker-controlled memory. (MFSA 2010-67 / CVE-2010-3183)

Google security researcher Robert Swiecki reported that functions used by the Gopher parser to convert text to HTML tags could be exploited to turn text into executable JavaScript. If an attacker could create a file or directory on a Gopher server with the encoded script as part of its name the script would then run in a victim's browser within the context of the site. (MFSA 2010-68 / CVE-2010-3177)

Security researcher Eduardo Vela Nava reported that if a web page opened a new window and used a javascript: URL to make a modal call, such as alert(), then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in the navigated window. This is a violation of the same-origin policy and could be used by an attacker to steal information from another web site. (MFSA 2010-69 / CVE-2010-3178)

Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority. (MFSA 2010-70 / CVE-2010-3170)

Dmitri Gribenko reported that the script used to launch Mozilla applications on Linux was effectively including the current working directory in the LD_LIBRARY_PATH environment variable. If an attacker was able to place into the current working directory a malicious shared library with the same name as a library that the bootstrapping script depends on the attacker could have their library loaded instead of the legitimate library. (MFSA 2010-71 / CVE-2010-3182)

Morten KrÃ¥kvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms. (MFSA 2010-73 / CVE-2010-3765)

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL &lt; 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(50952);
  script_version("$Revision: 1.14 $");
  script_cvs_date("$Date: 2013/11/27 17:11:05 $");

  script_cve_id("CVE-2010-3170", "CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3765");

  script_name(english:"SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update brings the Mozilla XULRunner engine to version 1.9.1.15,
fixing various bugs and security issues.

The following security issues were fixed :

  - Mozilla developers identified and fixed several memory
    safety bugs in the browser engine used in Firefox and
    other Mozilla-based products. Some of these bugs showed
    evidence of memory corruption under certain
    circumstances, and we presume that with enough effort at
    least some of these could be exploited to run arbitrary
    code. References. (MFSA 2010-64)

    Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor
    Bukanov and Josh Soref reported memory safety problems
    that affected Firefox 3.6 and Firefox 3.5.

  - Memory safety bugs - Firefox 3.6, Firefox 3.5

  - Gary Kwong, Martijn Wargers and Siddharth Agarwal
    reported memory safety problems that affected Firefox
    3.6 only. (CVE-2010-3176)

  - Memory safety bugs - Firefox 3.6

  - CVE-2010-3175

  - Security researcher Alexander Miller reported that
    passing an excessively long string to document.write
    could cause text rendering routines to end up in an
    inconsistent state with sections of stack memory being
    overwritten with the string data. An attacker could use
    this flaw to crash a victim's browser and potentially
    run arbitrary code on their computer. (MFSA 2010-65 /
    CVE-2010-3179)

  - Security researcher Sergey Glazunov reported that it was
    possible to access the locationbar property of a window
    object after it had been closed. Since the closed
    window's memory could have been subsequently reused by
    the system it was possible that an attempt to access the
    locationbar property could result in the execution of
    attacker-controlled memory. (MFSA 2010-66 /
    CVE-2010-3180)

  - Security researcher regenrecht reported via
    TippingPoint's Zero Day Initiative that when
    window.__lookupGetter__ is called with no arguments the
    code assumes the top JavaScript stack value is a
    property name. Since there were no arguments passed into
    the function, the top value could represent
    uninitialized memory or a pointer to a previously freed
    JavaScript object. Under such circumstances the value is
    passed to another subroutine which calls through the
    dangling pointer, potentially executing
    attacker-controlled memory. (MFSA 2010-67 /
    CVE-2010-3183)

  - Google security researcher Robert Swiecki reported that
    functions used by the Gopher parser to convert text to
    HTML tags could be exploited to turn text into
    executable JavaScript. If an attacker could create a
    file or directory on a Gopher server with the encoded
    script as part of its name the script would then run in
    a victim's browser within the context of the site. (MFSA
    2010-68 / CVE-2010-3177)

  - Security researcher Eduardo Vela Nava reported that if a
    web page opened a new window and used a javascript: URL
    to make a modal call, such as alert(), then subsequently
    navigated the page to a different domain, once the modal
    call returned the opener of the window could get access
    to objects in the navigated window. This is a violation
    of the same-origin policy and could be used by an
    attacker to steal information from another web site.
    (MFSA 2010-69 / CVE-2010-3178)

  - Security researcher Richard Moore reported that when an
    SSL certificate was created with a common name
    containing a wildcard followed by a partial IP address a
    valid SSL connection could be established with a server
    whose IP address matched the wildcard range by browsing
    directly to the IP address. It is extremely unlikely
    that such a certificate would be issued by a Certificate
    Authority. (MFSA 2010-70 / CVE-2010-3170)

  - Dmitri Gribenko reported that the script used to launch
    Mozilla applications on Linux was effectively including
    the current working directory in the LD_LIBRARY_PATH
    environment variable. If an attacker was able to place
    into the current working directory a malicious shared
    library with the same name as a library that the
    bootstrapping script depends on the attacker could have
    their library loaded instead of the legitimate library.
    (MFSA 2010-71 / CVE-2010-3182)

  - Morten Kr&Atilde;&yen;kvik of Telenor SOC reported an
    exploit targeting particular versions of Firefox 3.6 on
    Windows XP that Telenor found while investigating an
    intrusion attempt on a customer network. The underlying
    vulnerability, however, was present on both the Firefox
    3.5 and Firefox 3.6 development branches and affected
    all supported platforms. (MFSA 2010-73 / CVE-2010-3765)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.mozilla.org/security/announce/2010/mfsa2010-64.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.mozilla.org/security/announce/2010/mfsa2010-65.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.mozilla.org/security/announce/2010/mfsa2010-66.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.mozilla.org/security/announce/2010/mfsa2010-67.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.mozilla.org/security/announce/2010/mfsa2010-68.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.mozilla.org/security/announce/2010/mfsa2010-69.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.mozilla.org/security/announce/2010/mfsa2010-70.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.mozilla.org/security/announce/2010/mfsa2010-71.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.mozilla.org/security/announce/2010/mfsa2010-73.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=653606"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3170.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3175.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3176.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3177.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3178.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3179.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3180.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3182.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3183.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3765.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Apply SAT patch number 3557 / 3558 as appropriate."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/11/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/12/02");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" &gt;!&lt; cpu && "s390x" &gt;!&lt; cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);


flag = 0;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"mozilla-xulrunner191-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, reference:"mozilla-xulrunner191-translations-1.9.1.15-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1")) flag++;


if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

JSON Vulners Source

Initial Source

{"hash": "d17e8137ecf03951529888f90853932a3c71f95e6b10ab730c48e924d4cd382f", "naslFamily": "SuSE Local Security Checks", "id": "SUSE_11_MOZILLA-XULRUNNER191-101118.NASL", "lastseen": "2017-10-29T13:36:41", "viewCount": 4, "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "a8e55707958b4a0e640ad83a3e69d853", "key": "cpe"}, {"hash": "0b19968aa0d749fbb88c80abb37d3520", "key": "cvelist"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "16dfb1899bc96767b30ee77a130bcfbb", "key": "description"}, {"hash": "96ffa3e5f217475f603a12d5cccf94fe", "key": "href"}, {"hash": "5b6f3fc076a2d9c6f98e81620afdb872", "key": "modified"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "0d10e29d75af6551e75c87d10169a1d2", "key": "pluginID"}, {"hash": "d14d1a96b91092c41434a96e62b67fa1", "key": "published"}, {"hash": "c9be8c76b09668e68564aafc37499eff", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "350fe642a6bd00b9726ef9b638f591f0", "key": "sourceData"}, {"hash": "65fe2a93d43070603e05e87f85db8f43", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations", "p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "edition": 2, "enchantments": {"vulnersScore": 10.0}, "type": "nessus", "description": "This update brings the Mozilla XULRunner engine to version 1.9.1.15, fixing various bugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal reported memory safety problems that affected Firefox 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim's browser and potentially run arbitrary code on their computer. (MFSA 2010-65 / CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window's memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property could result in the execution of attacker-controlled memory. (MFSA 2010-66 / CVE-2010-3180)\n\n - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that when window.__lookupGetter__ is called with no arguments the code assumes the top JavaScript stack value is a property name. Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine which calls through the dangling pointer, potentially executing attacker-controlled memory. (MFSA 2010-67 / CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that functions used by the Gopher parser to convert text to HTML tags could be exploited to turn text into executable JavaScript. If an attacker could create a file or directory on a Gopher server with the encoded script as part of its name the script would then run in a victim's browser within the context of the site. (MFSA 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a web page opened a new window and used a javascript: URL to make a modal call, such as alert(), then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in the navigated window. This is a violation of the same-origin policy and could be used by an attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch Mozilla applications on Linux was effectively including the current working directory in the LD_LIBRARY_PATH environment variable. If an attacker was able to place into the current working directory a malicious shared library with the same name as a library that the bootstrapping script depends on the attacker could have their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten KrÃ¥kvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms. (MFSA 2010-73 / CVE-2010-3765)", "title": "SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)", "history": [{"bulletin": {"hash": "15c4f03f4b594bf662d0ec95ef321e6f1ea48e429243943086f972758c2ed251", "naslFamily": "SuSE Local Security Checks", "edition": 1, "lastseen": "2016-09-26T17:24:10", "enchantments": {}, "hashmap": [{"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c9be8c76b09668e68564aafc37499eff", "key": "references"}, {"hash": "65fe2a93d43070603e05e87f85db8f43", "key": "title"}, {"hash": "96ffa3e5f217475f603a12d5cccf94fe", "key": "href"}, {"hash": "0d10e29d75af6551e75c87d10169a1d2", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "d14d1a96b91092c41434a96e62b67fa1", "key": "published"}, {"hash": "16dfb1899bc96767b30ee77a130bcfbb", "key": "description"}, {"hash": "5b6f3fc076a2d9c6f98e81620afdb872", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "0b19968aa0d749fbb88c80abb37d3520", "key": "cvelist"}, {"hash": "350fe642a6bd00b9726ef9b638f591f0", "key": "sourceData"}], "bulletinFamily": "scanner", "cpe": [], "history": [], "id": "SUSE_11_MOZILLA-XULRUNNER191-101118.NASL", "type": "nessus", "description": "This update brings the Mozilla XULRunner engine to version 1.9.1.15, fixing various bugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal reported memory safety problems that affected Firefox 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim's browser and potentially run arbitrary code on their computer. (MFSA 2010-65 / CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window's memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property could result in the execution of attacker-controlled memory. (MFSA 2010-66 / CVE-2010-3180)\n\n - Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that when window.__lookupGetter__ is called with no arguments the code assumes the top JavaScript stack value is a property name. Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine which calls through the dangling pointer, potentially executing attacker-controlled memory. (MFSA 2010-67 / CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that functions used by the Gopher parser to convert text to HTML tags could be exploited to turn text into executable JavaScript. If an attacker could create a file or directory on a Gopher server with the encoded script as part of its name the script would then run in a victim's browser within the context of the site. (MFSA 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a web page opened a new window and used a javascript: URL to make a modal call, such as alert(), then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in the navigated window. This is a violation of the same-origin policy and could be used by an attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch Mozilla applications on Linux was effectively including the current working directory in the LD_LIBRARY_PATH environment variable. If an attacker was able to place into the current working directory a malicious shared library with the same name as a library that the bootstrapping script depends on the attacker could have their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten KrÃ¥kvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms. (MFSA 2010-73 / CVE-2010-3765)", "viewCount": 3, "title": "SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "objectVersion": "1.2", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50952);\n script_version(\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2013/11/27 17:11:05 $\");\n\n script_cve_id(\"CVE-2010-3170\", \"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings the Mozilla XULRunner engine to version 1.9.1.15,\nfixing various bugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor\n Bukanov and Josh Soref reported memory safety problems\n that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal\n reported memory safety problems that affected Firefox\n 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that\n passing an excessively long string to document.write\n could cause text rendering routines to end up in an\n inconsistent state with sections of stack memory being\n overwritten with the string data. An attacker could use\n this flaw to crash a victim's browser and potentially\n run arbitrary code on their computer. (MFSA 2010-65 /\n CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was\n possible to access the locationbar property of a window\n object after it had been closed. Since the closed\n window's memory could have been subsequently reused by\n the system it was possible that an attempt to access the\n locationbar property could result in the execution of\n attacker-controlled memory. (MFSA 2010-66 /\n CVE-2010-3180)\n\n - Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative that when\n window.__lookupGetter__ is called with no arguments the\n code assumes the top JavaScript stack value is a\n property name. Since there were no arguments passed into\n the function, the top value could represent\n uninitialized memory or a pointer to a previously freed\n JavaScript object. Under such circumstances the value is\n passed to another subroutine which calls through the\n dangling pointer, potentially executing\n attacker-controlled memory. (MFSA 2010-67 /\n CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that\n functions used by the Gopher parser to convert text to\n HTML tags could be exploited to turn text into\n executable JavaScript. If an attacker could create a\n file or directory on a Gopher server with the encoded\n script as part of its name the script would then run in\n a victim's browser within the context of the site. (MFSA\n 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a\n web page opened a new window and used a javascript: URL\n to make a modal call, such as alert(), then subsequently\n navigated the page to a different domain, once the modal\n call returned the opener of the window could get access\n to objects in the navigated window. This is a violation\n of the same-origin policy and could be used by an\n attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an\n SSL certificate was created with a common name\n containing a wildcard followed by a partial IP address a\n valid SSL connection could be established with a server\n whose IP address matched the wildcard range by browsing\n directly to the IP address. It is extremely unlikely\n that such a certificate would be issued by a Certificate\n Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch\n Mozilla applications on Linux was effectively including\n the current working directory in the LD_LIBRARY_PATH\n environment variable. If an attacker was able to place\n into the current working directory a malicious shared\n library with the same name as a library that the\n bootstrapping script depends on the attacker could have\n their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten KrÃ¥kvik of Telenor SOC reported an\n exploit targeting particular versions of Firefox 3.6 on\n Windows XP that Telenor found while investigating an\n intrusion attempt on a customer network. The underlying\n vulnerability, however, was present on both the Firefox\n 3.5 and Firefox 3.6 development branches and affected\n all supported platforms. (MFSA 2010-73 / CVE-2010-3765)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-64.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-65.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-66.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-67.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-68.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-69.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-70.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-71.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-73.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=653606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3170.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3176.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3177.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3179.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3180.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3183.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3765.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 3557 / 3558 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "published": "2010-12-02T00:00:00", "pluginID": "50952", "references": ["http://www.mozilla.org/security/announce/2010/mfsa2010-67.html", "http://support.novell.com/security/cve/CVE-2010-3179.html", "http://support.novell.com/security/cve/CVE-2010-3178.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-73.html", "http://support.novell.com/security/cve/CVE-2010-3180.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-68.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-66.html", "http://support.novell.com/security/cve/CVE-2010-3183.html", "http://support.novell.com/security/cve/CVE-2010-3170.html", "http://support.novell.com/security/cve/CVE-2010-3175.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-64.html", "http://support.novell.com/security/cve/CVE-2010-3765.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-69.html", "http://support.novell.com/security/cve/CVE-2010-3177.html", "http://support.novell.com/security/cve/CVE-2010-3182.html", "http://support.novell.com/security/cve/CVE-2010-3176.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-65.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-70.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-71.html", "https://bugzilla.novell.com/show_bug.cgi?id=653606"], "reporter": "Tenable", "modified": "2013-11-27T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50952"}, "lastseen": "2016-09-26T17:24:10", "edition": 1, "differentElements": ["cpe"]}], "objectVersion": "1.3", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50952);\n script_version(\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2013/11/27 17:11:05 $\");\n\n script_cve_id(\"CVE-2010-3170\", \"CVE-2010-3175\", \"CVE-2010-3176\", \"CVE-2010-3177\", \"CVE-2010-3178\", \"CVE-2010-3179\", \"CVE-2010-3180\", \"CVE-2010-3182\", \"CVE-2010-3183\", \"CVE-2010-3765\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update brings the Mozilla XULRunner engine to version 1.9.1.15,\nfixing various bugs and security issues.\n\nThe following security issues were fixed :\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. References. (MFSA 2010-64)\n\n Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor\n Bukanov and Josh Soref reported memory safety problems\n that affected Firefox 3.6 and Firefox 3.5.\n\n - Memory safety bugs - Firefox 3.6, Firefox 3.5\n\n - Gary Kwong, Martijn Wargers and Siddharth Agarwal\n reported memory safety problems that affected Firefox\n 3.6 only. (CVE-2010-3176)\n\n - Memory safety bugs - Firefox 3.6\n\n - CVE-2010-3175\n\n - Security researcher Alexander Miller reported that\n passing an excessively long string to document.write\n could cause text rendering routines to end up in an\n inconsistent state with sections of stack memory being\n overwritten with the string data. An attacker could use\n this flaw to crash a victim's browser and potentially\n run arbitrary code on their computer. (MFSA 2010-65 /\n CVE-2010-3179)\n\n - Security researcher Sergey Glazunov reported that it was\n possible to access the locationbar property of a window\n object after it had been closed. Since the closed\n window's memory could have been subsequently reused by\n the system it was possible that an attempt to access the\n locationbar property could result in the execution of\n attacker-controlled memory. (MFSA 2010-66 /\n CVE-2010-3180)\n\n - Security researcher regenrecht reported via\n TippingPoint's Zero Day Initiative that when\n window.__lookupGetter__ is called with no arguments the\n code assumes the top JavaScript stack value is a\n property name. Since there were no arguments passed into\n the function, the top value could represent\n uninitialized memory or a pointer to a previously freed\n JavaScript object. Under such circumstances the value is\n passed to another subroutine which calls through the\n dangling pointer, potentially executing\n attacker-controlled memory. (MFSA 2010-67 /\n CVE-2010-3183)\n\n - Google security researcher Robert Swiecki reported that\n functions used by the Gopher parser to convert text to\n HTML tags could be exploited to turn text into\n executable JavaScript. If an attacker could create a\n file or directory on a Gopher server with the encoded\n script as part of its name the script would then run in\n a victim's browser within the context of the site. (MFSA\n 2010-68 / CVE-2010-3177)\n\n - Security researcher Eduardo Vela Nava reported that if a\n web page opened a new window and used a javascript: URL\n to make a modal call, such as alert(), then subsequently\n navigated the page to a different domain, once the modal\n call returned the opener of the window could get access\n to objects in the navigated window. This is a violation\n of the same-origin policy and could be used by an\n attacker to steal information from another web site.\n (MFSA 2010-69 / CVE-2010-3178)\n\n - Security researcher Richard Moore reported that when an\n SSL certificate was created with a common name\n containing a wildcard followed by a partial IP address a\n valid SSL connection could be established with a server\n whose IP address matched the wildcard range by browsing\n directly to the IP address. It is extremely unlikely\n that such a certificate would be issued by a Certificate\n Authority. (MFSA 2010-70 / CVE-2010-3170)\n\n - Dmitri Gribenko reported that the script used to launch\n Mozilla applications on Linux was effectively including\n the current working directory in the LD_LIBRARY_PATH\n environment variable. If an attacker was able to place\n into the current working directory a malicious shared\n library with the same name as a library that the\n bootstrapping script depends on the attacker could have\n their library loaded instead of the legitimate library.\n (MFSA 2010-71 / CVE-2010-3182)\n\n - Morten KrÃ¥kvik of Telenor SOC reported an\n exploit targeting particular versions of Firefox 3.6 on\n Windows XP that Telenor found while investigating an\n intrusion attempt on a customer network. The underlying\n vulnerability, however, was present on both the Firefox\n 3.5 and Firefox 3.6 development branches and affected\n all supported platforms. (MFSA 2010-73 / CVE-2010-3765)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-64.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-65.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-66.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-67.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-68.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-69.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-70.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-71.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2010/mfsa2010-73.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=653606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3170.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3176.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3177.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3179.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3180.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3183.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3765.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 3557 / 3558 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mozilla Firefox Interleaved document.write/appendChild Memory Corruption');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-gnomevfs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-xulrunner191-translations-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-gnomevfs-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-translations-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-gnomevfs-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-xulrunner191-translations-1.9.1.15-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-xulrunner191-32bit-1.9.1.15-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "published": "2010-12-02T00:00:00", "pluginID": "50952", "references": ["http://www.mozilla.org/security/announce/2010/mfsa2010-67.html", "http://support.novell.com/security/cve/CVE-2010-3179.html", "http://support.novell.com/security/cve/CVE-2010-3178.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-73.html", "http://support.novell.com/security/cve/CVE-2010-3180.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-68.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-66.html", "http://support.novell.com/security/cve/CVE-2010-3183.html", "http://support.novell.com/security/cve/CVE-2010-3170.html", "http://support.novell.com/security/cve/CVE-2010-3175.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-64.html", "http://support.novell.com/security/cve/CVE-2010-3765.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-69.html", "http://support.novell.com/security/cve/CVE-2010-3177.html", "http://support.novell.com/security/cve/CVE-2010-3182.html", "http://support.novell.com/security/cve/CVE-2010-3176.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-65.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-70.html", "http://www.mozilla.org/security/announce/2010/mfsa2010-71.html", "https://bugzilla.novell.com/show_bug.cgi?id=653606"], "reporter": "Tenable", "modified": "2013-11-27T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50952"}

{"result": {"cve": [{"id": "CVE-2010-3177", "type": "cve", "title": "CVE-2010-3177", "description": "Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server.", "published": "2010-10-21T15:00:03", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3177", "cvelist": ["CVE-2010-3177"], "lastseen": "2017-09-19T13:37:04"}, {"id": "CVE-2010-3765", "type": "cve", "title": "CVE-2010-3765", "description": "Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.", "published": "2010-10-27T20:00:05", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3765", "cvelist": ["CVE-2010-3765"], "lastseen": "2017-09-19T13:37:07"}, {"id": "CVE-2010-3178", "type": "cve", "title": "CVE-2010-3178", "description": "Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document.", "published": "2010-10-21T15:00:03", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3178", "cvelist": ["CVE-2010-3178"], "lastseen": "2017-09-19T13:37:04"}, {"id": "CVE-2010-3176", "type": "cve", "title": "CVE-2010-3176", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "published": "2010-10-21T15:00:02", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3176", "cvelist": ["CVE-2010-3176"], "lastseen": "2017-09-19T13:37:04"}, {"id": "CVE-2010-3180", "type": "cve", "title": "CVE-2010-3180", "description": "Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window.", "published": "2010-10-21T15:00:03", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3180", "cvelist": ["CVE-2010-3180"], "lastseen": "2017-09-19T13:37:04"}, {"id": "CVE-2010-3179", "type": "cve", "title": "CVE-2010-3179", "description": "Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method.", "published": "2010-10-21T15:00:03", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3179", "cvelist": ["CVE-2010-3179"], "lastseen": "2017-09-19T13:37:04"}, {"id": "CVE-2010-3175", "type": "cve", "title": "CVE-2010-3175", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "published": "2010-10-21T15:00:02", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3175", "cvelist": ["CVE-2010-3175"], "lastseen": "2017-09-19T13:37:04"}, {"id": "CVE-2010-3182", "type": "cve", "title": "CVE-2010-3182", "description": "A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.", "published": "2010-10-21T15:00:03", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3182", "cvelist": ["CVE-2010-3182"], "lastseen": "2017-09-19T13:37:04"}, {"id": "CVE-2010-3170", "type": "cve", "title": "CVE-2010-3170", "description": "Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.", "published": "2010-10-21T15:00:02", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3170", "cvelist": ["CVE-2010-3170"], "lastseen": "2017-09-19T13:37:03"}, {"id": "CVE-2010-3183", "type": "cve", "title": "CVE-2010-3183", "description": "The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a \"dangling pointer\" and the JS_ValueToId function.", "published": "2010-10-21T15:00:03", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3183", "cvelist": ["CVE-2010-3183"], "lastseen": "2017-09-19T13:37:04"}], "openvas": [{"id": "OPENVAS:1361412562310801471", "type": "openvas", "title": "Mozilla Products Multiple Cross-site Scripting Vulnerabilities (Windows)", "description": "The host is installed with Mozilla Firefox/Seamonkey and is prone\n to multiple vulnerabilities.", "published": "2010-10-28T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801471", "cvelist": ["CVE-2010-3177"], "lastseen": "2018-05-23T14:28:41"}, {"id": "OPENVAS:801471", "type": "openvas", "title": "Mozilla Products Multiple Cross-site Scripting Vulnerabilities (Windows)", "description": "The host is installed with Mozilla Firefox/Seamonkey and is prone\n to multiple vulnerabilities.", "published": "2010-10-28T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=801471", "cvelist": ["CVE-2010-3177"], "lastseen": "2017-07-12T10:50:10"}, {"id": "OPENVAS:870345", "type": "openvas", "title": "RedHat Update for seamonkey RHSA-2010:0781-01", "description": "Check for the Version of seamonkey", "published": "2010-10-22T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870345", "cvelist": ["CVE-2010-3177", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3182", "CVE-2010-3170"], "lastseen": "2017-12-21T11:32:20"}, {"id": "OPENVAS:880443", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2010:0781 centos4 i386", "description": "Check for the Version of seamonkey", "published": "2010-11-04T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=880443", "cvelist": ["CVE-2010-3177", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3182", "CVE-2010-3170"], "lastseen": "2017-12-21T11:33:26"}, {"id": "OPENVAS:1361412562310880449", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2010:0781 centos3 i386", "description": "Check for the Version of seamonkey", "published": "2010-11-04T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880449", "cvelist": ["CVE-2010-3177", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3182", "CVE-2010-3170"], "lastseen": "2018-01-11T11:04:03"}, {"id": "OPENVAS:1361412562310880443", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2010:0781 centos4 i386", "description": "Check for the Version of seamonkey", "published": "2010-11-04T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880443", "cvelist": ["CVE-2010-3177", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3182", "CVE-2010-3170"], "lastseen": "2018-01-19T15:05:21"}, {"id": "OPENVAS:1361412562310870345", "type": "openvas", "title": "RedHat Update for seamonkey RHSA-2010:0781-01", "description": "Check for the Version of seamonkey", "published": "2010-10-22T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870345", "cvelist": ["CVE-2010-3177", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3182", "CVE-2010-3170"], "lastseen": "2018-01-19T15:04:29"}, {"id": "OPENVAS:880449", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2010:0781 centos3 i386", "description": "Check for the Version of seamonkey", "published": "2010-11-04T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=880449", "cvelist": ["CVE-2010-3177", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3182", "CVE-2010-3170"], "lastseen": "2017-12-18T10:57:44"}, {"id": "OPENVAS:862651", "type": "openvas", "title": "Fedora Update for xulrunner FEDORA-2010-16897", "description": "Check for the Version of xulrunner", "published": "2010-12-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=862651", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "lastseen": "2018-01-02T10:54:18"}, {"id": "OPENVAS:862485", "type": "openvas", "title": "Fedora Update for firefox FEDORA-2010-16593", "description": "Check for the Version of firefox", "published": "2010-11-04T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=862485", "cvelist": ["CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "lastseen": "2017-12-15T11:58:14"}], "oraclelinux": [{"id": "ELSA-2010-0781", "type": "oraclelinux", "title": "seamonkey security update", "description": "[1.0.9-64.0.1.el4]\n- Added mozilla-oracle-default-prefs.js and mozilla-oracle-default-bookmarks.html\n and emoved corresponding RedHat ones\n[1.0.9-64.el4]\n- Added fixes from 1.9.1.14", "published": "2010-10-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0781.html", "cvelist": ["CVE-2010-3177", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3182", "CVE-2010-3170"], "lastseen": "2016-09-04T11:17:01"}, {"id": "ELSA-2010-0782", "type": "oraclelinux", "title": "firefox security update", "description": "firefox:\n[3.6.11-2.0.1.el5]\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\n and remove the corresponding Red Hat ones\n[3.6.11-2]\n- Update to 3.6.11 Build 2\n[3.6.11-1]\n- Update to 3.6.11\nnss:\n[3.12.8-1.0.1.el5]\n- Update clean.gif in the nss-3.12.8-stripped.tar.bz2 tarball\n[3.12.8-1]\n- Update to 3.12.8\nxulrunner:\n[1.9.2.11-2.0.1.el5]\n- Added xulrunner-oracle-default-prefs.js and removed the corresponding\n RedHat one.\n[1.9.2.11-2]\n- Update to 1.9.2.11 Build 2\n[1.9.2.11-1]\n- Update to 1.9.2.11", "published": "2010-10-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0782.html", "cvelist": ["CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "lastseen": "2016-09-04T11:16:16"}, {"id": "ELSA-2010-0808", "type": "oraclelinux", "title": "firefox security update", "description": "[3.6.11-4.0.1.el4_8]\r\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\r\n and remove the corresponding Red Hat ones\r\n \n[3.6.11-4.el4_8]\r\n- Add upstream patch for CVE-2010-3765 ", "published": "2010-10-28T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0808.html", "cvelist": ["CVE-2010-3765"], "lastseen": "2016-09-04T11:17:10"}, {"id": "ELSA-2010-0812", "type": "oraclelinux", "title": "thunderbird security update", "description": "[1.5.0.12-33.0.1.el4]\n- Add thunderbird-oracle-default-prefs.js for errata rebuild and remove\n thunderbird-redhat-default-prefs.js\n Replaced clean.gif in tarball\n[1.5.0.12-33]\n- Added fixes from 1.9.1.15", "published": "2010-10-29T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0812.html", "cvelist": ["CVE-2010-3765"], "lastseen": "2016-09-04T11:16:19"}, {"id": "ELSA-2010-0809", "type": "oraclelinux", "title": "xulrunner security update", "description": "[1.9.2.11-4.0.1.el5_5]\n- Added xulrunner-oracle-default-prefs.js and removed the corresponding\n RedHat one.\n[1.9.2.11-4.el5_5]\n- Add upstream patch for CVE-2010-3765 ", "published": "2010-10-28T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0809.html", "cvelist": ["CVE-2010-3765"], "lastseen": "2016-09-04T11:17:01"}, {"id": "ELSA-2010-0810", "type": "oraclelinux", "title": "seamonkey security update", "description": "[1.0.9-65.0.1.el4_8]\r\n- Added mozilla-oracle-default-prefs.js and mozilla-oracle-default-bookmarks.html\r\n and emoved corresponding RedHat ones\r\n \n[1.0.9-65.el4]\r\n- Added fix for mozbz#607222", "published": "2010-10-28T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0810.html", "cvelist": ["CVE-2010-3765"], "lastseen": "2016-09-04T11:16:00"}, {"id": "ELSA-2010-0780", "type": "oraclelinux", "title": "thunderbird security update", "description": "[1.5.0.12-31.0.1.el4]\n- Add thunderbird-oracle-default-prefs.js for errata rebuild and remove\n thunderbird-redhat-default-prefs.js\n Replaced clean.gif in tarball\n[1.5.0.12-31]\n- Added fixes from 1.9.1.14", "published": "2010-10-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0780.html", "cvelist": ["CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3182"], "lastseen": "2016-09-04T11:16:34"}, {"id": "ELSA-2010-0862", "type": "oraclelinux", "title": "nss security update", "description": "nss:\n[3.12.8-1.0.1.el6]\n- Update expired PayPalEE.cert to fix build failure\n- Use blank image instead of clean.gif in nss-3.12.8-stripped.tar.bz2\n[3.12.8-1]\n- Update to 3.12.8\nnss-softokn:\n[3.12.8-1]\n- Update to 3.12.8\nnss-util:\n[3.12.7-1]\n- Update to 3.12.7", "published": "2011-02-11T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0862.html", "cvelist": ["CVE-2010-3170"], "lastseen": "2016-09-04T11:16:58"}], "centos": [{"id": "CESA-2010:0781", "type": "centos", "title": "seamonkey security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0781\n\n\nSeaMonkey is an open source web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2010-3176, CVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in SeaMonkey converted text\ninto HTML. A malformed file name on a Gopher server could, when accessed by\na victim running SeaMonkey, allow arbitrary JavaScript to be executed in\nthe context of the Gopher domain. (CVE-2010-3177)\n\nA flaw was found in the script that launches SeaMonkey. The LD_LIBRARY_PATH\nvariable was appending a \".\" character, which could allow a local attacker\nto execute arbitrary code with the privileges of a different user running\nSeaMonkey, if that user ran SeaMonkey from within an attacker-controlled\ndirectory. (CVE-2010-3182)\n\nIt was found that the SSL DHE (Diffie-Hellman Ephemeral) mode\nimplementation for key exchanges in SeaMonkey accepted DHE keys that were\n256 bits in length. This update removes support for 256 bit DHE keys, as\nsuch keys are easily broken using modern hardware. (CVE-2010-3173)\n\nA flaw was found in the way SeaMonkey matched SSL certificates when the\ncertificates had a Common Name containing a wildcard and a partial IP\naddress. SeaMonkey incorrectly accepted connections to IP addresses that\nfell within the SSL certificate's wildcard range as valid SSL connections,\npossibly allowing an attacker to conduct a man-in-the-middle attack.\n(CVE-2010-3170)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017105.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017106.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017111.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017112.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0781.html", "published": "2010-10-25T08:12:58", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-October/017105.html", "cvelist": ["CVE-2010-3177", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3182", "CVE-2010-3170"], "lastseen": "2017-10-03T18:25:31"}, {"id": "CESA-2010:0782", "type": "centos", "title": "firefox, nss, xulrunner security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0782\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox. Network Security Services (NSS) is\na set of libraries designed to support the development of security-enabled\nclient and server applications.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183,\nCVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in Firefox converted text\ninto HTML. A malformed file name on a Gopher server could, when accessed by\na victim running Firefox, allow arbitrary JavaScript to be executed in the\ncontext of the Gopher domain. (CVE-2010-3177)\n\nA same-origin policy bypass flaw was found in Firefox. An attacker could\ncreate a malicious web page that, when viewed by a victim, could steal\nprivate data from a different website the victim has loaded with Firefox.\n(CVE-2010-3178)\n\nA flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH\nvariable was appending a \".\" character, which could allow a local attacker\nto execute arbitrary code with the privileges of a different user running\nFirefox, if that user ran Firefox from within an attacker-controlled\ndirectory. (CVE-2010-3182)\n\nThis update also provides NSS version 3.12.8 which is required by the\nupdated Firefox version, fixing the following security issues:\n\nIt was found that the SSL DHE (Diffie-Hellman Ephemeral) mode\nimplementation for key exchanges in Firefox accepted DHE keys that were 256\nbits in length. This update removes support for 256 bit DHE keys, as such\nkeys are easily broken using modern hardware. (CVE-2010-3173)\n\nA flaw was found in the way NSS matched SSL certificates when the\ncertificates had a Common Name containing a wildcard and a partial IP\naddress. NSS incorrectly accepted connections to IP addresses that fell\nwithin the SSL certificate's wildcard range as valid SSL connections,\npossibly allowing an attacker to conduct a man-in-the-middle attack.\n(CVE-2010-3170)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.11. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.11, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017093.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017094.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017113.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017114.html\n\n**Affected packages:**\nfirefox\nnss\nnss-devel\nnss-pkcs11-devel\nnss-tools\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0782.html", "published": "2010-10-20T10:29:05", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-October/017093.html", "cvelist": ["CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "lastseen": "2017-10-03T18:25:28"}, {"id": "CESA-2010:0809", "type": "centos", "title": "xulrunner security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0809\n\n\nXULRunner provides the XUL Runtime environment for applications using the\nGecko layout engine.\n\nA race condition flaw was found in the way XULRunner handled Document\nObject Model (DOM) element properties. Malicious HTML content could cause\nan application linked against XULRunner (such as Firefox) to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2010-3765)\n\nFor technical details regarding this flaw, refer to the Mozilla security\nadvisories for Firefox 3.6.12. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll XULRunner users should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing the update,\napplications using XULRunner must be restarted for the changes to take\neffect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017131.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017132.html\n\n**Affected packages:**\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0809.html", "published": "2010-10-28T18:41:34", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-October/017131.html", "cvelist": ["CVE-2010-3765"], "lastseen": "2017-10-03T18:26:16"}, {"id": "CESA-2010:0812", "type": "centos", "title": "thunderbird security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0812\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA race condition flaw was found in the way Thunderbird handled Document\nObject Model (DOM) element properties. An HTML mail message containing\nmalicious content could cause Thunderbird to crash or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2010-3765)\n\nNote: JavaScript support is disabled by default in Thunderbird. The\nCVE-2010-3765 issue is not exploitable unless JavaScript is enabled.\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves this issue. All running instances of Thunderbird must be restarted\nfor the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-November/017133.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-November/017134.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-November/017137.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-November/017138.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0812.html", "published": "2010-11-01T17:24:26", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-November/017133.html", "cvelist": ["CVE-2010-3765"], "lastseen": "2017-10-03T18:24:56"}, {"id": "CESA-2010:0810", "type": "centos", "title": "seamonkey security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0810\n\n\nSeaMonkey is an open source web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nA race condition flaw was found in the way SeaMonkey handled Document\nObject Model (DOM) element properties. A web page containing malicious\ncontent could cause SeaMonkey to crash or, potentially, execute arbitrary\ncode with the privileges of the user running SeaMonkey. (CVE-2010-3765)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthis issue. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017125.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017126.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017129.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017130.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0810.html", "published": "2010-10-28T18:32:32", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-October/017125.html", "cvelist": ["CVE-2010-3765"], "lastseen": "2017-10-03T18:24:38"}, {"id": "CESA-2010:0808", "type": "centos", "title": "firefox security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0808\n\n\nMozilla Firefox is an open source web browser.\n\nA race condition flaw was found in the way Firefox handled Document Object\nModel (DOM) element properties. A web page containing malicious content\ncould cause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2010-3765)\n\nFor technical details regarding this flaw, refer to the Mozilla security\nadvisories for Firefox 3.6.12. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to this updated package, which contains a\nbackported patch to correct this issue. After installing the update,\nFirefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017127.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017128.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0808.html", "published": "2010-10-28T18:36:12", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-October/017127.html", "cvelist": ["CVE-2010-3765"], "lastseen": "2017-10-03T18:24:36"}, {"id": "CESA-2010:0780", "type": "centos", "title": "thunderbird security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0780\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-3176, CVE-2010-3180)\n\nNote: JavaScript support is disabled by default in Thunderbird. The above\nissues are not exploitable unless JavaScript is enabled.\n\nA flaw was found in the script that launches Thunderbird. The\nLD_LIBRARY_PATH variable was appending a \".\" character, which could allow a\nlocal attacker to execute arbitrary code with the privileges of a different\nuser running Thunderbird, if that user ran Thunderbird from within an\nattacker-controlled directory. (CVE-2010-3182)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017091.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017092.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017109.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017110.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2010-0780.html", "published": "2010-10-20T10:21:34", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-October/017091.html", "cvelist": ["CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3182"], "lastseen": "2017-10-03T18:24:32"}], "nessus": [{"id": "ORACLELINUX_ELSA-2010-0781.NASL", "type": "nessus", "title": "Oracle Linux 3 / 4 : seamonkey (ELSA-2010-0781)", "description": "From Red Hat Security Advisory 2010:0781 :\n\nUpdated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nSeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-3176, CVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in SeaMonkey converted text into HTML. A malformed file name on a Gopher server could, when accessed by a victim running SeaMonkey, allow arbitrary JavaScript to be executed in the context of the Gopher domain. (CVE-2010-3177)\n\nA flaw was found in the script that launches SeaMonkey. The LD_LIBRARY_PATH variable was appending a '.' character, which could allow a local attacker to execute arbitrary code with the privileges of a different user running SeaMonkey, if that user ran SeaMonkey from within an attacker-controlled directory. (CVE-2010-3182)\n\nIt was found that the SSL DHE (Diffie-Hellman Ephemeral) mode implementation for key exchanges in SeaMonkey accepted DHE keys that were 256 bits in length. This update removes support for 256 bit DHE keys, as such keys are easily broken using modern hardware.\n(CVE-2010-3173)\n\nA flaw was found in the way SeaMonkey matched SSL certificates when the certificates had a Common Name containing a wildcard and a partial IP address. SeaMonkey incorrectly accepted connections to IP addresses that fell within the SSL certificate's wildcard range as valid SSL connections, possibly allowing an attacker to conduct a man-in-the-middle attack. (CVE-2010-3170)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.", "published": "2013-07-12T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=68120", "cvelist": ["CVE-2010-3177", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3182", "CVE-2010-3170"], "lastseen": "2017-10-29T13:45:17"}, {"id": "REDHAT-RHSA-2010-0781.NASL", "type": "nessus", "title": "RHEL 3 / 4 : seamonkey (RHSA-2010:0781)", "description": "Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nSeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-3176, CVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in SeaMonkey converted text into HTML. A malformed file name on a Gopher server could, when accessed by a victim running SeaMonkey, allow arbitrary JavaScript to be executed in the context of the Gopher domain. (CVE-2010-3177)\n\nA flaw was found in the script that launches SeaMonkey. The LD_LIBRARY_PATH variable was appending a '.' character, which could allow a local attacker to execute arbitrary code with the privileges of a different user running SeaMonkey, if that user ran SeaMonkey from within an attacker-controlled directory. (CVE-2010-3182)\n\nIt was found that the SSL DHE (Diffie-Hellman Ephemeral) mode implementation for key exchanges in SeaMonkey accepted DHE keys that were 256 bits in length. This update removes support for 256 bit DHE keys, as such keys are easily broken using modern hardware.\n(CVE-2010-3173)\n\nA flaw was found in the way SeaMonkey matched SSL certificates when the certificates had a Common Name containing a wildcard and a partial IP address. SeaMonkey incorrectly accepted connections to IP addresses that fell within the SSL certificate's wildcard range as valid SSL connections, possibly allowing an attacker to conduct a man-in-the-middle attack. (CVE-2010-3170)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.", "published": "2010-10-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=50039", "cvelist": ["CVE-2010-3177", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3182", "CVE-2010-3170"], "lastseen": "2017-10-29T13:39:04"}, {"id": "SL_20101019_SEAMONKEY_ON_SL4_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : seamonkey on SL4.x i386/x86_64", "description": "Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-3176, CVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in SeaMonkey converted text into HTML. A malformed file name on a Gopher server could, when accessed by a victim running SeaMonkey, allow arbitrary JavaScript to be executed in the context of the Gopher domain. (CVE-2010-3177)\n\nA flaw was found in the script that launches SeaMonkey. The LD_LIBRARY_PATH variable was appending a '.' character, which could allow a local attacker to execute arbitrary code with the privileges of a different user running SeaMonkey, if that user ran SeaMonkey from within an attacker-controlled directory. (CVE-2010-3182)\n\nIt was found that the SSL DHE (Diffie-Hellman Ephemeral) mode implementation for key exchanges in SeaMonkey accepted DHE keys that were 256 bits in length. This update removes support for 256 bit DHE keys, as such keys are easily broken using modern hardware.\n(CVE-2010-3173)\n\nA flaw was found in the way SeaMonkey matched SSL certificates when the certificates had a Common Name containing a wildcard and a partial IP address. SeaMonkey incorrectly accepted connections to IP addresses that fell within the SSL certificate's wildcard range as valid SSL connections, possibly allowing an attacker to conduct a man-in-the-middle attack. (CVE-2010-3170)\n\nAfter installing the update, SeaMonkey must be restarted for the changes to take effect.", "published": "2012-08-01T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=60872", "cvelist": ["CVE-2010-3177", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3182", "CVE-2010-3170"], "lastseen": "2017-10-29T13:44:29"}, {"id": "CENTOS_RHSA-2010-0781.NASL", "type": "nessus", "title": "CentOS 3 / 4 : seamonkey (CESA-2010:0781)", "description": "Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nSeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-3176, CVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in SeaMonkey converted text into HTML. A malformed file name on a Gopher server could, when accessed by a victim running SeaMonkey, allow arbitrary JavaScript to be executed in the context of the Gopher domain. (CVE-2010-3177)\n\nA flaw was found in the script that launches SeaMonkey. The LD_LIBRARY_PATH variable was appending a '.' character, which could allow a local attacker to execute arbitrary code with the privileges of a different user running SeaMonkey, if that user ran SeaMonkey from within an attacker-controlled directory. (CVE-2010-3182)\n\nIt was found that the SSL DHE (Diffie-Hellman Ephemeral) mode implementation for key exchanges in SeaMonkey accepted DHE keys that were 256 bits in length. This update removes support for 256 bit DHE keys, as such keys are easily broken using modern hardware.\n(CVE-2010-3173)\n\nA flaw was found in the way SeaMonkey matched SSL certificates when the certificates had a Common Name containing a wildcard and a partial IP address. SeaMonkey incorrectly accepted connections to IP addresses that fell within the SSL certificate's wildcard range as valid SSL connections, possibly allowing an attacker to conduct a man-in-the-middle attack. (CVE-2010-3170)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.", "published": "2010-11-24T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=50792", "cvelist": ["CVE-2010-3177", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3182", "CVE-2010-3170"], "lastseen": "2018-07-03T10:16:15"}, {"id": "REDHAT-RHSA-2010-0861.NASL", "type": "nessus", "title": "RHEL 6 : firefox (RHSA-2010:0861)", "description": "Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.\n\nA race condition flaw was found in the way Firefox handled Document Object Model (DOM) element properties. Malicious HTML content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183, CVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in Firefox converted text into HTML. A malformed file name on a Gopher server could, when accessed by a victim running Firefox, allow arbitrary JavaScript to be executed in the context of the Gopher domain. (CVE-2010-3177)\n\nA same-origin policy bypass flaw was found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim had loaded with Firefox. (CVE-2010-3178)\n\nA flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH variable was appending a '.' character, which could allow a local attacker to execute arbitrary code with the privileges of a different user running Firefox, if that user ran Firefox from within an attacker-controlled directory. (CVE-2010-3182)\n\nFor technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.11 and 3.6.12. You can find links to the Mozilla advisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.12, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.", "published": "2010-11-18T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=50633", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "lastseen": "2017-10-29T13:33:54"}, {"id": "DEBIAN_DSA-2124.NASL", "type": "nessus", "title": "Debian DSA-2124-1 : xulrunner - several vulnerabilities", "description": "Several vulnerabilities have been discovered in Xulrunner, the component that provides the core functionality of Iceweasel, Debian's variant of Mozilla's browser technology.\n\nThe Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2010-3765 Xulrunner allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption.\n\n - CVE-2010-3174 CVE-2010-3176 Multiple unspecified vulnerabilities in the browser engine in Xulrunner allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.\n\n - CVE-2010-3177 Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Xulrunner allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server.\n\n - CVE-2010-3178 Xulrunner does not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document.\n\n - CVE-2010-3179 Stack-based buffer overflow in the text-rendering functionality in Xulrunner allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method.\n\n - CVE-2010-3180 Use-after-free vulnerability in the nsBarProp function in Xulrunner allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window.\n\n - CVE-2010-3183 The LookupGetterOrSetter function in Xulrunner does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via a crafted HTML document.\n\nIn addition, this security update includes corrections for regressions caused by the fixes for CVE-2010-0654 and CVE-2010-2769 in DSA-2075-1 and DSA-2106-1.", "published": "2010-11-03T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=50453", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3174", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3183"], "lastseen": "2017-10-29T13:45:40"}, {"id": "FEDORA_2010-16885.NASL", "type": "nessus", "title": "Fedora 12 : firefox-3.5.15-1.fc12 / galeon-2.0.7-27.fc12 / gnome-python2-extras-2.25.3-22.fc12 / etc (2010-16885)", "description": "Update to new upstream Firefox version 3.5.15, fixing multiple security issues detailed in the upstream advisories :\n\n - http://www.mozilla.org/security/known-vulnerabilities/fi refox35.html#firefox3.5.14\n\n - http://www.mozilla.org/security/known-vulnerabilities/ firefox35.html#firefox3.5.15\n\nUpdate also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2010-11-01T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=50422", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "lastseen": "2017-10-29T13:44:57"}, {"id": "FEDORA_2010-16593.NASL", "type": "nessus", "title": "Fedora 13 : firefox-3.6.11-1.fc13 / galeon-2.0.7-34.fc13 / gnome-python2-extras-2.25.3-23.fc13 / etc (2010-16593)", "description": "Update to new upstream Firefox version 3.6.11, fixing multiple security issues detailed in the upstream advisories :\n\nhttp://www.mozilla.org/security/known-vulnerabilities/firefox36.html#f irefox3.6.11\n\nUpdate also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2010-10-28T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=50356", "cvelist": ["CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "lastseen": "2017-10-29T13:41:56"}, {"id": "FEDORA_2010-16897.NASL", "type": "nessus", "title": "Fedora 14 : firefox-3.6.12-1.fc14 / galeon-2.0.7-35.fc14.1 / gnome-python2-extras-2.25.3-25.fc14.1 / etc (2010-16897)", "description": "Update to new upstream Firefox version 3.6.12, fixing multiple security issues detailed in the upstream advisories :\n\n - http://www.mozilla.org/security/known-vulnerabilities/fi refox36.html#firefox3.6.11\n\n - http://www.mozilla.org/security/known-vulnerabilities/ firefox36.html#firefox3.6.12\n\nUpdate also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2010-10-29T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=50403", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "lastseen": "2017-10-29T13:41:55"}, {"id": "UBUNTU_USN-997-1.NASL", "type": "nessus", "title": "Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS / 10.10 : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 vulnerabilities (USN-997-1)", "description": "Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3175, CVE-2010-3176)\n\nAlexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)\n\nRobert Swiecki discovered that Firefox did not properly validate Gopher URLs. If a user were tricked into opening a crafted file via Gopher, an attacker could possibly run arbitrary JavaScript.\n(CVE-2010-3177)\n\nEduardo Vela Nava discovered that Firefox could be made to violate the same-origin policy by using modal calls with JavaScript. An attacker could exploit this to steal information from another site.\n(CVE-2010-3178)\n\nDmitri GribenkoDmitri Gribenko discovered that Firefox did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2010-3182).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2010-10-21T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=50082", "cvelist": ["CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "lastseen": "2017-10-29T13:42:06"}], "redhat": [{"id": "RHSA-2010:0781", "type": "redhat", "title": "(RHSA-2010:0781) Critical: seamonkey security update", "description": "SeaMonkey is an open source web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2010-3176, CVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in SeaMonkey converted text\ninto HTML. A malformed file name on a Gopher server could, when accessed by\na victim running SeaMonkey, allow arbitrary JavaScript to be executed in\nthe context of the Gopher domain. (CVE-2010-3177)\n\nA flaw was found in the script that launches SeaMonkey. The LD_LIBRARY_PATH\nvariable was appending a \".\" character, which could allow a local attacker\nto execute arbitrary code with the privileges of a different user running\nSeaMonkey, if that user ran SeaMonkey from within an attacker-controlled\ndirectory. (CVE-2010-3182)\n\nIt was found that the SSL DHE (Diffie-Hellman Ephemeral) mode\nimplementation for key exchanges in SeaMonkey accepted DHE keys that were\n256 bits in length. This update removes support for 256 bit DHE keys, as\nsuch keys are easily broken using modern hardware. (CVE-2010-3173)\n\nA flaw was found in the way SeaMonkey matched SSL certificates when the\ncertificates had a Common Name containing a wildcard and a partial IP\naddress. SeaMonkey incorrectly accepted connections to IP addresses that\nfell within the SSL certificate's wildcard range as valid SSL connections,\npossibly allowing an attacker to conduct a man-in-the-middle attack.\n(CVE-2010-3170)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n", "published": "2010-10-19T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0781", "cvelist": ["CVE-2010-3170", "CVE-2010-3173", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3180", "CVE-2010-3182"], "lastseen": "2018-05-27T21:43:27"}, {"id": "RHSA-2010:0861", "type": "redhat", "title": "(RHSA-2010:0861) Critical: firefox security update", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nA race condition flaw was found in the way Firefox handled Document Object\nModel (DOM) element properties. Malicious HTML content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Firefox. (CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183,\nCVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in Firefox converted text\ninto HTML. A malformed file name on a Gopher server could, when accessed by\na victim running Firefox, allow arbitrary JavaScript to be executed in the\ncontext of the Gopher domain. (CVE-2010-3177)\n\nA same-origin policy bypass flaw was found in Firefox. An attacker could\ncreate a malicious web page that, when viewed by a victim, could steal\nprivate data from a different website the victim had loaded with Firefox.\n(CVE-2010-3178)\n\nA flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH\nvariable was appending a \".\" character, which could allow a local attacker\nto execute arbitrary code with the privileges of a different user running\nFirefox, if that user ran Firefox from within an attacker-controlled\ndirectory. (CVE-2010-3182)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.11 and 3.6.12. You can find links to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.12, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n", "published": "2010-11-10T05:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0861", "cvelist": ["CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3765"], "lastseen": "2018-06-06T18:05:53"}, {"id": "RHSA-2010:0782", "type": "redhat", "title": "(RHSA-2010:0782) Critical: firefox security update", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox. Network Security Services (NSS) is\na set of libraries designed to support the development of security-enabled\nclient and server applications.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183,\nCVE-2010-3180)\n\nA flaw was found in the way the Gopher parser in Firefox converted text\ninto HTML. A malformed file name on a Gopher server could, when accessed by\na victim running Firefox, allow arbitrary JavaScript to be executed in the\ncontext of the Gopher domain. (CVE-2010-3177)\n\nA same-origin policy bypass flaw was found in Firefox. An attacker could\ncreate a malicious web page that, when viewed by a victim, could steal\nprivate data from a different website the victim has loaded with Firefox.\n(CVE-2010-3178)\n\nA flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH\nvariable was appending a \".\" character, which could allow a local attacker\nto execute arbitrary code with the privileges of a different user running\nFirefox, if that user ran Firefox from within an attacker-controlled\ndirectory. (CVE-2010-3182)\n\nThis update also provides NSS version 3.12.8 which is required by the\nupdated Firefox version, fixing the following security issues:\n\nIt was found that the SSL DHE (Diffie-Hellman Ephemeral) mode\nimplementation for key exchanges in Firefox accepted DHE keys that were 256\nbits in length. This update removes support for 256 bit DHE keys, as such\nkeys are easily broken using modern hardware. (CVE-2010-3173)\n\nA flaw was found in the way NSS matched SSL certificates when the\ncertificates had a Common Name containing a wildcard and a partial IP\naddress. NSS incorrectly accepted connections to IP addresses that fell\nwithin the SSL certificate's wildcard range as valid SSL connections,\npossibly allowing an attacker to conduct a man-in-the-middle attack.\n(CVE-2010-3170)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.11. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.11, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n", "published": "2010-10-19T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0782", "cvelist": ["CVE-2010-3170", "CVE-2010-3173", "CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183"], "lastseen": "2017-09-09T07:19:17"}, {"id": "RHSA-2010:0812", "type": "redhat", "title": "(RHSA-2010:0812) Moderate: thunderbird security update", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nA race condition flaw was found in the way Thunderbird handled Document\nObject Model (DOM) element properties. An HTML mail message containing\nmalicious content could cause Thunderbird to crash or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2010-3765)\n\nNote: JavaScript support is disabled by default in Thunderbird. The\nCVE-2010-3765 issue is not exploitable unless JavaScript is enabled.\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves this issue. All running instances of Thunderbird must be restarted\nfor the update to take effect.\n", "published": "2010-10-28T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0812", "cvelist": ["CVE-2010-3765"], "lastseen": "2017-09-08T08:03:34"}, {"id": "RHSA-2010:0809", "type": "redhat", "title": "(RHSA-2010:0809) Critical: xulrunner security update", "description": "XULRunner provides the XUL Runtime environment for applications using the\nGecko layout engine.\n\nA race condition flaw was found in the way XULRunner handled Document\nObject Model (DOM) element properties. Malicious HTML content could cause\nan application linked against XULRunner (such as Firefox) to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2010-3765)\n\nFor technical details regarding this flaw, refer to the Mozilla security\nadvisories for Firefox 3.6.12. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll XULRunner users should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing the update,\napplications using XULRunner must be restarted for the changes to take\neffect.\n", "published": "2010-10-27T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0809", "cvelist": ["CVE-2010-3765"], "lastseen": "2017-09-09T07:20:40"}, {"id": "RHSA-2010:0808", "type": "redhat", "title": "(RHSA-2010:0808) Critical: firefox security update", "description": "Mozilla Firefox is an open source web browser.\n\nA race condition flaw was found in the way Firefox handled Document Object\nModel (DOM) element properties. A web page containing malicious content\ncould cause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2010-3765)\n\nFor technical details regarding this flaw, refer to the Mozilla security\nadvisories for Firefox 3.6.12. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nAll Firefox users should upgrade to this updated package, which contains a\nbackported patch to correct this issue. After installing the update,\nFirefox must be restarted for the changes to take effect.\n", "published": "2010-10-27T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0808", "cvelist": ["CVE-2010-3765"], "lastseen": "2017-09-09T07:20:36"}, {"id": "RHSA-2010:0810", "type": "redhat", "title": "(RHSA-2010:0810) Critical: seamonkey security update", "description": "SeaMonkey is an open source web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nA race condition flaw was found in the way SeaMonkey handled Document\nObject Model (DOM) element properties. A web page containing malicious\ncontent could cause SeaMonkey to crash or, potentially, execute arbitrary\ncode with the privileges of the user running SeaMonkey. (CVE-2010-3765)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthis issue. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n", "published": "2010-10-27T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0810", "cvelist": ["CVE-2010-3765"], "lastseen": "2018-05-27T21:42:24"}, {"id": "RHSA-2010:0896", "type": "redhat", "title": "(RHSA-2010:0896) Moderate: thunderbird security update", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nA race condition flaw was found in the way Thunderbird handled Document\nObject Model (DOM) element properties. An HTML mail message containing\nmalicious content could cause Thunderbird to crash or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2010-3765)\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179,\nCVE-2010-3180, CVE-2010-3183)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird had loaded. (CVE-2010-3178)\n\nNote: JavaScript support is disabled by default in Thunderbird. The above\nissues are not exploitable unless JavaScript is enabled.\n\nA flaw was found in the script that launches Thunderbird. The\nLD_LIBRARY_PATH variable was appending a \".\" character, which could allow a\nlocal attacker to execute arbitrary code with the privileges of a different\nuser running Thunderbird, if that user ran Thunderbird from within an\nattacker-controlled directory. (CVE-2010-3182)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n", "published": "2010-11-17T05:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0896", "cvelist": ["CVE-2010-3175", "CVE-2010-3176", "CVE-2010-3178", "CVE-2010-3179", "CVE-2010-3180", "CVE-2010-3182", "CVE-2010-3183", "CVE-2010-3765"], "lastseen": "2018-06-12T21:10:38"}, {"id": "RHSA-2010:0780", "type": "redhat", "title": "(RHSA-2010:0780) Moderate: thunderbird security update", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-3176, CVE-2010-3180)\n\nNote: JavaScript support is disabled by default in Thunderbird. The above\nissues are not exploitable unless JavaScript is enabled.\n\nA flaw was found in the script that launches Thunderbird. The\nLD_LIBRARY_PATH variable was appending a \".\" character, which could allow a\nlocal attacker to execute arbitrary code with the privileges of a different\nuser running Thunderbird, if that user ran Thunderbird from within an\nattacker-controlled directory. (CVE-2010-3182)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n", "published": "2010-10-19T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0780", "cvelist": ["CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3182"], "lastseen": "2017-09-09T07:19:41"}, {"id": "RHSA-2010:0862", "type": "redhat", "title": "(RHSA-2010:0862) Low: nss security update", "description": "Network Security Services (NSS) is a set of libraries designed to support\nthe development of security-enabled client and server applications.\n\nA flaw was found in the way NSS matched SSL certificates when the\ncertificates had a Common Name containing a wildcard and a partial IP\naddress. NSS incorrectly accepted connections to IP addresses that fell\nwithin the SSL certificate's wildcard range as valid SSL connections,\npossibly allowing an attacker to conduct a man-in-the-middle attack.\n(CVE-2010-3170)\n\nAll NSS users should upgrade to these updated packages, which provide NSS\nversion 3.12.8 to resolve this issue. After installing the update,\napplications using NSS must be restarted for the changes to take effect.\n", "published": "2010-11-10T05:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0862", "cvelist": ["CVE-2010-3170"], "lastseen": "2018-06-12T21:10:17"}], "debian": [{"id": "DSA-2124", "type": "debian", "title": "xulrunner -- several vulnerabilities", "description": "Several vulnerabilities have been discovered in Xulrunner, the component that provides the core functionality of Iceweasel, Debian's variant of Mozilla's browser technology.\n\nThe Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2010-3765](<https://security-tracker.debian.org/tracker/CVE-2010-3765>)\n\nXulrunner allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption.\n\n * [CVE-2010-3174](<https://security-tracker.debian.org/tracker/CVE-2010-3174>) [CVE-2010-3176](<https://security-tracker.debian.org/tracker/CVE-2010-3176>)\n\nMultiple unspecified vulnerabilities in the browser engine in Xulrunner allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.\n\n * [CVE-2010-3177](<https://security-tracker.debian.org/tracker/CVE-2010-3177>)\n\nMultiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Xulrunner allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server.\n\n * [CVE-2010-3178](<https://security-tracker.debian.org/tracker/CVE-2010-3178>)\n\nXulrunner does not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document.\n\n * [CVE-2010-3179](<https://security-tracker.debian.org/tracker/CVE-2010-3179>)\n\nStack-based buffer overflow in the text-rendering functionality in Xulrunner allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method.\n\n * [CVE-2010-3180](<https://security-tracker.debian.org/tracker/CVE-2010-3180>)\n\nUse-after-free vulnerability in the nsBarProp function in Xulrunner allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window.\n\n * [CVE-2010-3183](<https://security-tracker.debian.org/tracker/CVE-2010-3183>)\n\nThe LookupGetterOrSetter function in Xulrunner does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via a crafted HTML document.\n\nIn addition, this security update includes corrections for regressions caused by the fixes for [CVE-2010-0654](<https://security-tracker.debian.org/tracker/CVE-2010-0654>) and [CVE-2010-2769](<https://security-tracker.debian.org/tracker/CVE-2010-2769>) in DSA-2075-1 and DSA-2106-1.\n\nFor the stable distribution (lenny), these problems have been fixed in version 1.9.0.19-6.\n\nFor the unstable distribution (sid) and the upcoming stable distribution (squeeze), these problems have been fixed in version 3.5.15-1 of the iceweasel package.\n\nWe recommend that you upgrade your Xulrunner packages.", "published": "2010-11-01T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-2124", "cvelist": ["CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3174", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3183"], "lastseen": "2016-09-02T18:27:35"}, {"id": "DSA-2123", "type": "debian", "title": "nss -- several vulnerabilities", "description": "Several vulnerabilities have been discovered in Mozilla's Network Security Services (NSS) library. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2010-3170](<https://security-tracker.debian.org/tracker/CVE-2010-3170>)\n\nNSS recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.\n\n * [CVE-2010-3173](<https://security-tracker.debian.org/tracker/CVE-2010-3173>)\n\nNSS does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.\n\nFor the stable distribution (lenny), these problems have been fixed in version 3.12.3.1-0lenny2.\n\nFor the unstable distribution (sid) and the upcoming stable distribution (squeeze), these problems have been fixed in version 3.12.8-1.\n\nWe recommend that you upgrade your NSS packages.", "published": "2010-11-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-2123", "cvelist": ["CVE-2010-3173", "CVE-2010-3170"], "lastseen": "2016-09-02T18:35:25"}], "ubuntu": [{"id": "USN-997-1", "type": "ubuntu", "title": "Firefox and Xulrunner vulnerabilities", "description": "Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3175, CVE-2010-3176)\n\nAlexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)\n\nRobert Swiecki discovered that Firefox did not properly validate Gopher URLs. If a user were tricked into opening a crafted file via Gopher, an attacker could possibly run arbitrary JavaScript. (CVE-2010-3177)\n\nEduardo Vela Nava discovered that Firefox could be made to violate the same-origin policy by using modal calls with JavaScript. An attacker could exploit this to steal information from another site. (CVE-2010-3178)\n\nDmitri GribenkoDmitri Gribenko discovered that Firefox did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2010-3182)", "published": "2010-10-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/997-1/", "cvelist": ["CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "lastseen": "2018-03-29T18:18:48"}, {"id": "USN-1011-2", "type": "ubuntu", "title": "Thunderbird vulnerability", "description": "USN-1011-1 fixed a vulnerability in Firefox. This update provides the corresponding update for Thunderbird.\n\nOriginal advisory details:\n\nMorten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program.", "published": "2010-10-28T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/1011-2/", "cvelist": ["CVE-2010-3765"], "lastseen": "2018-03-29T18:19:43"}, {"id": "USN-1011-1", "type": "ubuntu", "title": "Firefox vulnerability", "description": "Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program.", "published": "2010-10-28T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/1011-1/", "cvelist": ["CVE-2010-3765"], "lastseen": "2018-03-29T18:17:09"}, {"id": "USN-1011-3", "type": "ubuntu", "title": "Xulrunner vulnerability", "description": "USN-1011-1 fixed a vulnerability in Firefox. This update provides the corresponding update for Xulrunner.\n\nOriginal advisory details:\n\nMorten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program.", "published": "2010-10-29T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/1011-3/", "cvelist": ["CVE-2010-3765"], "lastseen": "2018-03-29T18:20:28"}, {"id": "USN-998-1", "type": "ubuntu", "title": "Thunderbird vulnerabilities", "description": "Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-3175, CVE-2010-3176)\n\nAlexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. If JavaScript were enabled, an attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)\n\nEduardo Vela Nava discovered that Thunderbird could be made to violate the same-origin policy by using modal calls with JavaScript. If JavaScript were enabled, an attacker could exploit this to steal information from another site. (CVE-2010-3178)\n\nDmitri GribenkoDmitri Gribenko discovered that Thunderbird did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2010-3182)", "published": "2010-10-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/998-1/", "cvelist": ["CVE-2010-3178", "CVE-2010-3176", "CVE-2010-3180", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3183"], "lastseen": "2018-03-29T18:17:39"}, {"id": "USN-1007-1", "type": "ubuntu", "title": "NSS vulnerabilities", "description": "Richard Moore discovered that NSS would sometimes incorrectly match an SSL certificate which had a Common Name that used a wildcard followed by a partial IP address. While it is very unlikely that a Certificate Authority would issue such a certificate, if an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2010-3170)\n\nNelson Bolyard discovered a weakness in the Diffie-Hellman Ephemeral mode (DHE) key exchange implementation which allowed servers to use a too small key length. (CVE-2010-3173)", "published": "2010-10-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/1007-1/", "cvelist": ["CVE-2010-3173", "CVE-2010-3170"], "lastseen": "2018-03-29T18:19:03"}], "freebsd": [{"id": "C4F067B9-DC4A-11DF-8E32-000F20797EDE", "type": "freebsd", "title": "mozilla -- multiple vulnerabilities", "description": "\nThe Mozilla Project reports:\n\nMFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14)\nMFSA 2010-65 Buffer overflow and memory corruption using document.write\nMFSA 2010-66 Use-after-free error in nsBarProp\nMFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter\nMFSA 2010-68 XSS in gopher parser when parsing hrefs\nMFSA 2010-69 Cross-site information disclosure via modal calls\nMFSA 2010-70 SSL wildcard certificate matching IP addresses\nMFSA 2010-71 Unsafe library loading vulnerabilities\nMFSA 2010-72 Insecure Diffie-Hellman key exchange\n\n", "published": "2010-10-19T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/c4f067b9-dc4a-11df-8e32-000f20797ede.html", "cvelist": ["CVE-2010-3177", "CVE-2010-3178", "CVE-2010-3181", "CVE-2010-3176", "CVE-2010-3174", "CVE-2010-3180", "CVE-2010-3173", "CVE-2010-3179", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183"], "lastseen": "2016-09-26T17:24:47"}, {"id": "C223B00D-E272-11DF-8E32-000F20797EDE", "type": "freebsd", "title": "mozilla -- Heap buffer overflow mixing document.write and DOM insertion", "description": "\nThe Mozilla Project reports:\n\nMFSA 2010-73 Heap buffer overflow mixing document.write and DOM insertion\n\n", "published": "2010-10-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/c223b00d-e272-11df-8e32-000f20797ede.html", "cvelist": ["CVE-2010-3765"], "lastseen": "2016-09-26T17:24:47"}], "suse": [{"id": "SUSE-SA:2010:056", "type": "suse", "title": "remote code execution in MozillaFirefox,seamonkey,MozillaThunderbird", "description": "Various Mozilla suite components, including Firefox, were updated to fix various bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2010-11-08T11:27:17", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00003.html", "cvelist": ["CVE-2010-2762", "CVE-2010-2766", "CVE-2010-3131", "CVE-2010-2770", "CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3169", "CVE-2010-3176", "CVE-2010-3174", "CVE-2010-2763", "CVE-2010-3167", "CVE-2010-3180", "CVE-2010-2753", "CVE-2010-3168", "CVE-2010-2764", "CVE-2010-3166", "CVE-2010-2769", "CVE-2010-3179", "CVE-2010-2768", "CVE-2010-2765", "CVE-2010-2767", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183", "CVE-2010-2760"], "lastseen": "2016-09-04T11:57:58"}, {"id": "OPENSUSE-SU-2014:1100-1", "type": "suse", "title": "Firefox update to 31.1esr (important)", "description": "This patch contains security updates for\n\n * mozilla-nss 3.16.4\n - The following 1024-bit root CA certificate was restored to allow more\n time to develop a better transition strategy for affected sites. It\n was removed in NSS 3.16.3, but discussion in the\n mozilla.dev.security.policy forum led to the decision to keep this\n root included longer in order to give website administrators more time\n to update their web servers.\n - CN = GTE CyberTrust Global Root\n * In NSS 3.16.3, the 1024-bit "Entrust.net Secure Server Certification\n Authority" root CA certificate was removed. In NSS 3.16.4, a 2048-bit\n intermediate CA certificate has been included, without explicit trust.\n The intention is to mitigate the effects of the previous removal of\n the 1024-bit Entrust.net root certificate, because many public\n Internet sites still use the "USERTrust Legacy Secure Server CA"\n intermediate certificate that is signed by the 1024-bit Entrust.net\n root certificate. The inclusion of the intermediate certificate is a\n temporary measure to allow those sites to function, by allowing them\n to find a trust path to another 2048-bit root CA certificate. The\n temporarily included intermediate certificate expires November 1, 2015.\n\n * Firefox 31.1esr Firefox is updated from 24esr to 31esr as maintenance\n for version 24 stopped\n\n", "published": "2014-09-09T18:04:16", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00004.html", "cvelist": ["CVE-2012-1945", "CVE-2011-3648", "CVE-2014-1505", "CVE-2014-1536", "CVE-2011-0061", "CVE-2011-0077", "CVE-2014-1513", "CVE-2012-0478", "CVE-2012-4193", "CVE-2012-0442", "CVE-2013-5601", "CVE-2013-1687", "CVE-2013-5612", "CVE-2013-1692", "CVE-2010-0654", "CVE-2012-1962", "CVE-2013-0743", "CVE-2012-0443", "CVE-2012-5842", "CVE-2012-4212", "CVE-2013-5595", "CVE-2010-0176", "CVE-2014-1530", "CVE-2011-0083", "CVE-2010-1203", "CVE-2013-1737", "CVE-2012-4214", "CVE-2008-1236", "CVE-2013-5611", "CVE-2012-1970", "CVE-2008-3835", "CVE-2013-1709", "CVE-2007-3738", "CVE-2012-3989", "CVE-2013-5616", "CVE-2013-1678", "CVE-2010-2762", "CVE-2012-5830", "CVE-2013-0763", "CVE-2014-1510", "CVE-2011-3026", "CVE-2012-0460", "CVE-2013-5613", "CVE-2012-1973", "CVE-2014-1522", "CVE-2011-3654", "CVE-2014-1567", "CVE-2012-1974", "CVE-2010-2766", "CVE-2012-4195", "CVE-2012-3986", "CVE-2013-0783", "CVE-2007-3734", "CVE-2011-2371", "CVE-2014-1481", "CVE-2013-1670", "CVE-2012-4185", "CVE-2010-3777", "CVE-2012-3991", "CVE-2013-1719", "CVE-2012-3968", "CVE-2013-1725", "CVE-2012-3963", "CVE-2014-1539", "CVE-2010-0174", "CVE-2012-0452", "CVE-2013-1735", "CVE-2012-1956", "CVE-2014-1487", "CVE-2012-3978", "CVE-2012-3985", "CVE-2013-0746", "CVE-2012-5829", "CVE-2009-1571", "CVE-2012-1944", "CVE-2012-5838", "CVE-2011-2986", "CVE-2010-1205", "CVE-2014-1538", "CVE-2012-4213", "CVE-2013-1685", "CVE-2012-0479", "CVE-2013-5609", "CVE-2007-3737", "CVE-2013-0766", "CVE-2007-3736", "CVE-2012-1940", "CVE-2013-1697", "CVE-2014-1484", "CVE-2014-1525", "CVE-2012-3993", "CVE-2013-5619", "CVE-2012-5837", "CVE-2008-5500", "CVE-2012-5836", "CVE-2014-1509", "CVE-2009-0772", "CVE-2013-0787", "CVE-2012-3995", "CVE-2012-4201", "CVE-2010-0159", "CVE-2009-0773", "CVE-2011-3659", "CVE-2011-3663", "CVE-2014-1494", "CVE-2014-1559", "CVE-2013-0747", "CVE-2012-0470", "CVE-2012-0446", "CVE-2008-4063", "CVE-2014-1537", "CVE-2013-1694", "CVE-2014-1523", "CVE-2012-1972", "CVE-2010-1200", "CVE-2010-0175", "CVE-2012-3988", "CVE-2012-0457", "CVE-2010-3778", "CVE-2012-3994", "CVE-2013-5615", "CVE-2013-1680", "CVE-2012-3962", "CVE-2012-0459", "CVE-2011-2362", "CVE-2014-1529", "CVE-2013-1724", "CVE-2010-1213", "CVE-2013-5597", "CVE-2012-5843", "CVE-2014-1543", "CVE-2014-1486", "CVE-2011-0085", "CVE-2013-5590", "CVE-2008-5510", "CVE-2011-0080", "CVE-2013-0780", "CVE-2008-5502", "CVE-2010-3765", "CVE-2013-1732", "CVE-2013-0744", "CVE-2013-0795", "CVE-2008-1237", "CVE-2013-1720", "CVE-2008-4070", "CVE-2013-0748", "CVE-2012-4183", "CVE-2010-3178", "CVE-2013-1679", "CVE-2007-3285", "CVE-2013-5610", "CVE-2013-0768", "CVE-2011-3661", "CVE-2012-4181", "CVE-2014-1532", "CVE-2013-6671", "CVE-2009-0040", "CVE-2011-3652", "CVE-2013-0755", "CVE-2008-4067", "CVE-2014-1548", "CVE-2011-2364", "CVE-2014-1531", "CVE-2013-0752", "CVE-2012-4186", "CVE-2014-1508", "CVE-2012-1948", "CVE-2008-5012", "CVE-2012-1938", "CVE-2013-0796", "CVE-2012-0449", "CVE-2010-3769", "CVE-2012-3969", "CVE-2014-1502", "CVE-2013-1723", "CVE-2013-0782", "CVE-2012-1953", "CVE-2012-1949", "CVE-2014-1542", "CVE-2012-0456", "CVE-2011-2372", "CVE-2010-3169", "CVE-2012-3970", "CVE-2011-0053", "CVE-2012-5840", "CVE-2010-3176", "CVE-2012-4191", "CVE-2010-3174", "CVE-2010-3768", "CVE-2014-1477", "CVE-2013-0800", "CVE-2010-1212", "CVE-2013-1681", "CVE-2010-1211", "CVE-2010-1121", "CVE-2013-0773", "CVE-2013-0754", "CVE-2010-3167", "CVE-2012-4202", "CVE-2010-3180", "CVE-2012-3957", "CVE-2011-3660", "CVE-2014-1540", "CVE-2014-1534", "CVE-2012-1941", "CVE-2013-1738", "CVE-2014-1482", "CVE-2014-1479", "CVE-2008-4066", "CVE-2008-5018", "CVE-2012-3984", "CVE-2014-1504", "CVE-2012-0444", "CVE-2011-3650", "CVE-2014-1511", "CVE-2010-2753", "CVE-2012-1946", "CVE-2010-3776", "CVE-2012-4182", "CVE-2008-1233", "CVE-2012-4187", "CVE-2012-3983", "CVE-2011-0062", "CVE-2008-0016", "CVE-2011-3101", "CVE-2010-3168", "CVE-2013-0788", "CVE-2013-1728", "CVE-2014-1545", "CVE-2010-0173", "CVE-2012-0472", "CVE-2013-5592", "CVE-2013-1730", "CVE-2008-4059", "CVE-2010-2764", "CVE-2014-1492", "CVE-2011-0081", "CVE-2009-0771", "CVE-2007-3670", "CVE-2012-1954", "CVE-2009-0774", "CVE-2014-1556", "CVE-2012-0461", "CVE-2011-2376", "CVE-2012-3958", "CVE-2012-0469", "CVE-2014-1563", "CVE-2014-1524", "CVE-2014-1512", "CVE-2012-1975", "CVE-2011-0075", "CVE-2013-1690", "CVE-2012-0464", "CVE-2013-0775", "CVE-2012-1967", "CVE-2013-5604", "CVE-2014-1514", "CVE-2010-3166", "CVE-2011-0074", "CVE-2013-0801", "CVE-2012-3956", "CVE-2010-2769", "CVE-2012-3982", "CVE-2009-3555", "CVE-2013-1714", "CVE-2011-2989", "CVE-2010-1196", "CVE-2008-5021", "CVE-2008-5017", "CVE-2013-0769", "CVE-2012-3966", "CVE-2013-0771", "CVE-2014-1490", "CVE-2012-5839", "CVE-2013-0757", "CVE-2014-1498", "CVE-2012-1961", "CVE-2010-3173", "CVE-2012-4216", "CVE-2008-4062", "CVE-2010-3179", "CVE-2010-0182", "CVE-2014-1565", "CVE-2012-3967", "CVE-2013-0749", "CVE-2011-3651", "CVE-2008-4060", "CVE-2007-3656", "CVE-2008-1234", "CVE-2012-1951", "CVE-2012-0475", "CVE-2014-1555", "CVE-2014-1564", "CVE-2012-1952", "CVE-2010-1201", "CVE-2013-0761", "CVE-2013-1669", "CVE-2010-1585", "CVE-2012-3959", "CVE-2012-0455", "CVE-2014-1558", "CVE-2011-0084", "CVE-2012-0759", "CVE-2007-3089", "CVE-2014-1519", "CVE-2013-1701", "CVE-2012-0474", "CVE-2012-3975", "CVE-2010-2768", "CVE-2008-5014", "CVE-2013-1684", "CVE-2008-4058", "CVE-2012-4184", "CVE-2012-0447", "CVE-2014-1547", "CVE-2011-3232", "CVE-2012-4205", "CVE-2014-1480", "CVE-2014-1500", "CVE-2011-0069", "CVE-2013-6630", "CVE-2008-5022", "CVE-2008-5512", "CVE-2014-1497", "CVE-2013-5596", "CVE-2012-3992", "CVE-2008-1235", "CVE-2013-1676", "CVE-2013-0789", "CVE-2008-5501", "CVE-2008-4068", "CVE-2008-5016", "CVE-2013-1675", "CVE-2014-1478", "CVE-2012-3980", "CVE-2008-5503", "CVE-2011-2374", "CVE-2012-1955", "CVE-2012-1960", "CVE-2012-0445", "CVE-2012-0462", "CVE-2012-4217", "CVE-2013-1686", "CVE-2013-0745", "CVE-2013-0756", "CVE-2012-4218", "CVE-2013-0760", "CVE-2011-2377", "CVE-2014-1485", "CVE-2014-1493", "CVE-2007-3735", "CVE-2011-3000", "CVE-2010-2765", "CVE-2014-1544", "CVE-2010-2767", "CVE-2011-0078", "CVE-2012-3960", "CVE-2010-3175", "CVE-2012-0451", "CVE-2011-3655", "CVE-2012-4180", "CVE-2013-0767", "CVE-2010-3182", "CVE-2009-0776", "CVE-2013-5603", "CVE-2012-1959", "CVE-2011-2363", "CVE-2011-0070", "CVE-2013-1682", "CVE-2012-1947", "CVE-2013-6673", "CVE-2013-1674", "CVE-2013-0762", "CVE-2014-1562", "CVE-2010-3170", "CVE-2011-3005", "CVE-2012-4208", "CVE-2011-3658", "CVE-2014-1541", "CVE-2011-2373", "CVE-2008-5511", "CVE-2011-2992", "CVE-2014-1488", "CVE-2012-1957", "CVE-2012-1958", "CVE-2008-4064", "CVE-2012-1976", "CVE-2011-1187", "CVE-2012-5835", "CVE-2014-1552", "CVE-2010-3183", "CVE-2010-1202", "CVE-2012-0468", "CVE-2013-5599", "CVE-2014-1553", "CVE-2014-1549", "CVE-2013-1713", "CVE-2008-5508", "CVE-2012-3972", "CVE-2012-4207", "CVE-2011-2988", "CVE-2008-4061", "CVE-2013-5591", "CVE-2010-1199", "CVE-2012-4204", "CVE-2013-5602", "CVE-2011-2985", "CVE-2012-4192", "CVE-2011-2987", "CVE-2012-4188", "CVE-2012-0441", "CVE-2013-0774", "CVE-2008-5024", "CVE-2013-0753", "CVE-2012-5833", "CVE-2014-1557", "CVE-2013-1736", "CVE-2014-1526", "CVE-2013-0776", "CVE-2012-3964", "CVE-2013-5593", "CVE-2014-1550", "CVE-2013-1718", "CVE-2012-5841", "CVE-2014-1533", "CVE-2013-1717", "CVE-2010-2754", "CVE-2008-5507", "CVE-2012-3990", "CVE-2014-1491", "CVE-2013-6672", "CVE-2013-5614", "CVE-2008-4065", "CVE-2013-1693", "CVE-2010-2760", "CVE-2013-0750", "CVE-2012-1937", "CVE-2014-1560", "CVE-2012-4215", "CVE-2013-6629", "CVE-2012-0463", "CVE-2013-1677", "CVE-2011-2991", "CVE-2013-0770", "CVE-2013-0793", "CVE-2012-4179", "CVE-2011-3001", "CVE-2014-1483", "CVE-2014-1489", "CVE-2011-3062", "CVE-2012-0477", "CVE-2013-1722", "CVE-2012-0473", "CVE-2012-4194", "CVE-2011-2365", "CVE-2012-4209", "CVE-2012-1963", "CVE-2012-4196", "CVE-2008-5506", "CVE-2013-1710", "CVE-2012-0467", "CVE-2012-0458", "CVE-2013-0758", "CVE-2013-5600", "CVE-2010-2752", "CVE-2014-1499", "CVE-2014-1518", "CVE-2012-0471", "CVE-2012-3961", "CVE-2014-1561", "CVE-2012-3971", "CVE-2013-0764", "CVE-2014-1528", "CVE-2013-5618", "CVE-2011-0072"], "lastseen": "2016-09-04T12:21:58"}], "gentoo": [{"id": "GLSA-201301-01", "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the \u2018Mozilla Application Suite\u2019. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications such as Firefox and Thunderbird. NSS is Mozilla\u2019s Network Security Services library that implements PKI support. IceCat is the GNU version of Firefox. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL\u2019s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser\u2019s font, conduct clickjacking attacks, or have other unspecified impact. \n\nA local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nAll users of the Mozilla Firefox binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nAll users of the Mozilla Thunderbird binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nAll Mozilla SeaMonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.14-r1\"\n \n\nAll users of the Mozilla SeaMonkey binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.14\"\n \n\nAll NSS users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nss-3.14\"\n \n\nThe \u201cwww-client/mozilla-firefox\u201d package has been merged into the \u201cwww-client/firefox\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox\u201d and then emerge the latest \u201cwww-client/firefox\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nThe \u201cwww-client/mozilla-firefox-bin\u201d package has been merged into the \u201cwww-client/firefox-bin\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox-bin\u201d and then emerge the latest \u201cwww-client/firefox-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox-bin\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird\u201d package has been merged into the \u201cmail-client/thunderbird\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird\u201d and then emerge the latest \u201cmail-client/thunderbird\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird\"\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird-bin\u201d package has been merged into the \u201cmail-client/thunderbird-bin\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird-bin\u201d and then emerge the latest \u201cmail-client/thunderbird-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird-bin\"\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nGentoo discontinued support for GNU IceCat. We recommend that users unmerge GNU IceCat: \n \n \n # emerge --unmerge \"www-client/icecat\"\n \n\nGentoo discontinued support for XULRunner. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner\"\n \n\nGentoo discontinued support for the XULRunner binary package. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner-bin\"", "published": "2013-01-08T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201301-01", "cvelist": ["CVE-2012-1945", "CVE-2011-3648", "CVE-2009-0355", "CVE-2011-0061", "CVE-2011-0077", "CVE-2012-0478", "CVE-2012-4193", "CVE-2011-1202", "CVE-2012-0442", "CVE-2010-3772", "CVE-2011-0071", "CVE-2009-2470", "CVE-2010-0654", "CVE-2009-3388", "CVE-2012-1962", "CVE-2012-0443", "CVE-2011-3866", "CVE-2011-0068", "CVE-2012-5842", "CVE-2012-4212", "CVE-2009-2477", "CVE-2009-1563", "CVE-2010-0176", "CVE-2011-3640", "CVE-2011-0083", "CVE-2010-1203", "CVE-2009-3076", "CVE-2012-1970", "CVE-2009-3389", "CVE-2008-3835", "CVE-2012-3989", "CVE-2010-2762", "CVE-2012-5830", "CVE-2012-4210", "CVE-2009-1305", "CVE-2011-3026", "CVE-2009-3979", "CVE-2011-2370", "CVE-2012-0460", "CVE-2012-1973", "CVE-2009-3376", "CVE-2011-2369", "CVE-2011-2998", "CVE-2011-3654", "CVE-2011-2605", "CVE-2009-1833", "CVE-2010-0165", "CVE-2012-1974", "CVE-2010-0220", "CVE-2010-2766", "CVE-2011-2993", "CVE-2012-4195", "CVE-2010-0168", "CVE-2012-3986", "CVE-2010-0160", "CVE-2009-1169", "CVE-2011-2371", "CVE-2009-3379", "CVE-2012-4185", "CVE-2010-3777", "CVE-2012-3991", "CVE-2012-5354", "CVE-2012-4206", "CVE-2009-3071", "CVE-2012-3968", "CVE-2010-1214", "CVE-2012-3963", "CVE-2010-0174", "CVE-2010-0172", "CVE-2009-2535", "CVE-2012-0452", "CVE-2009-1312", "CVE-2012-1956", "CVE-2012-3978", "CVE-2012-3985", "CVE-2011-2995", "CVE-2012-5829", "CVE-2009-1571", "CVE-2008-5505", "CVE-2012-5838", "CVE-2011-2986", "CVE-2010-1205", "CVE-2009-2210", "CVE-2009-2478", "CVE-2008-6961", "CVE-2012-0479", "CVE-2012-0450", "CVE-2012-1940", "CVE-2012-3993", "CVE-2008-5500", "CVE-2012-5836", "CVE-2009-3274", "CVE-2010-1125", "CVE-2009-0772", "CVE-2012-3995", "CVE-2012-4201", "CVE-2010-0159", "CVE-2009-0773", "CVE-2011-3659", "CVE-2011-3663", "CVE-2010-3131", "CVE-2012-0470", "CVE-2012-0446", "CVE-2008-4063", "CVE-2012-3976", "CVE-2012-1972", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-0170", "CVE-2012-3988", "CVE-2012-0457", "CVE-2010-3778", "CVE-2012-3994", "CVE-2007-2436", "CVE-2012-3962", "CVE-2010-2770", "CVE-2010-3774", "CVE-2012-0459", "CVE-2011-2362", "CVE-2009-1304", "CVE-2010-1213", "CVE-2010-3177", "CVE-2012-5843", "CVE-2009-1835", "CVE-2011-0085", "CVE-2009-0352", "CVE-2009-3984", "CVE-2009-3380", "CVE-2008-5510", "CVE-2011-0080", "CVE-2012-1950", "CVE-2008-5502", "CVE-2009-3981", "CVE-2010-3765", "CVE-2010-0167", "CVE-2009-3373", "CVE-2009-3980", "CVE-2008-4070", "CVE-2012-4183", "CVE-2010-3178", "CVE-2012-1994", "CVE-2011-3661", "CVE-2009-3383", "CVE-2012-4181", "CVE-2011-3652", "CVE-2009-1311", "CVE-2011-1712", "CVE-2008-4067", "CVE-2010-1210", "CVE-2011-2364", "CVE-2009-2469", "CVE-2011-0073", "CVE-2010-1197", "CVE-2010-1207", "CVE-2009-0652", "CVE-2012-4186", "CVE-2012-1948", "CVE-2008-5012", "CVE-2011-2982", "CVE-2012-1938", "CVE-2012-0449", "CVE-2010-3769", "CVE-2012-3969", "CVE-2009-1838", "CVE-2012-1953", "CVE-2008-5013", "CVE-2012-1949", "CVE-2012-0456", "CVE-2011-2372", "CVE-2010-3773", "CVE-2009-1309", "CVE-2011-0079", "CVE-2010-3169", "CVE-2009-2662", "CVE-2012-3970", "CVE-2011-2997", "CVE-2011-0053", "CVE-2009-1832", "CVE-2012-5840", "CVE-2010-3176", "CVE-2012-4191", "CVE-2010-3174", "CVE-2012-1966", "CVE-2010-3768", "CVE-2009-3372", "CVE-2010-2763", "CVE-2011-0066", "CVE-2010-1212", "CVE-2009-1837", "CVE-2010-1206", "CVE-2010-1211", "CVE-2009-2464", "CVE-2011-2990", "CVE-2010-1121", "CVE-2009-0356", "CVE-2011-3389", "CVE-2010-0164", "CVE-2008-3836", "CVE-2010-3167", "CVE-2012-4202", "CVE-2007-2671", "CVE-2011-2984", "CVE-2010-3180", "CVE-2012-3957", "CVE-2011-3660", "CVE-2009-3986", "CVE-2012-1941", "CVE-2009-2408", "CVE-2010-3399", "CVE-2009-2665", "CVE-2008-4066", "CVE-2008-5018", "CVE-2009-3978", "CVE-2012-3984", "CVE-2009-0354", "CVE-2009-3079", "CVE-2011-0056", "CVE-2012-0444", "CVE-2011-3650", "CVE-2010-2753", "CVE-2012-1946", "CVE-2010-3776", "CVE-2010-1215", "CVE-2012-4182", "CVE-2011-2980", "CVE-2012-4187", "CVE-2008-4069", "CVE-2010-0166", "CVE-2011-3647", "CVE-2011-0065", "CVE-2011-0062", "CVE-2008-0016", "CVE-2009-0358", "CVE-2011-3101", "CVE-2010-3168", "CVE-2010-0173", "CVE-2009-1044", "CVE-2008-5513", "CVE-2008-4059", "CVE-2010-2764", "CVE-2011-0081", "CVE-2009-0771", "CVE-2009-1392", "CVE-2008-5504", "CVE-2008-5019", "CVE-2012-1954", "CVE-2009-0774", "CVE-2009-3375", "CVE-2012-0461", "CVE-2011-2376", "CVE-2009-2472", "CVE-2012-3958", "CVE-2009-0071", "CVE-2008-5023", "CVE-2012-0469", "CVE-2010-3171", "CVE-2009-3072", "CVE-2012-3973", "CVE-2008-5822", "CVE-2012-1975", "CVE-2011-0075", "CVE-2012-0464", "CVE-2012-1967", "CVE-2011-3653", "CVE-2010-0648", "CVE-2010-0178", "CVE-2010-3166", "CVE-2010-0177", "CVE-2011-0074", "CVE-2012-3956", "CVE-2010-2769", "CVE-2011-3649", "CVE-2012-3982", "CVE-2009-3555", "CVE-2011-2989", "CVE-2010-1196", "CVE-2008-3837", "CVE-2009-0357", "CVE-2008-5021", "CVE-2008-5017", "CVE-2012-3966", "CVE-2012-5839", "CVE-2011-2378", "CVE-2009-1308", "CVE-2010-3775", "CVE-2009-2467", "CVE-2012-1961", "CVE-2010-5074", "CVE-2011-2996", "CVE-2010-3173", "CVE-2012-4216", "CVE-2008-4062", "CVE-2010-3179", "CVE-2010-0182", "CVE-2012-3967", "CVE-2011-3651", "CVE-2008-4060", "CVE-2010-0181", "CVE-2012-1951", "CVE-2012-0475", "CVE-2012-3965", "CVE-2012-1952", "CVE-2010-1201", "CVE-2011-4688", "CVE-2009-1306", "CVE-2010-1585", "CVE-2009-2479", "CVE-2012-3959", "CVE-2012-0455", "CVE-2009-0777", "CVE-2010-2755", "CVE-2011-0084", "CVE-2011-0051", "CVE-2010-3767", "CVE-2012-1939", "CVE-2009-1834", "CVE-2010-3771", "CVE-2010-0183", "CVE-2012-0474", "CVE-2012-3975", "CVE-2010-2768", "CVE-2008-5014", "CVE-2008-0367", "CVE-2008-4058", "CVE-2011-3002", "CVE-2012-4184", "CVE-2011-0057", "CVE-2012-0447", "CVE-2011-3232", "CVE-2008-5913", "CVE-2007-3073", "CVE-2012-4205", "CVE-2010-2751", "CVE-2009-1836", "CVE-2011-0069", "CVE-2008-5022", "CVE-2008-5512", "CVE-2012-3992", "CVE-2009-3374", "CVE-2008-5501", "CVE-2008-4068", "CVE-2008-5016", "CVE-2011-3004", "CVE-2012-3980", "CVE-2008-5503", "CVE-2011-2374", "CVE-2012-1955", "CVE-2009-1839", "CVE-2012-1960", "CVE-2012-0445", "CVE-2009-3074", "CVE-2012-1965", "CVE-2011-3670", "CVE-2012-0462", "CVE-2010-1028", "CVE-2010-0162", "CVE-2011-2377", "CVE-2009-2463", "CVE-2009-2061", "CVE-2009-3070", "CVE-2012-3977", "CVE-2011-3000", "CVE-2010-2765", "CVE-2009-3069", "CVE-2010-0171", "CVE-2010-2767", "CVE-2009-0353", "CVE-2011-0078", "CVE-2012-3960", "CVE-2010-3175", "CVE-2009-0775", "CVE-2012-0451", "CVE-2011-3655", "CVE-2012-4180", "CVE-2009-2044", "CVE-2010-3182", "CVE-2009-0776", "CVE-2009-3371", "CVE-2009-3377", "CVE-2012-1959", "CVE-2011-2363", "CVE-2009-3075", "CVE-2010-0163", "CVE-2010-1208", "CVE-2011-0070", "CVE-2012-1947", "CVE-2009-1841", "CVE-2010-3170", "CVE-2011-3005", "CVE-2011-0059", "CVE-2012-1971", "CVE-2009-3983", "CVE-2012-4208", "CVE-2009-3987", "CVE-2011-3658", "CVE-2011-2373", "CVE-2008-5511", "CVE-2012-1957", "CVE-2012-1958", "CVE-2011-0054", "CVE-2012-4190", "CVE-2008-4064", "CVE-2012-1976", "CVE-2011-1187", "CVE-2012-5835", "CVE-2010-3183", "CVE-2009-2654", "CVE-2010-1202", "CVE-2012-0468", "CVE-2009-3982", "CVE-2009-3985", "CVE-2009-2065", "CVE-2009-1313", "CVE-2009-3382", "CVE-2008-5508", "CVE-2012-3972", "CVE-2012-4207", "CVE-2011-2988", "CVE-2010-3770", "CVE-2008-4061", "CVE-2010-1199", "CVE-2012-4204", "CVE-2008-0017", "CVE-2009-3988", "CVE-2010-3400", "CVE-2009-1302", "CVE-2011-2985", "CVE-2009-2466", "CVE-2012-4192", "CVE-2011-0058", "CVE-2011-2987", "CVE-2012-4188", "CVE-2012-0441", "CVE-2008-5024", "CVE-2011-0076", "CVE-2007-2437", "CVE-2012-5833", "CVE-2011-2999", "CVE-2012-3964", "CVE-2012-5841", "CVE-2010-0179", "CVE-2010-1209", "CVE-2010-2754", "CVE-2008-5507", "CVE-2009-2471", "CVE-2012-3990", "CVE-2011-2375", "CVE-2010-1198", "CVE-2008-4065", "CVE-2009-1840", "CVE-2011-3665", "CVE-2009-3381", "CVE-2011-0067", "CVE-2010-2760", "CVE-2012-1937", "CVE-2012-4215", "CVE-2009-2043", "CVE-2009-1307", "CVE-2009-2664", "CVE-2012-0463", "CVE-2010-4508", "CVE-2009-1310", "CVE-2009-3077", "CVE-2011-3003", "CVE-2011-2991", "CVE-2008-5015", "CVE-2011-0082", "CVE-2011-2983", "CVE-2012-4179", "CVE-2008-4582", "CVE-2011-3001", "CVE-2012-1964", "CVE-2009-2462", "CVE-2009-3378", "CVE-2011-3062", "CVE-2009-1303", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-4194", "CVE-2011-2365", "CVE-2012-4209", "CVE-2012-1963", "CVE-2012-4196", "CVE-2008-5506", "CVE-2009-2404", "CVE-2009-2465", "CVE-2012-0467", "CVE-2011-2981", "CVE-2012-0458", "CVE-2010-0169", "CVE-2010-2752", "CVE-2009-3078", "CVE-2012-0471", "CVE-2012-3961", "CVE-2010-3766", "CVE-2012-3971", "CVE-2008-5052", "CVE-2011-0055", "CVE-2009-1828", "CVE-2011-0072"], "lastseen": "2016-09-06T19:46:13"}], "seebug": [{"id": "SSV:20209", "type": "seebug", "title": "Firefox Memory Corruption Proof of Concept (Simplified)", "description": "No description provided by source.", "published": "2010-10-29T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-20209", "cvelist": ["CVE-2010-3765"], "lastseen": "2017-11-19T18:07:22"}, {"id": "SSV:20217", "type": "seebug", "title": "Mozilla Firefox document.write()\u65b9\u5f0f\u5806\u6ea2\u51fa\u6f0f\u6d1e", "description": "BUGTRAQ ID: 44425\r\nCVE ID: CVE-2010-3765\r\n\r\nFirefox\u662f\u4e00\u6b3e\u975e\u5e38\u6d41\u884c\u7684\u5f00\u6e90WEB\u6d4f\u89c8\u5668\u3002\r\n\r\n\u5728\u542f\u7528\u4e86JavaScript\u7684\u60c5\u51b5\u4e0b\uff0cFirefox\u7684document.write()\u65b9\u5f0f\u5904\u7406\u7ed3\u5408DOM\u6ce8\u5165\u53ef\u80fd\u89e6\u53d1\u5806\u6ea2\u51fa\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7 nsCSSFrameConstructor::ContentAppended\u3001appendChild\u7b49\u65b9\u5f0f\u89e6\u53d1\u8fd9\u4e2a\u6f0f\u6d1e\uff0c\u5bfc\u81f4\u5b8c\u5168\u5165\u4fb5\u7528\u6237\u7cfb\u7edf\u3002\n\nMozilla Firefox 3.6.x\r\nMozilla Firefox 3.5.x\r\nMozilla Thunderbird 3.1.x\r\nMozilla Thunderbird 3.0.x\r\nMozilla SeaMonkey < 2.0.10\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMozilla\r\n-------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.mozilla.org/\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2010:0808-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2010:0808-01\uff1aCritical: firefox security update\r\n\u94fe\u63a5\uff1ahttps://www.redhat.com/support/errata/RHSA-2010-0808.html", "published": "2010-11-01T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-20217", "cvelist": ["CVE-2010-3765"], "lastseen": "2017-11-19T18:07:36"}, {"id": "SSV:20203", "type": "seebug", "title": "Mozilla Firefox Modal\u8c03\u7528\u8de8\u57df\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e", "description": "BUGTRAQ ID: 44252\r\nCVE(CAN) ID: CVE-2010-3178\r\n\r\nFirefox\u662f\u4e00\u6b3e\u975e\u5e38\u6d41\u884c\u7684\u5f00\u6e90WEB\u6d4f\u89c8\u5668\u3002\r\n\r\n\u5982\u679c\u7f51\u9875\u6253\u5f00\u4e86\u65b0\u7684\u7a97\u53e3\u5e76\u4f7f\u7528javascript: URL\u6267\u884cmodal\u8c03\u7528\uff0c\u5982alert()\uff0c\u4e14\u4e4b\u540e\u5c06\u7f51\u9875\u5bfc\u822a\u5230\u4e86\u4e0d\u540c\u7684\u57df\uff0c\u5219modal\u8c03\u7528\u8fd4\u56de\u5230\u7a97\u53e3\u7684\u6253\u5f00\u7a0b\u5e8f\u5c31\u53ef\u4ee5\u8bbf\u95ee\u6240\u5bfc\u822a\u5230\u7a97\u53e3\u4e2d\u7684\u5bf9\u8c61\u3002\u8fd9\u8fdd\u53cd\u4e86\u540c\u6e90\u7b56\u7565\uff0c\u5141\u8bb8\u7528\u6237\u7a83\u53d6\u5176\u4ed6\u7f51\u7ad9\u7684\u654f\u611f\u4fe1\u606f\u3002\n\nMozilla Firefox 3.6.x\r\nMozilla Firefox 3.5.x\r\nMozilla Thunderbird 3.1.x\r\nMozilla Thunderbird 3.0.x\r\nMozilla SeaMonkey < 2.0.9\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMozilla\r\n-------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.mozilla.org/\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2010:0782-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2010:0782-01\uff1aCritical: firefox security update\r\n\u94fe\u63a5\uff1ahttps://www.redhat.com/support/errata/RHSA-2010-0782.html", "published": "2010-10-26T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.seebug.org/vuldb/ssvid-20203", "cvelist": ["CVE-2010-3178"], "lastseen": "2017-11-19T18:07:38"}, {"id": "SSV:20200", "type": "seebug", "title": "Mozilla Firefox LookupGetterOrSetter\u51fd\u6570\u60ac\u505c\u6307\u9488\u6f0f\u6d1e", "description": "BUGTRAQ ID: 44249\r\nCVE ID: CVE-2010-3183\r\n\r\nFirefox\u662f\u4e00\u6b3e\u975e\u5e38\u6d41\u884c\u7684\u5f00\u6e90WEB\u6d4f\u89c8\u5668\u3002\r\n\r\nFirefox\u7684js3250.dll\u5e93\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u5728\u521b\u5efa\u548c\u5220\u9664JavaObject\u65f6\uff0c\u7531\u4e8e\u6ca1\u6709\u5bf9LookupGetterorSetter() \u51fd\u6570\u6267\u884c\u8fc7\u6ee4\u68c0\u67e5\uff0c\u53ef\u80fd\u5bfc\u81f4\u5411JS_ValueToId()\u51fd\u6570\u4f20\u9001\u60ac\u505c\u6307\u9488\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u4ee5SYSTEM\u7528\u6237\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nMozilla Firefox 3.6.x\r\nMozilla Firefox 3.5.x\r\nMozilla Thunderbird 3.1.x\r\nMozilla Thunderbird 3.0.x\r\nMozilla SeaMonkey < 2.0.9\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMozilla\r\n-------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.mozilla.org/\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2010:0782-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2010:0782-01\uff1aCritical: firefox security update\r\n\u94fe\u63a5\uff1ahttps://www.redhat.com/support/errata/RHSA-2010-0782.html", "published": "2010-10-26T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-20200", "cvelist": ["CVE-2010-3183"], "lastseen": "2017-11-19T18:07:44"}], "packetstorm": [{"id": "PACKETSTORM:95278", "type": "packetstorm", "title": "Firefox Memory Corruption", "description": "", "published": "2010-10-29T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://packetstormsecurity.com/files/95278/Firefox-Memory-Corruption.html", "cvelist": ["CVE-2010-3765"], "lastseen": "2016-12-05T22:21:14"}, {"id": "PACKETSTORM:95201", "type": "packetstorm", "title": "Firefox Interleaving Denial Of Service", "description": "", "published": "2010-10-28T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://packetstormsecurity.com/files/95201/Firefox-Interleaving-Denial-Of-Service.html", "cvelist": ["CVE-2010-3765"], "lastseen": "2016-12-05T22:17:50"}, {"id": "PACKETSTORM:98589", "type": "packetstorm", "title": "Mozilla Firefox Interleaving document.write / appendChild Code Execution", "description": "", "published": "2011-02-19T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://packetstormsecurity.com/files/98589/Mozilla-Firefox-Interleaving-document.write-appendChild-Code-Execution.html", "cvelist": ["CVE-2010-3765"], "lastseen": "2016-12-05T22:16:54"}], "saint": [{"id": "SAINT:51C8784EC0720AAB164E5C2D4C2C0137", "type": "saint", "title": "Mozilla Firefox document.write and DOM insertion memory corruption", "description": "Added: 11/04/2010 \nCVE: [CVE-2010-3765](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3765>) \nBID: [44425](<http://www.securityfocus.com/bid/44425>) \nOSVDB: [68905](<http://www.osvdb.org/68905>) \n\n\n### Background\n\n[Firefox](<http://www.mozilla.com/en-US/firefox/>) is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. \n\n### Problem\n\nA memory corruption vulnerability allows command execution when a user loads a specially crafted web page containing DOM insertions interspersed with calls to the document.write function. \n\n### Resolution\n\nUpgrade to [Firefox](<http://www.mozilla.com/>) 3.5.15 or 3.6.12 or higher. \n\n### References\n\n<http://www.mozilla.org/security/announce/2010/mfsa2010-73.html> \n<http://secunia.com/advisories/41957/> \n\n\n### Limitations\n\nExploit works on Firefox 3.6.11 and requires the user to load the exploit page in Firefox. \n\nIt may take some time to establish the shell session. \n\nThe exploit works best when the target platform has more than 1G memory. \n\n### Platforms\n\nWindows \n \n\n", "published": "2010-11-04T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/firefox_document_write_dom", "cvelist": ["CVE-2010-3765"], "lastseen": "2016-12-14T16:58:07"}, {"id": "SAINT:546064F485F51C4E5EBC0EB24D594AD7", "type": "saint", "title": "Mozilla Firefox document.write and DOM insertion memory corruption", "description": "Added: 11/04/2010 \nCVE: [CVE-2010-3765](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3765>) \nBID: [44425](<http://www.securityfocus.com/bid/44425>) \nOSVDB: [68905](<http://www.osvdb.org/68905>) \n\n\n### Background\n\n[Firefox](<http://www.mozilla.com/en-US/firefox/>) is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. \n\n### Problem\n\nA memory corruption vulnerability allows command execution when a user loads a specially crafted web page containing DOM insertions interspersed with calls to the document.write function. \n\n### Resolution\n\nUpgrade to [Firefox](<http://www.mozilla.com/>) 3.5.15 or 3.6.12 or higher. \n\n### References\n\n<http://www.mozilla.org/security/announce/2010/mfsa2010-73.html> \n<http://secunia.com/advisories/41957/> \n\n\n### Limitations\n\nExploit works on Firefox 3.6.11 and requires the user to load the exploit page in Firefox. \n\nIt may take some time to establish the shell session. \n\nThe exploit works best when the target platform has more than 1G memory. \n\n### Platforms\n\nWindows \n \n\n", "published": "2010-11-04T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/firefox_document_write_dom", "cvelist": ["CVE-2010-3765"], "lastseen": "2016-10-03T15:02:01"}, {"id": "SAINT:5304BC5AECD536DD889896AA44B31199", "type": "saint", "title": "Mozilla Firefox document.write and DOM insertion memory corruption", "description": "Added: 11/04/2010 \nCVE: [CVE-2010-3765](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3765>) \nBID: [44425](<http://www.securityfocus.com/bid/44425>) \nOSVDB: [68905](<http://www.osvdb.org/68905>) \n\n\n### Background\n\n[Firefox](<http://www.mozilla.com/en-US/firefox/>) is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. \n\n### Problem\n\nA memory corruption vulnerability allows command execution when a user loads a specially crafted web page containing DOM insertions interspersed with calls to the document.write function. \n\n### Resolution\n\nUpgrade to [Firefox](<http://www.mozilla.com/>) 3.5.15 or 3.6.12 or higher. \n\n### References\n\n<http://www.mozilla.org/security/announce/2010/mfsa2010-73.html> \n<http://secunia.com/advisories/41957/> \n\n\n### Limitations\n\nExploit works on Firefox 3.6.11 and requires the user to load the exploit page in Firefox. \n\nIt may take some time to establish the shell session. \n\nThe exploit works best when the target platform has more than 1G memory. \n\n### Platforms\n\nWindows \n \n\n", "published": "2010-11-04T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/firefox_document_write_dom", "cvelist": ["CVE-2010-3765"], "lastseen": "2017-01-10T14:03:41"}], "canvas": [{"id": "FIREFOX_APPENDCHILD", "type": "canvas", "title": "Immunity Canvas: FIREFOX_APPENDCHILD", "description": "**Name**| firefox_appendchild \n---|--- \n**CVE**| CVE-2010-3765 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| firefox_appendchild \n**Notes**| CVE Name: CVE-2010-3765 \nVENDOR: Mozilla \nNotes: Interleaving document.write and appendChild can lead to duplicate text \nframes and overrunning of text run buffers. \n \nThis exploit can only be used from clientd. \n \nTested on: \nWindows XP SP3 ENG with Firefox 3.6.11. \n \n \nJavaScript Obfuscated. \n \nWe do not currently do process recovery in this exploit. \n \n \nVersionsAffected: Firefox <=3.6.11 \nRepeatability: Infinite \nReferences: ['https://bugzilla.mozilla.org/show_bug.cgi?id=607222'] \nDate public: 10/26/2010 \n\n", "published": "2010-10-27T20:00:05", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/firefox_appendchild", "cvelist": ["CVE-2010-3765"], "lastseen": "2016-09-25T14:14:27"}], "metasploit": [{"id": "MSF:EXPLOIT/WINDOWS/BROWSER/MOZILLA_INTERLEAVED_WRITE", "type": "metasploit", "title": "Mozilla Firefox Interleaved document.write/appendChild Memory Corruption", "description": "This module exploits a code execution vulnerability in Mozilla Firefox caused by interleaved calls to document.write and appendChild. This module was written based on a live exploit found in the wild.", "published": "2011-02-18T02:23:10", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "", "cvelist": ["CVE-2010-3765"], "lastseen": "2018-06-06T09:54:25"}], "exploitdb": [{"id": "EDB-ID:16509", "type": "exploitdb", "title": "Mozilla Firefox Interleaving document.write and appendChild Exploit", "description": "Mozilla Firefox Interleaving document.write and appendChild Exploit. CVE-2010-3765. Remote exploit for windows platform", "published": "2011-02-22T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/16509/", "cvelist": ["CVE-2010-3765"], "lastseen": "2016-02-02T00:01:42"}, {"id": "EDB-ID:15352", "type": "exploitdb", "title": "Firefox 3.6.8 - 3.6.11 Interleaving document.write and appendChild Exploit From the Wild", "description": "Firefox 3.6.8 - 3.6.11 Interleaving document.write and appendChild Exploit (From the Wild). CVE-2010-3765. Remote exploit for windows platform", "published": "2010-10-29T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/15352/", "cvelist": ["CVE-2010-3765"], "lastseen": "2016-02-01T21:39:09"}, {"id": "EDB-ID:15341", "type": "exploitdb", "title": "Firefox Interleaving document.write and appendChild Denial of Service", "description": "Firefox Interleaving document.write and appendChild Denial of Service. CVE-2010-3765. Dos exploits for multiple platform", "published": "2010-10-28T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/15341/", "cvelist": ["CVE-2010-3765"], "lastseen": "2016-02-01T21:37:08"}, {"id": "EDB-ID:15342", "type": "exploitdb", "title": "Firefox Memory Corruption Proof of Concept Simplified", "description": "Firefox Memory Corruption Proof of Concept (Simplified). CVE-2010-3765. Dos exploits for multiple platform", "published": "2010-10-28T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/15342/", "cvelist": ["CVE-2010-3765"], "lastseen": "2016-02-01T21:37:20"}, {"id": "EDB-ID:34881", "type": "exploitdb", "title": "Mozilla Firefox SeaMonkey <= 3.6.10 and Thunderbird <= 3.1.4 - 'document.write' Memory Corruption Vulnerability", "description": "Mozilla Firefox SeaMonkey 3.6.10 and Thunderbird 3.1.4 'document.write' Memory Corruption Vulnerability. CVE-2010-3179. Remote exploit for linux platform", "published": "2010-10-19T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/34881/", "cvelist": ["CVE-2010-3179"], "lastseen": "2016-02-04T00:08:05"}], "vmware": [{"id": "VMSA-2011-0013", "type": "vmware", "title": "VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "description": "a. ESX third party update for Service Console openssl RPM \nThe Service Console openssl RPM is updated to openssl-0.9.8e.12.el5_5.7 resolving two security issues. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-7270 and CVE-2010-4180 to these issues. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "published": "2011-10-27T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.vmware.com/security/advisories/VMSA-2011-0013.html", "cvelist": ["CVE-2010-3562", "CVE-2010-4475", "CVE-2011-0865", "CVE-2010-2054", "CVE-2010-4468", "CVE-2010-3557", "CVE-2010-3563", "CVE-2010-3551", "CVE-2011-0802", "CVE-2010-3552", "CVE-2010-3553", "CVE-2010-3550", "CVE-2010-4452", "CVE-2010-4462", "CVE-2010-3566", "CVE-2010-4448", "CVE-2010-4465", "CVE-2010-3565", "CVE-2010-4180", "CVE-2010-4454", "CVE-2010-3572", "CVE-2010-4451", "CVE-2010-4422", "CVE-2010-4469", "CVE-2011-0002", "CVE-2010-4450", "CVE-2010-4463", "CVE-2010-3574", "CVE-2010-4473", "CVE-2010-4474", "CVE-2010-3541", "CVE-2011-0873", "CVE-2010-3571", "CVE-2010-3173", "CVE-2010-4476", "CVE-2010-4472", "CVE-2010-4471", "CVE-2010-3560", "CVE-2010-3559", "CVE-2008-7270", "CVE-2011-0815", "CVE-2010-1321", "CVE-2010-3556", "CVE-2011-0867", "CVE-2010-3561", "CVE-2010-4447", "CVE-2010-3549", "CVE-2010-3554", "CVE-2010-3170", "CVE-2010-4470", "CVE-2010-3555", "CVE-2011-0864", "CVE-2010-3570", "CVE-2010-3567", "CVE-2010-3573", "CVE-2010-3548", "CVE-2010-4467", "CVE-2010-3568", "CVE-2011-0862", "CVE-2010-3558", "CVE-2010-4466", "CVE-2010-3569", "CVE-2011-0871", "CVE-2011-0814"], "lastseen": "2016-09-04T11:19:38"}], "zdi": [{"id": "ZDI-10-219", "type": "zdi", "title": "Mozilla Firefox LookupGetterOrSetter Remote Code Execution Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists in js3250.dll. When a JavaObject is created and deleted, there is not a proper sanity check for the LookupGetterorSetter() function, which can result in a dangling pointer being passed to the JS_ValueToId() function. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the CURRENT user.", "published": "2010-10-19T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.zerodayinitiative.com/advisories/ZDI-10-219", "cvelist": ["CVE-2010-3183"], "lastseen": "2016-11-09T00:17:49"}]}}