{"id": "UBUNTU_USN-930-3.NASL", "bulletinFamily": "scanner", "title": "Ubuntu 8.04 LTS : firefox regression (USN-930-3)", "description": "USN-930-1 fixed vulnerabilities in Firefox. Due to a software packaging problem, the Firefox 3.6 update could not be installed when the firefox-2 package was also installed. This update fixes the problem and updates apturl for the change.\n\nIf was discovered that Firefox could be made to access freed memory.\nIf a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2010-1121)\n\nSeveral flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203)\n\nA flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1198)\n\nAn integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1196)\n\nMartin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199)\n\nMichal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. (CVE-2010-1125)\n\nIlja van Sprundel discovered that the 'Content-Disposition:\nattachment' HTTP header was ignored when 'Content-Type:\nmultipart' was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks.\n(CVE-2010-1197)\n\nAmit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different websites.\n(CVE-2008-5913).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2010-07-01T00:00:00", "modified": "2016-05-27T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47574", "reporter": "Tenable", "references": [], "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1121", "CVE-2010-1196", "CVE-2010-1201", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "type": "nessus", "lastseen": "2016-09-26T17:26:04", "history": [], "edition": 1, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "ebc168716ddecc1caf1534cd25564a47"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "bf5cbc19ea8e1180a736ba3e6fcaf6aa"}, {"key": "href", "hash": "ade9b56d441abecaa90bcf86f03850da"}, {"key": "modified", "hash": "f5f9e526f94b59bbc9026f5b07b6ef78"}, {"key": "naslFamily", "hash": "c9b7d00377a789a14c9bb9dab6c7168c"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "pluginID", "hash": "c70bb5cfd0305c9d18312d92f820c321"}, {"key": "published", "hash": "8da0809b92881c05bd8f37c479450778"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "68dd6d8332b3335835076bef8cf2a1c2"}, {"key": "title", "hash": "f72d8b909e398fd5e5b870e74baae206"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "024ea0fc2a8f2fbed8a4c0bbd0736946616ac7586dc92e0b80e43244a390b9f3", "viewCount": 0, "objectVersion": "1.2", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-930-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47574);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/05/27 14:45:44 $\");\n\n script_cve_id(\"CVE-2008-5913\", \"CVE-2010-1121\", \"CVE-2010-1125\", \"CVE-2010-1196\", \"CVE-2010-1197\", \"CVE-2010-1198\", \"CVE-2010-1199\", \"CVE-2010-1200\", \"CVE-2010-1201\", \"CVE-2010-1202\", \"CVE-2010-1203\");\n script_xref(name:\"USN\", value:\"930-3\");\n\n script_name(english:\"Ubuntu 8.04 LTS : firefox regression (USN-930-3)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-930-1 fixed vulnerabilities in Firefox. Due to a software\npackaging problem, the Firefox 3.6 update could not be installed when\nthe firefox-2 package was also installed. This update fixes the\nproblem and updates apturl for the change.\n\nIf was discovered that Firefox could be made to access freed memory.\nIf a user were tricked into viewing a malicious site, a remote\nattacker could cause a denial of service or possibly execute arbitrary\ncode with the privileges of the user invoking the program. This issue\nonly affected Ubuntu 8.04 LTS. (CVE-2010-1121)\n\nSeveral flaws were discovered in the browser engine of\nFirefox. If a user were tricked into viewing a malicious\nsite, a remote attacker could cause a denial of service or\npossibly execute arbitrary code with the privileges of the\nuser invoking the program. (CVE-2010-1200, CVE-2010-1201,\nCVE-2010-1202, CVE-2010-1203)\n\nA flaw was discovered in the way plugin instances\ninteracted. An attacker could potentially exploit this and\nuse one plugin to access freed memory from a second plugin\nto execute arbitrary code with the privileges of the user\ninvoking the program. (CVE-2010-1198)\n\nAn integer overflow was discovered in Firefox. If a user\nwere tricked into viewing a malicious site, an attacker\ncould overflow a buffer and cause a denial of service or\npossibly execute arbitrary code with the privileges of the\nuser invoking the program. (CVE-2010-1196)\n\nMartin Barbella discovered an integer overflow in an XSLT\nnode sorting routine. An attacker could exploit this to\noverflow a buffer and cause a denial of service or possibly\nexecute arbitrary code with the privileges of the user\ninvoking the program. (CVE-2010-1199)\n\nMichal Zalewski discovered that the focus behavior of\nFirefox could be subverted. If a user were tricked into\nviewing a malicious site, a remote attacker could use this\nto capture keystrokes. (CVE-2010-1125)\n\nIlja van Sprundel discovered that the 'Content-Disposition:\nattachment' HTTP header was ignored when 'Content-Type:\nmultipart' was also present. Under certain circumstances,\nthis could potentially lead to cross-site scripting attacks.\n(CVE-2010-1197)\n\nAmit Klein discovered that Firefox did not seed its random\nnumber generator often enough. An attacker could exploit\nthis to identify and track users across different websites.\n(CVE-2008-5913).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abrowser-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apturl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-3.0-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-branding\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-granparadiso-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-libthai\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox-trunk-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2016 Canonical, Inc. / NASL script (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"abrowser\", pkgver:\"3.6.6+nobinonly-0ubuntu0.8.04.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"abrowser-branding\", pkgver:\"3.6.6+nobinonly-0ubuntu0.8.04.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apturl\", pkgver:\"0.2.2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox\", pkgver:\"3.6.6+nobinonly-0ubuntu0.8.04.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0\", pkgver:\"3.6.6+nobinonly-0ubuntu0.8.04.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0-dev\", pkgver:\"3.6.6+nobinonly-0ubuntu0.8.04.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-3.0-gnome-support\", pkgver:\"3.6.6+nobinonly-0ubuntu0.8.04.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-branding\", pkgver:\"3.6.6+nobinonly-0ubuntu0.8.04.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-dbg\", pkgver:\"3.6.6+nobinonly-0ubuntu0.8.04.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-dev\", pkgver:\"3.6.6+nobinonly-0ubuntu0.8.04.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-gnome-support\", pkgver:\"3.6.6+nobinonly-0ubuntu0.8.04.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-gnome-support-dbg\", pkgver:\"3.6.6+nobinonly-0ubuntu0.8.04.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso\", pkgver:\"3.6.6+nobinonly-0ubuntu0.8.04.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso-dev\", pkgver:\"3.6.6+nobinonly-0ubuntu0.8.04.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-granparadiso-gnome-support\", pkgver:\"3.6.6+nobinonly-0ubuntu0.8.04.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-libthai\", pkgver:\"3.6.6+nobinonly-0ubuntu0.8.04.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk\", pkgver:\"3.6.6+nobinonly-0ubuntu0.8.04.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk-dev\", pkgver:\"3.6.6+nobinonly-0ubuntu0.8.04.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"firefox-trunk-gnome-support\", pkgver:\"3.6.6+nobinonly-0ubuntu0.8.04.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"abrowser / abrowser-branding / apturl / firefox / firefox-3.0 / etc\");\n}\n", "naslFamily": "Ubuntu Local Security Checks", "pluginID": "47574", "enchantments": {"vulnersScore": 10.0}}
{"result": {"cve": [{"id": "CVE-2010-1203", "type": "cve", "title": "CVE-2010-1203", "description": "The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp.", "published": "2010-06-24T08:30:01", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1203", "cvelist": ["CVE-2010-1203"], "lastseen": "2017-09-19T13:36:54"}, {"id": "CVE-2010-1125", "type": "cve", "title": "CVE-2010-1125", "description": "The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method.", "published": "2010-03-26T16:30:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1125", "cvelist": ["CVE-2010-1125"], "lastseen": "2017-09-19T13:36:54"}, {"id": "CVE-2010-1200", "type": "cve", "title": "CVE-2010-1200", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "published": "2010-06-24T08:30:01", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1200", "cvelist": ["CVE-2010-1200"], "lastseen": "2017-09-19T13:36:54"}, {"id": "CVE-2010-1197", "type": "cve", "title": "CVE-2010-1197", "description": "Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both \"Content-Disposition: attachment\" and \"Content-Type: multipart\" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document.", "published": "2010-06-24T08:30:01", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1197", "cvelist": ["CVE-2010-1197"], "lastseen": "2017-09-19T13:36:54"}, {"id": "CVE-2010-1121", "type": "cve", "title": "CVE-2010-1121", "description": "Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.", "published": "2010-03-25T17:00:01", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1121", "cvelist": ["CVE-2010-1121"], "lastseen": "2017-09-19T13:36:54"}, {"id": "CVE-2010-1196", "type": "cve", "title": "CVE-2010-1196", "description": "Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow.", "published": "2010-06-24T08:30:01", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1196", "cvelist": ["CVE-2010-1196"], "lastseen": "2017-09-19T13:36:54"}, {"id": "CVE-2010-1201", "type": "cve", "title": "CVE-2010-1201", "description": "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "published": "2010-06-24T08:30:01", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1201", "cvelist": ["CVE-2010-1201"], "lastseen": "2017-09-19T13:36:54"}, {"id": "CVE-2008-5913", "type": "cve", "title": "CVE-2008-5913", "description": "The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a \"temporary footprint\" and an \"in-session phishing attack.\"", "published": "2009-01-20T11:30:00", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5913", "cvelist": ["CVE-2008-5913"], "lastseen": "2017-09-29T14:26:17"}, {"id": "CVE-2010-1202", "type": "cve", "title": "CVE-2010-1202", "description": "Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "published": "2010-06-24T08:30:01", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1202", "cvelist": ["CVE-2010-1202"], "lastseen": "2017-09-19T13:36:54"}, {"id": "CVE-2010-1199", "type": "cve", "title": "CVE-2010-1199", "description": "Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node.", "published": "2010-06-24T08:30:01", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1199", "cvelist": ["CVE-2010-1199"], "lastseen": "2017-09-19T13:36:54"}], "openvas": [{"id": "OPENVAS:902208", "type": "openvas", "title": "Mozilla Firefox Multiple Unspecified Vulnerabilities june-10 (Windows)", "description": "The host is installed with Mozilla Firefox and is prone to multiple unspecified\n vulnerabilities.", "published": "2010-07-01T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=902208", "cvelist": ["CVE-2010-1203"], "lastseen": "2017-07-02T21:10:02"}, {"id": "OPENVAS:862167", "type": "openvas", "title": "Fedora Update for firefox FEDORA-2010-10361", "description": "Check for the Version of firefox", "published": "2010-06-25T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=862167", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1196", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2017-07-25T10:49:12"}, {"id": "OPENVAS:862197", "type": "openvas", "title": "Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-10361", "description": "Check for the Version of perl-Gtk2-MozEmbed", "published": "2010-06-25T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=862197", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1196", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2017-07-25T10:49:36"}, {"id": "OPENVAS:830997", "type": "openvas", "title": "Mandriva Update for ldetect-lst MDVA-2010:125 (ldetect-lst)", "description": "Check for the Version of ldetect-lst", "published": "2010-04-29T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=830997", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1196", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2017-07-24T12:49:31"}, {"id": "OPENVAS:831094", "type": "openvas", "title": "Mandriva Update for firefox MDVSA-2010:125 (firefox)", "description": "Check for the Version of firefox", "published": "2010-06-25T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=831094", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1196", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2017-07-24T12:49:32"}, {"id": "OPENVAS:862176", "type": "openvas", "title": "Fedora Update for mozvoikko FEDORA-2010-10361", "description": "Check for the Version of mozvoikko", "published": "2010-06-25T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=862176", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1196", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2017-07-25T10:49:08"}, {"id": "OPENVAS:840457", "type": "openvas", "title": "Ubuntu Update for thunderbird vulnerabilities USN-943-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-943-1", "published": "2010-07-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=840457", "cvelist": ["CVE-2010-1203", "CVE-2010-1200", "CVE-2010-1121", "CVE-2010-1196", "CVE-2010-1201", "CVE-2010-1202", "CVE-2010-1199"], "lastseen": "2017-07-25T10:49:25"}, {"id": "OPENVAS:862171", "type": "openvas", "title": "Fedora Update for gnome-web-photo FEDORA-2010-10361", "description": "Check for the Version of gnome-web-photo", "published": "2010-06-25T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=862171", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1196", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2017-07-25T10:49:24"}, {"id": "OPENVAS:862195", "type": "openvas", "title": "Fedora Update for gnome-python2-extras FEDORA-2010-10361", "description": "Check for the Version of gnome-python2-extras", "published": "2010-06-25T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=862195", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1196", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2017-07-25T10:49:30"}, {"id": "OPENVAS:862189", "type": "openvas", "title": "Fedora Update for xulrunner FEDORA-2010-10361", "description": "Check for the Version of xulrunner", "published": "2010-06-25T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=862189", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1196", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2017-07-25T10:49:36"}], "nessus": [{"id": "UBUNTU_USN-943-1.NASL", "type": "nessus", "title": "Ubuntu 10.04 LTS : thunderbird vulnerabilities (USN-943-1)", "description": "Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199)\n\nAn integer overflow was discovered in Thunderbird. If a user were tricked into viewing malicious content, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.\n(CVE-2010-1196)\n\nSeveral flaws were discovered in the browser engine of Thunderbird. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203)\n\nIf was discovered that Thunderbird could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.\n(CVE-2010-1121).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2010-07-07T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47618", "cvelist": ["CVE-2010-1203", "CVE-2010-1200", "CVE-2010-1121", "CVE-2010-1196", "CVE-2010-1201", "CVE-2010-1202", "CVE-2010-1199"], "lastseen": "2016-09-26T17:24:50"}, {"id": "MOZILLA_FIREFOX_364.NASL", "type": "nessus", "title": "Firefox 3.6 < 3.6.4 Multiple Vulnerabilities", "description": "The installed version of Firefox 3.6.x is earlier than 3.6.4. Such versions are potentially affected by the following security issues :\n\n - Multiple crashes can result in arbitrary code execution. (MFSA 2010-26)\n\n - A plugin is allowed to hold a reference to an object owned by a second plugin even after the second plugin is unloaded and the referenced object no longer exists.\n This could allow arbitrary code execution. (MFSA 2010-28) \n\n - An error in 'nsGenericDOMDataNode' allows a buffer overflow in certain DOM nodes leading to arbitrary code execution. (MFSA 2010-29)\n\n - An error in a XSLT node sorting function contains an integer overflow leading to application crashes and possible arbitrary code execution. (MFSA 2010-30)\n\n - A cross-site scripting vulnerability exists when content from one domain is embedded in pages from other domains and the 'focus()' function is used, leading to information disclosure. (MFSA 2010-31)\n\n - The HTTP header, 'Content-Disposition: attachment', is ignored when the HTTP header 'Content-Type: multipart' is present. This could allow cross-site scripting to occur. (MFSA 2010-32)\n\n - The pseudo-random number generator is only seeded once per browsing session and 'Math.random()' may be used to recover the seed value allowing the browser instance to be tracked across different websites. (MFSA 2010-33)", "published": "2010-06-23T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47124", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1196", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2017-06-10T06:36:08"}, {"id": "MANDRIVA_MDVSA-2010-125.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : firefox (MDVSA-2010:125)", "description": "Security issues were identified and fixed in firefox :\n\nAn unspecified function in the JavaScript implementation in Mozilla Firefox creates and exposes a temporary footprint when there is a current login to a website, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an in-session phishing attack. (CVE-2008-5913).\n\nThe JavaScript implementation in Mozilla Firefox 3.x allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method (CVE-2010-1125).\n\nInteger overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow (CVE-2010-1196).\n\nMozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both Content-Disposition: attachment and Content-Type: multipart are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document (CVE-2010-1197).\n\nUse-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances (CVE-2010-1198).\n\nInteger overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node (CVE-2010-1199).\n\nMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2010-1200).\n\nMultiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2010-1202).\n\nMultiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2010-1203).\n\nPackages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4 90\n\nAdditionally, some packages which require so, have been rebuilt and are being provided as updates.", "published": "2010-06-25T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47132", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1196", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2016-09-26T17:24:28"}, {"id": "UBUNTU_USN-930-2.NASL", "type": "nessus", "title": "Ubuntu 8.04 LTS : apturl, epiphany-browser, gecko-sharp, gnome-python-extras, liferea, rhythmbox, totem, ubufox, yelp update (USN-930-2)", "description": "USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2 on Ubuntu 8.04 LTS.\n\nIf was discovered that Firefox could be made to access freed memory.\nIf a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2010-1121)\n\nSeveral flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203)\n\nA flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1198)\n\nAn integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1196)\n\nMartin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199)\n\nMichal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. (CVE-2010-1125)\n\nIlja van Sprundel discovered that the 'Content-Disposition:\nattachment' HTTP header was ignored when 'Content-Type:\nmultipart' was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks.\n(CVE-2010-1197)\n\nAmit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different websites.\n(CVE-2008-5913).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2010-06-30T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47162", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1121", "CVE-2010-1196", "CVE-2010-1201", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2016-09-26T17:26:07"}, {"id": "FEDORA_2010-10363.NASL", "type": "nessus", "title": "Fedora 13 : seamonkey-2.0.5-1.fc13 (2010-10363)", "description": "Update to new upstream SeaMonkey version 2.0.5, fixing multiple security issues detailed in the upstream advisories:\nhttp://www.mozilla.org/security/known- vulnerabilities/seamonkey20.html#seamonkey2.0.5 CVE-2010-1121 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-0183 CVE-2010-1198 CVE-2010-1196 CVE-2010-1199 CVE-2010-1125 CVE-2010-1197 CVE-2008-5913\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2010-07-01T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47226", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1121", "CVE-2010-1196", "CVE-2010-0183", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2016-09-26T17:25:26"}, {"id": "UBUNTU_USN-930-6.NASL", "type": "nessus", "title": "Ubuntu 9.04 / 9.10 : firefox, firefox-3.0, xulrunner-1.9.2 vulnerability (USN-930-6)", "description": "USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. (CVE-2010-2755)\n\nThis update fixes the problem.\n\nIf was discovered that Firefox could be made to access freed memory.\nIf a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2010-1121)\n\nSeveral flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203)\n\nA flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1198)\n\nAn integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1196)\n\nMartin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199)\n\nMichal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. (CVE-2010-1125)\n\nIlja van Sprundel discovered that the 'Content-Disposition:\nattachment' HTTP header was ignored when 'Content-Type:\nmultipart' was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks.\n(CVE-2010-1197)\n\nAmit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different websites.\n(CVE-2008-5913).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2010-07-27T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47855", "cvelist": ["CVE-2010-1203", "CVE-2010-1214", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1121", "CVE-2010-1196", "CVE-2010-1201", "CVE-2010-2755", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2016-09-26T17:24:09"}, {"id": "SUSE_11_2_MOZILLAFIREFOX-100625.NASL", "type": "nessus", "title": "openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0358-2)", "description": "Mozilla Firefox was updated to version 3.5.10, fixing various bugs and security issues.\n\nMFSA 2010-33 / CVE-2008-5913: Security researcher Amit Klein reported that it was possible to reverse engineer the value used to seed Math.random(). Since the pseudo-random number generator was only seeded once per browsing session, this seed value could be used as a unique token to identify and track users across different websites.\n\nMFSA 2010-32 / CVE-2010-1197: Security researcher Ilja van Sprundel of IOActive reported that the Content-Disposition: attachment HTTP header was ignored when Content-Type: multipart was also present. This issue could potentially lead to XSS problems in sites that allow users to upload arbitrary files and specify a Content-Type but rely on Content-Disposition: attachment to prevent the content from being displayed inline.\n\nMFSA 2010-31 / CVE-2010-1125: Google security researcher Michal Zalewski reported that focus() could be used to change a user's cursor focus while they are typing, potentially directing their keyboard input to an unintended location. This behaviour was also present across origins when content from one domain was embedded within another via an iframe. A malicious web page could use this behaviour to steal keystrokes from a victim while they were typing sensitive information such as a password.\n\nMFSA 2010-30 / CVE-2010-1199: Security researcher Martin Barbella reported via TippingPoint's Zero Day Initiative that an XSLT node sorting routine contained an integer overflow vulnerability. In cases where one of the nodes to be sorted contained a very large text value, the integer used to allocate a memory buffer to store its value would overflow, resulting in too small a buffer being created. An attacker could use this vulnerability to write data past the end of the buffer, causing the browser to crash and potentially running arbitrary code on a victim's computer.\n\nMFSA 2010-29 / CVE-2010-1196: Security researcher Nils of MWR InfoSecurity reported that the routine for setting the text value for certain types of DOM nodes contained an integer overflow vulnerability. When a very long string was passed to this routine, the integer value used in creating a new memory buffer to hold the string would overflow, resulting in too small a buffer being allocated. An attacker could use this vulnerability to write data past the end of the buffer, causing a crash and potentially running arbitrary code on a victim's computer.\n\nMFSA 2010-28 / CVE-2010-1198: Microsoft Vulnerability Research reported that two plugin instances could interact in a way in which one plugin gets a reference to an object owned by a second plugin and continues to hold that reference after the second plugin is unloaded and its object is destroyed. In these cases, the first plugin would contain a pointer to freed memory which, if accessed, could be used by an attacker to execute arbitrary code on a victim's computer.\n\nMFSA 2010-27 / CVE-2010-0183: Security researcher wushi of team509 reported that the frame construction process for certain types of menus could result in a menu containing a pointer to a previously freed menu item. During the cycle collection process, this freed item could be accessed, resulting in the execution of a section of code potentially controlled by an attacker.\n\nMFSA 2010-26 / CVE-2010-1200 / CVE-2010-1201 / CVE-2010-1202 / CVE-2010-1203: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.\n\nMFSA 2010-25 / CVE-2010-1121: A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint's Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object. The contest winning exploit only affects Firefox 3.6 and not earlier versions. Updated (June 22, 2010): Firefox 3.5, SeaMonkey 2.0, and Thunderbird 3.0 based on earlier versions of the browser engine were patched just in case there is an alternate way of triggering the underlying flaw.", "published": "2010-07-09T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47693", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1121", "CVE-2010-1196", "CVE-2010-1201", "CVE-2010-0183", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2016-09-26T17:23:55"}, {"id": "FEDORA_2010-10329.NASL", "type": "nessus", "title": "Fedora 12 : seamonkey-2.0.5-1.fc12 (2010-10329)", "description": "Update to new upstream SeaMonkey version 2.0.5, fixing multiple security issues detailed in the upstream advisories:\nhttp://www.mozilla.org/security/known- vulnerabilities/seamonkey20.html#seamonkey2.0.5 CVE-2010-1121 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-0183 CVE-2010-1198 CVE-2010-1196 CVE-2010-1199 CVE-2010-1125 CVE-2010-1197 CVE-2008-5913\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2010-07-01T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47222", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1121", "CVE-2010-1196", "CVE-2010-0183", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2016-09-26T17:23:56"}, {"id": "FREEBSD_PKG_99858B7C7ECE11DFA007000F20797EDE.NASL", "type": "nessus", "title": "FreeBSD : mozilla -- multiple vulnerabilities (99858b7c-7ece-11df-a007-000f20797ede)", "description": "Mozilla Project reports :\n\nMFSA 2010-33 User tracking across sites using Math.random()\n\nMFSA 2010-32 Content-Disposition: attachment ignored if Content-Type:\nmultipart also present\n\nMFSA 2010-31 focus() behavior can be used to inject or steal keystrokes\n\nMFSA 2010-30 Integer Overflow in XSLT Node Sorting\n\nMFSA 2010-29 Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal\n\nMFSA 2010-28 Freed object reuse across plugin instances\n\nMFSA 2010-27 Use-after-free error in nsCycleCollector::MarkRoots()\n\nMFSA 2010-26 Crashes with evidence of memory corruption (rv:1.9.2.4/ 1.9.1.10)\n\nMFSA 2010-25 Re-use of freed object due to scope confusion", "published": "2010-06-25T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47130", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1121", "CVE-2010-1196", "CVE-2010-1201", "CVE-2010-0183", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2016-09-26T17:24:56"}, {"id": "SUSE_11_MOZILLAFIREFOX-100628.NASL", "type": "nessus", "title": "SuSE 11 / 11.1 Security Update : Mozilla Firefox (SAT Patch Numbers 2608 / 2609)", "description": "Mozilla Firefox has been updated to version 3.5.10, fixing various bugs and security issues.\n\n - Security researcher Amit Klein reported that it was possible to reverse engineer the value used to seed Math.random(). Since the pseudo-random number generator was only seeded once per browsing session, this seed value could be used as a unique token to identify and track users across different web sites. (MFSA 2010-33/ CVE-2008-5913)\n\n - Security researcher Ilja van Sprundel of IOActive reported that the Content-Disposition: attachment HTTP header was ignored when `Content-Type: multipart` was also present. This issue could potentially lead to XSS problems in sites that allow users to upload arbitrary files and specify a content type but rely on Content-Disposition: attachment to prevent the content from being displayed inline. (MFSA 2010-32/ CVE-2010-1197)\n\n - Google security researcher Michal Zalewski reported that focus() could be used to change a user's cursor focus while they are typing, potentially directing their keyboard input to an unintended location. This behaviour was also present across origins when content from one domain was embedded within another via an iframe. A malicious web page could use this behaviour to steal keystrokes from a victim while they were typing sensitive information such as a password. (MFSA 2010-31/ CVE-2010-1125)\n\n - Security researcher Martin Barbella reported via TippingPoint's Zero Day Initiative that an XSLT node sorting routine contained an integer overflow vulnerability. In cases where one of the nodes to be sorted contained a very large text value, the integer used to allocate a memory buffer to store its value would overflow, resulting in too small a buffer being created. An attacker could use this vulnerability to write data past the end of the buffer, causing the browser to crash and potentially running arbitrary code on a victim's computer. (MFSA 2010-30/ CVE-2010-1199)\n\n - Security researcher Nils of MWR InfoSecurity reported that the routine for setting the text value for certain types of DOM nodes contained an integer overflow vulnerability. When a very long string was passed to this routine, the integer value used in creating a new memory buffer to hold the string would overflow, resulting in too small a buffer being allocated. An attacker could use this vulnerability to write data past the end of the buffer, causing a crash and potentially running arbitrary code on a victim's computer. (MFSA 2010-29/ CVE-2010-1196)\n\n - Microsoft Vulnerability Research reported that two plugin instances could interact in a way in which one plugin gets a reference to an object owned by a second plugin and continues to hold that reference after the second plugin is unloaded and its object is destroyed.\n In these cases, the first plugin would contain a pointer to freed memory which, if accessed, could be used by an attacker to execute arbitrary code on a victim's computer. (MFSA 2010-28/ CVE-2010-1198)\n\n - Security researcher Wushi of Team509 reported that the frame construction process for certain types of menus could result in a menu containing a pointer to a previously freed menu item. During the cycle collection process, this freed item could be accessed, resulting in the execution of a section of code potentially controlled by an attacker. (MFSA 2010-27/ CVE-2010-0183)\n\n - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2010-26/ CVE-2010-1200 / CVE-2010-1201 / CVE-2010-1202 / CVE-2010-1203)\n\n - A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint's Zero Day Initiative. By moving DOM nodes between documents, Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object. The exploit only affects Firefox 3.6 and not earlier versions.\n Updated (June 22, 2010): Firefox 3.5, SeaMonkey 2.0, and Thunderbird 3.0 based on earlier versions of the browser engine were patched just in case there is an alternate way of triggering the underlying flaw. (MFSA 2010-25/ CVE-2010-1121)", "published": "2010-12-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=50873", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1121", "CVE-2010-1196", "CVE-2010-1201", "CVE-2010-0183", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2016-09-26T17:25:57"}], "ubuntu": [{"id": "USN-943-1", "type": "ubuntu", "title": "Thunderbird vulnerabilities", "description": "Martin Barbella discovered an integer overflow in an XSLT node sorting \nroutine. An attacker could exploit this to overflow a buffer and cause a \ndenial of service or possibly execute arbitrary code with the privileges of \nthe user invoking the program. ([CVE-2010-1199](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1199>))\n\nAn integer overflow was discovered in Thunderbird. If a user were tricked \ninto viewing malicious content, an attacker could overflow a buffer and \ncause a denial of service or possibly execute arbitrary code with the \nprivileges of the user invoking the program. ([CVE-2010-1196](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1196>))\n\nSeveral flaws were discovered in the browser engine of Thunderbird. If a \nuser were tricked into viewing a malicious site, a remote attacker could \ncause a denial of service or possibly execute arbitrary code with the \nprivileges of the user invoking the program. ([CVE-2010-1200](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1200>), [CVE-2010-1201](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1201>), \n[CVE-2010-1202](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1202>), [CVE-2010-1203](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1203>))\n\nIf was discovered that Thunderbird could be made to access freed memory. If \na user were tricked into viewing a malicious site, a remote attacker could \ncause a denial of service or possibly execute arbitrary code with the \nprivileges of the user invoking the program. ([CVE-2010-1121](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1121>))", "published": "2010-07-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/usn/usn-943-1/", "cvelist": ["CVE-2010-1203", "CVE-2010-1200", "CVE-2010-1121", "CVE-2010-1196", "CVE-2010-1201", "CVE-2010-1202", "CVE-2010-1199"], "lastseen": "2017-08-09T19:13:39"}, {"id": "USN-930-2", "type": "ubuntu", "title": "apturl, Epiphany, gecko-sharp, gnome-python-extras, liferea, rhythmbox, totem, ubufox, yelp update", "description": "USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update \nprovides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2 on \nUbuntu 8.04 LTS.\n\nOriginal advisory details:\n\nIf was discovered that Firefox could be made to access freed memory. If a \nuser were tricked into viewing a malicious site, a remote attacker could \ncause a denial of service or possibly execute arbitrary code with the \nprivileges of the user invoking the program. This issue only affected \nUbuntu 8.04 LTS. ([CVE-2010-1121](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1121>)) \n \nSeveral flaws were discovered in the browser engine of Firefox. If a \nuser were tricked into viewing a malicious site, a remote attacker could \ncause a denial of service or possibly execute arbitrary code with the \nprivileges of the user invoking the program. ([CVE-2010-1200](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1200>), [CVE-2010-1201](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1201>), \n[CVE-2010-1202](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1202>), [CVE-2010-1203](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1203>)) \n \nA flaw was discovered in the way plugin instances interacted. An attacker \ncould potentially exploit this and use one plugin to access freed memory from a \nsecond plugin to execute arbitrary code with the privileges of the user \ninvoking the program. ([CVE-2010-1198](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1198>)) \n \nAn integer overflow was discovered in Firefox. If a user were tricked into \nviewing a malicious site, an attacker could overflow a buffer and cause a \ndenial of service or possibly execute arbitrary code with the privileges of \nthe user invoking the program. ([CVE-2010-1196](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1196>)) \n \nMartin Barbella discovered an integer overflow in an XSLT node sorting \nroutine. An attacker could exploit this to overflow a buffer and cause a \ndenial of service or possibly execute arbitrary code with the privileges of \nthe user invoking the program. ([CVE-2010-1199](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1199>)) \n \nMichal Zalewski discovered that the focus behavior of Firefox could be \nsubverted. If a user were tricked into viewing a malicious site, a remote \nattacker could use this to capture keystrokes. ([CVE-2010-1125](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1125>)) \n \nIlja van Sprundel discovered that the 'Content-Disposition: attachment' \nHTTP header was ignored when 'Content-Type: multipart' was also present. \nUnder certain circumstances, this could potentially lead to cross-site \nscripting attacks. ([CVE-2010-1197](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1197>)) \n \nAmit Klein discovered that Firefox did not seed its random number generator \noften enough. An attacker could exploit this to identify and track users \nacross different web sites. ([CVE-2008-5913](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2008-5913>))", "published": "2010-06-29T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/usn/usn-930-2/", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1121", "CVE-2010-1196", "CVE-2010-1201", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2017-08-09T19:13:17"}, {"id": "USN-930-6", "type": "ubuntu", "title": "Firefox and Xulrunner vulnerability", "description": "USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert \ndiscovered that the fix for [CVE-2010-1214](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1214>) introduced a regression which did \nnot properly initialize a plugin pointer. If a user were tricked into \nviewing a malicious site, a remote attacker could use this to crash the \nbrowser or run arbitrary code as the user invoking the program. \n([CVE-2010-2755](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-2755>))\n\nThis update fixes the problem.\n\nOriginal advisory details:\n\nIf was discovered that Firefox could be made to access freed memory. If a \nuser were tricked into viewing a malicious site, a remote attacker could \ncause a denial of service or possibly execute arbitrary code with the \nprivileges of the user invoking the program. This issue only affected \nUbuntu 8.04 LTS. ([CVE-2010-1121](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1121>)) \n \nSeveral flaws were discovered in the browser engine of Firefox. If a \nuser were tricked into viewing a malicious site, a remote attacker could \ncause a denial of service or possibly execute arbitrary code with the \nprivileges of the user invoking the program. ([CVE-2010-1200](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1200>), [CVE-2010-1201](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1201>), \n[CVE-2010-1202](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1202>), [CVE-2010-1203](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1203>)) \n \nA flaw was discovered in the way plugin instances interacted. An attacker \ncould potentially exploit this and use one plugin to access freed memory from a \nsecond plugin to execute arbitrary code with the privileges of the user \ninvoking the program. ([CVE-2010-1198](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1198>)) \n \nAn integer overflow was discovered in Firefox. If a user were tricked into \nviewing a malicious site, an attacker could overflow a buffer and cause a \ndenial of service or possibly execute arbitrary code with the privileges of \nthe user invoking the program. ([CVE-2010-1196](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1196>)) \n \nMartin Barbella discovered an integer overflow in an XSLT node sorting \nroutine. An attacker could exploit this to overflow a buffer and cause a \ndenial of service or possibly execute arbitrary code with the privileges of \nthe user invoking the program. ([CVE-2010-1199](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1199>)) \n \nMichal Zalewski discovered that the focus behavior of Firefox could be \nsubverted. If a user were tricked into viewing a malicious site, a remote \nattacker could use this to capture keystrokes. ([CVE-2010-1125](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1125>)) \n \nIlja van Sprundel discovered that the 'Content-Disposition: attachment' \nHTTP header was ignored when 'Content-Type: multipart' was also present. \nUnder certain circumstances, this could potentially lead to cross-site \nscripting attacks. ([CVE-2010-1197](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1197>)) \n \nAmit Klein discovered that Firefox did not seed its random number generator \noften enough. An attacker could exploit this to identify and track users \nacross different web sites. ([CVE-2008-5913](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2008-5913>))", "published": "2010-07-26T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/usn/usn-930-6/", "cvelist": ["CVE-2010-1203", "CVE-2010-1214", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1121", "CVE-2010-1196", "CVE-2010-1201", "CVE-2010-2755", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2017-08-09T19:12:42"}, {"id": "USN-930-3", "type": "ubuntu", "title": "Firefox regression", "description": "USN-930-1 fixed vulnerabilities in Firefox. Due to a software packaging \nproblem, the Firefox 3.6 update could not be installed when the firefox-2 \npackage was also installed. This update fixes the problem and updates \napturl for the change.\n\nOriginal advisory details:\n\nIf was discovered that Firefox could be made to access freed memory. If a \nuser were tricked into viewing a malicious site, a remote attacker could \ncause a denial of service or possibly execute arbitrary code with the \nprivileges of the user invoking the program. This issue only affected \nUbuntu 8.04 LTS. ([CVE-2010-1121](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1121>)) \n \nSeveral flaws were discovered in the browser engine of Firefox. If a \nuser were tricked into viewing a malicious site, a remote attacker could \ncause a denial of service or possibly execute arbitrary code with the \nprivileges of the user invoking the program. ([CVE-2010-1200](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1200>), [CVE-2010-1201](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1201>), \n[CVE-2010-1202](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1202>), [CVE-2010-1203](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1203>)) \n \nA flaw was discovered in the way plugin instances interacted. An attacker \ncould potentially exploit this and use one plugin to access freed memory from a \nsecond plugin to execute arbitrary code with the privileges of the user \ninvoking the program. ([CVE-2010-1198](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1198>)) \n \nAn integer overflow was discovered in Firefox. If a user were tricked into \nviewing a malicious site, an attacker could overflow a buffer and cause a \ndenial of service or possibly execute arbitrary code with the privileges of \nthe user invoking the program. ([CVE-2010-1196](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1196>)) \n \nMartin Barbella discovered an integer overflow in an XSLT node sorting \nroutine. An attacker could exploit this to overflow a buffer and cause a \ndenial of service or possibly execute arbitrary code with the privileges of \nthe user invoking the program. ([CVE-2010-1199](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1199>)) \n \nMichal Zalewski discovered that the focus behavior of Firefox could be \nsubverted. If a user were tricked into viewing a malicious site, a remote \nattacker could use this to capture keystrokes. ([CVE-2010-1125](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1125>)) \n \nIlja van Sprundel discovered that the 'Content-Disposition: attachment' \nHTTP header was ignored when 'Content-Type: multipart' was also present. \nUnder certain circumstances, this could potentially lead to cross-site \nscripting attacks. ([CVE-2010-1197](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1197>)) \n \nAmit Klein discovered that Firefox did not seed its random number generator \noften enough. An attacker could exploit this to identify and track users \nacross different web sites. ([CVE-2008-5913](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2008-5913>))", "published": "2010-06-30T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/usn/usn-930-3/", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1121", "CVE-2010-1196", "CVE-2010-1201", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2017-08-09T19:13:59"}, {"id": "USN-930-1", "type": "ubuntu", "title": "Firefox and Xulrunner vulnerabilities", "description": "If was discovered that Firefox could be made to access freed memory. If a \nuser were tricked into viewing a malicious site, a remote attacker could \ncause a denial of service or possibly execute arbitrary code with the \nprivileges of the user invoking the program. This issue only affected \nUbuntu 8.04 LTS. ([CVE-2010-1121](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1121>))\n\nSeveral flaws were discovered in the browser engine of Firefox. If a \nuser were tricked into viewing a malicious site, a remote attacker could \ncause a denial of service or possibly execute arbitrary code with the \nprivileges of the user invoking the program. ([CVE-2010-1200](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1200>), [CVE-2010-1201](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1201>), \n[CVE-2010-1202](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1202>), [CVE-2010-1203](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1203>))\n\nA flaw was discovered in the way plugin instances interacted. An attacker \ncould potentially exploit this and use one plugin to access freed memory from a \nsecond plugin to execute arbitrary code with the privileges of the user \ninvoking the program. ([CVE-2010-1198](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1198>))\n\nAn integer overflow was discovered in Firefox. If a user were tricked into \nviewing a malicious site, an attacker could overflow a buffer and cause a \ndenial of service or possibly execute arbitrary code with the privileges of \nthe user invoking the program. ([CVE-2010-1196](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1196>))\n\nMartin Barbella discovered an integer overflow in an XSLT node sorting \nroutine. An attacker could exploit this to overflow a buffer and cause a \ndenial of service or possibly execute arbitrary code with the privileges of \nthe user invoking the program. ([CVE-2010-1199](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1199>))\n\nMichal Zalewski discovered that the focus behavior of Firefox could be \nsubverted. If a user were tricked into viewing a malicious site, a remote \nattacker could use this to capture keystrokes. ([CVE-2010-1125](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1125>))\n\nIlja van Sprundel discovered that the 'Content-Disposition: attachment' \nHTTP header was ignored when 'Content-Type: multipart' was also present. \nUnder certain circumstances, this could potentially lead to cross-site \nscripting attacks. ([CVE-2010-1197](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1197>))\n\nAmit Klein discovered that Firefox did not seed its random number generator \noften enough. An attacker could exploit this to identify and track users \nacross different web sites. ([CVE-2008-5913](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2008-5913>))", "published": "2010-06-29T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/usn/usn-930-1/", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1121", "CVE-2010-1196", "CVE-2010-1201", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2017-08-09T19:14:08"}, {"id": "USN-930-4", "type": "ubuntu", "title": "Firefox and Xulrunner vulnerabilities", "description": "USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update \nprovides the corresponding updates for Ubuntu 9.04 and 9.10, along with \nadditional updates affecting Firefox 3.6.6.\n\nSeveral flaws were discovered in the browser engine of Firefox. If a user \nwere tricked into viewing a malicious site, a remote attacker could use \nthis to crash the browser or possibly run arbitrary code as the user \ninvoking the program. ([CVE-2010-1208](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1208>), [CVE-2010-1209](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1209>), [CVE-2010-1211](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1211>), \n[CVE-2010-1212](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1212>))\n\nAn integer overflow was discovered in how Firefox processed plugin \nparameters. An attacker could exploit this to crash the browser or possibly \nrun arbitrary code as the user invoking the program. ([CVE-2010-1214](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1214>))\n\nA flaw was discovered in the Firefox JavaScript engine. If a user were \ntricked into viewing a malicious site, a remote attacker code execute \narbitrary JavaScript with chrome privileges. ([CVE-2010-1215](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1215>))\n\nAn integer overflow was discovered in how Firefox processed CSS values. An \nattacker could exploit this to crash the browser or possibly run arbitrary \ncode as the user invoking the program. ([CVE-2010-2752](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-2752>))\n\nAn integer overflow was discovered in how Firefox interpreted the XUL \n<tree> element. If a user were tricked into viewing a malicious site, a \nremote attacker could use this to crash the browser or possibly run \narbitrary code as the user invoking the program. ([CVE-2010-2753](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-2753>))\n\nAki Helin discovered that libpng did not properly handle certain malformed \nPNG images. If a user were tricked into opening a crafted PNG file, an \nattacker could cause a denial of service or possibly execute arbitrary code \nwith the privileges of the user invoking the program. ([CVE-2010-1205](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1205>))\n\nYosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin \ncheck in Firefox could be bypassed by utilizing the importScripts Web \nWorker method. If a user were tricked into viewing a malicious website, an \nattacker could exploit this to read data from other domains. \n([CVE-2010-1213](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1213>), [CVE-2010-1207](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1207>))\n\nO. Andersen that Firefox did not properly map undefined positions within \ncertain 8 bit encodings. An attacker could utilize this to perform \ncross-site scripting attacks. ([CVE-2010-1210](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1210>))\n\nMichal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no \ncontent) code. An attacker could exploit this to spoof the location bar, \nsuch as in a phishing attack. ([CVE-2010-1206](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1206>))\n\nJordi Chancel discovered that Firefox did not properly handle when a server \nresponds to an HTTPS request with plaintext and then processes JavaScript \nhistory events. An attacker could exploit this to spoof the location bar, \nsuch as in a phishing attack. ([CVE-2010-2751](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-2751>))\n\nChris Evans discovered that Firefox did not properly process improper CSS \nselectors. If a user were tricked into viewing a malicious website, an \nattacker could exploit this to read data from other domains. \n([CVE-2010-0654](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-0654>))\n\nSoroush Dalili discovered that Firefox did not properly handle script error \noutput. An attacker could use this to access URL parameters from other \ndomains. ([CVE-2010-2754](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-2754>))\n\nOriginal advisory details:\n\nIf was discovered that Firefox could be made to access freed memory. If a \nuser were tricked into viewing a malicious site, a remote attacker could \ncause a denial of service or possibly execute arbitrary code with the \nprivileges of the user invoking the program. ([CVE-2010-1121](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1121>)) \n \nSeveral flaws were discovered in the browser engine of Firefox. If a \nuser were tricked into viewing a malicious site, a remote attacker could \ncause a denial of service or possibly execute arbitrary code with the \nprivileges of the user invoking the program. ([CVE-2010-1200](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1200>), [CVE-2010-1201](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1201>), \n[CVE-2010-1202](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1202>), [CVE-2010-1203](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1203>)) \n \nA flaw was discovered in the way plugin instances interacted. An attacker \ncould potentially exploit this and use one plugin to access freed memory from a \nsecond plugin to execute arbitrary code with the privileges of the user \ninvoking the program. ([CVE-2010-1198](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1198>)) \n \nAn integer overflow was discovered in Firefox. If a user were tricked into \nviewing a malicious site, an attacker could overflow a buffer and cause a \ndenial of service or possibly execute arbitrary code with the privileges of \nthe user invoking the program. ([CVE-2010-1196](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1196>)) \n \nMartin Barbella discovered an integer overflow in an XSLT node sorting \nroutine. An attacker could exploit this to overflow a buffer and cause a \ndenial of service or possibly execute arbitrary code with the privileges of \nthe user invoking the program. ([CVE-2010-1199](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1199>)) \n \nMichal Zalewski discovered that the focus behavior of Firefox could be \nsubverted. If a user were tricked into viewing a malicious site, a remote \nattacker could use this to capture keystrokes. ([CVE-2010-1125](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1125>)) \n \nIlja van Sprundel discovered that the 'Content-Disposition: attachment' \nHTTP header was ignored when 'Content-Type: multipart' was also present. \nUnder certain circumstances, this could potentially lead to cross-site \nscripting attacks. ([CVE-2010-1197](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1197>)) \n \nAmit Klein discovered that Firefox did not seed its random number generator \noften enough. An attacker could exploit this to identify and track users \nacross different web sites. ([CVE-2008-5913](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2008-5913>))", "published": "2010-07-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/usn/usn-930-4/", "cvelist": ["CVE-2010-0654", "CVE-2010-1203", "CVE-2010-1214", "CVE-2010-1205", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1213", "CVE-2010-1210", "CVE-2010-1197", "CVE-2010-1207", "CVE-2010-1212", "CVE-2010-1206", "CVE-2010-1211", "CVE-2010-1121", "CVE-2010-2753", "CVE-2010-1215", "CVE-2010-1196", "CVE-2010-1201", "CVE-2008-5913", "CVE-2010-2751", "CVE-2010-1208", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1209", "CVE-2010-2754", "CVE-2010-1198", "CVE-2010-2752"], "lastseen": "2017-08-09T19:13:48"}, {"id": "USN-930-5", "type": "ubuntu", "title": "ant, apturl, Epiphany, gluezilla, gnome-python-extras, liferea, mozvoikko, OpenJDK, packagekit, ubufox, webfav, yelp update", "description": "USN-930-4 fixed vulnerabilities in Firefox and Xulrunner on Ubuntu 9.04 and \n9.10. This update provides updated packages for use with Firefox 3.6 and \nXulrunner 1.9.2.\n\nOriginal advisory details:\n\nIf was discovered that Firefox could be made to access freed memory. If a \nuser were tricked into viewing a malicious site, a remote attacker could \ncause a denial of service or possibly execute arbitrary code with the \nprivileges of the user invoking the program. This issue only affected \nUbuntu 8.04 LTS. ([CVE-2010-1121](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1121>)) \n \nSeveral flaws were discovered in the browser engine of Firefox. If a \nuser were tricked into viewing a malicious site, a remote attacker could \ncause a denial of service or possibly execute arbitrary code with the \nprivileges of the user invoking the program. ([CVE-2010-1200](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1200>), [CVE-2010-1201](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1201>), \n[CVE-2010-1202](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1202>), [CVE-2010-1203](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1203>)) \n \nA flaw was discovered in the way plugin instances interacted. An attacker \ncould potentially exploit this and use one plugin to access freed memory from a \nsecond plugin to execute arbitrary code with the privileges of the user \ninvoking the program. ([CVE-2010-1198](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1198>)) \n \nAn integer overflow was discovered in Firefox. If a user were tricked into \nviewing a malicious site, an attacker could overflow a buffer and cause a \ndenial of service or possibly execute arbitrary code with the privileges of \nthe user invoking the program. ([CVE-2010-1196](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1196>)) \n \nMartin Barbella discovered an integer overflow in an XSLT node sorting \nroutine. An attacker could exploit this to overflow a buffer and cause a \ndenial of service or possibly execute arbitrary code with the privileges of \nthe user invoking the program. ([CVE-2010-1199](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1199>)) \n \nMichal Zalewski discovered that the focus behavior of Firefox could be \nsubverted. If a user were tricked into viewing a malicious site, a remote \nattacker could use this to capture keystrokes. ([CVE-2010-1125](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1125>)) \n \nIlja van Sprundel discovered that the 'Content-Disposition: attachment' \nHTTP header was ignored when 'Content-Type: multipart' was also present. \nUnder certain circumstances, this could potentially lead to cross-site \nscripting attacks. ([CVE-2010-1197](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1197>)) \n \nAmit Klein discovered that Firefox did not seed its random number generator \noften enough. An attacker could exploit this to identify and track users \nacross different web sites. ([CVE-2008-5913](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2008-5913>)) \n \nSeveral flaws were discovered in the browser engine of Firefox. If a user \nwere tricked into viewing a malicious site, a remote attacker could use \nthis to crash the browser or possibly run arbitrary code as the user \ninvoking the program. ([CVE-2010-1208](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1208>), [CVE-2010-1209](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1209>), [CVE-2010-1211](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1211>), \n[CVE-2010-1212](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1212>)) \n \nAn integer overflow was discovered in how Firefox processed plugin \nparameters. An attacker could exploit this to crash the browser or possibly \nrun arbitrary code as the user invoking the program. ([CVE-2010-1214](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1214>)) \n \nA flaw was discovered in the Firefox JavaScript engine. If a user were \ntricked into viewing a malicious site, a remote attacker code execute \narbitrary JavaScript with chrome privileges. ([CVE-2010-1215](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1215>)) \n \nAn integer overflow was discovered in how Firefox processed CSS values. An \nattacker could exploit this to crash the browser or possibly run arbitrary \ncode as the user invoking the program. ([CVE-2010-2752](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-2752>)) \n \nAn integer overflow was discovered in how Firefox interpreted the XUL \n<tree> element. If a user were tricked into viewing a malicious site, a \nremote attacker could use this to crash the browser or possibly run \narbitrary code as the user invoking the program. ([CVE-2010-2753](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-2753>)) \n \nAki Helin discovered that libpng did not properly handle certain malformed \nPNG images. If a user were tricked into opening a crafted PNG file, an \nattacker could cause a denial of service or possibly execute arbitrary code \nwith the privileges of the user invoking the program. ([CVE-2010-1205](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1205>)) \n \nYosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin \ncheck in Firefox could be bypassed by utilizing the importScripts Web \nWorker method. If a user were tricked into viewing a malicious website, an \nattacker could exploit this to read data from other domains. \n([CVE-2010-1213](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1213>), [CVE-2010-1207](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1207>)) \n \nO. Andersen that Firefox did not properly map undefined positions within \ncertain 8 bit encodings. An attacker could utilize this to perform \ncross-site scripting attacks. ([CVE-2010-1210](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1210>)) \n \nMichal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no \ncontent) code. An attacker could exploit this to spoof the location bar, \nsuch as in a phishing attack. ([CVE-2010-1206](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-1206>)) \n \nJordi Chancel discovered that Firefox did not properly handle when a server \nresponds to an HTTPS request with plaintext and then processes JavaScript \nhistory events. An attacker could exploit this to spoof the location bar, \nsuch as in a phishing attack. ([CVE-2010-2751](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-2751>)) \n \nChris Evans discovered that Firefox did not properly process improper CSS \nselectors. If a user were tricked into viewing a malicious website, an \nattacker could exploit this to read data from other domains. \n([CVE-2010-0654](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-0654>)) \n \nSoroush Dalili discovered that Firefox did not properly handle script error \noutput. An attacker could use this to access URL parameters from other \ndomains. ([CVE-2010-2754](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-2754>))", "published": "2010-07-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/usn/usn-930-5/", "cvelist": ["CVE-2010-0654", "CVE-2010-1203", "CVE-2010-1214", "CVE-2010-1205", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1213", "CVE-2010-1210", "CVE-2010-1197", "CVE-2010-1207", "CVE-2010-1212", "CVE-2010-1206", "CVE-2010-1211", "CVE-2010-1121", "CVE-2010-2753", "CVE-2010-1215", "CVE-2010-1196", "CVE-2010-1201", "CVE-2008-5913", "CVE-2010-2751", "CVE-2010-1208", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1209", "CVE-2010-2754", "CVE-2010-1198", "CVE-2010-2752"], "lastseen": "2017-08-09T19:11:43"}], "oraclelinux": [{"id": "ELSA-2010-0500", "type": "oraclelinux", "title": "firefox security, bug fix, and enhancement update", "description": "[3.6.4-8.0.1.el4]\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\n and remove the corresponding Red Hat ones\n[3.6.4-8.el4]\n- Update to 3.6.4 build 7\n- Disable checking for updates since they can't be applied\n[3.6.4-7.el4]\n- Update to 3.6.4 build 6\n[3.6.4-6.el4]\n- Update to 3.6.4 build 5\n[3.6.4-5.el4]\n- Update to 3.6.4 build 4\n[3.6.4-3.el4]\n- Update to 3.6.4 build 3\n[3.6.4-2.el4]\n- Update to 3.6.4 build 2\n[3.6.4-1.el4]\n- Update to 3.6.4\n[3.6.3-2.el4]\n- s390(x) build fix\n[3.6.3-1.el4]\n- Rebase to 3.6.3 ", "published": "2010-06-23T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0500.html", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1121", "CVE-2010-1196", "CVE-2009-5017", "CVE-2010-0182", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2016-09-04T11:15:59"}, {"id": "ELSA-2010-0501", "type": "oraclelinux", "title": "firefox security, bug fix, and enhancement update", "description": "devhelp:\n[0.12-21]\n- Rebuild against xulrunner\nesc:\n[1.1.0-12]\n- Rebuild for xulrunner update\nfirefox:\n[3.6.4-8.0.1.el5]\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\n and remove the corresponding Red Hat ones\n[3.6.4-8]\n- Fixing NVR\n[3.6.4-7]\n- Update to 3.6.4 build7\n- Disable checking for updates since they can't be applied\n[3.6.4-6]\n- Update to 3.6.4 build6\n[3.6.4-5]\n- Update to 3.6.4 build5\n[3.6.4-4]\n- Update to 3.6.4 build4\n[3.6.4-3]\n- Update to 3.6.4 build 3\n[3.6.4-2]\n- Update to 3.6.4 build 2\n[3.6.4-1]\n- Update to 3.6.4\n[3.6.3-3]\n- Fixed language packs (#581392)\n[3.6.3-2]\n- Fixed multilib conflict\n[3.6.3-1]\n- Rebase to 3.6.3\ngnome-python2-extras:\n[2.14.2-7]\n- rebuild agains xulrunner\ntotem:\n[2.16.7-7]\n- rebuild against new xulrunner\nxulrunner:\n[1.9.2.4-9.0.1]\n- Added xulrunner-oracle-default-prefs.js and removed the corresponding\n RedHat one.\n[1.9.2.4-9]\n- Update to 1.9.2.4 build 7\n[1.9.2.4-8]\n- Update to 1.9.2.4 build 6\n[1.9.2.4-7]\n- Update to 1.9.2.4 build 5\n[1.9.2.4-6]\n- Update to 1.9.2.4 build 4\n- Fixed mozbz#546270 patch\n[1.9.2.4-5]\n- Update to 1.9.2.4 build 3\n[1.9.2.4-4]\n- Update to 1.9.2.4 build 2\n- Enabled oopp\n[1.9.2.4-3]\n- Disabled libnotify\n[1.9.2.4-2]\n- Disabled oopp, causes TEXTREL\n[1.9.2.4-1]\n- Update to 1.9.2.4\n[1.9.2.3-3]\n- fixed js-config.h multilib conflict\n- fixed file list\n[1.9.2.3-2]\n- Added fix for rhbz#555760 - Firefox Javascript anomily, \n landscape print orientation reverts to portrait (mozbz#546270)\n[1.9.2.3-1]\n- Update to 1.9.2.3\n[1.9.2.2-1]\n- Rebase to 1.9.2.2\nyelp:\n[2.16.0-26]\n- rebuild against xulrunner\n[2.16.0-25]\n- rebuild against xulrunner\n- added xulrunner fix\n- added -fno-strict-aliasing to build flags", "published": "2010-06-23T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0501.html", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1121", "CVE-2010-1196", "CVE-2009-5017", "CVE-2010-0182", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2016-09-04T11:16:09"}, {"id": "ELSA-2010-0499", "type": "oraclelinux", "title": "seamonkey security update", "description": "[1.0.9-58.0.1.el4_8]\n- Added mozilla-oracle-default-prefs.js and mozilla-oracle-default-bookmarks.html\n and emoved corresponding RedHat ones\n[1.0.9-58.el4]\n- Added fix for mozbz#555109\n[1.0.9-57.el4]\n- Added fixes from 1.9.1.10\n[1.0.9-55.el4]\n- Added fix for mozbz#537356 ", "published": "2010-06-22T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0499.html", "cvelist": ["CVE-2010-1200", "CVE-2010-1197", "CVE-2010-0163", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2016-09-04T11:17:02"}, {"id": "ELSA-2010-0544", "type": "oraclelinux", "title": "thunderbird security update", "description": "[1.5.0.12-28.0.1.el4]\n- Add thunderbird-oracle-default-prefs.js for errata rebuild and remove\n thunderbird-redhat-default-prefs.js\n- Replaced clean.gif in tarball\n[1.5.0.12-28]\n- Added fixes from 1.9.1.11\n[1.5.0.12-26]\n- Added patches from 1.9.1.10 ", "published": "2010-07-21T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0544.html", "cvelist": ["CVE-2010-0176", "CVE-2010-1214", "CVE-2010-0174", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-1197", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-0177", "CVE-2010-1199", "CVE-2010-2754", "CVE-2010-1198"], "lastseen": "2016-09-04T11:16:58"}], "suse": [{"id": "SUSE-SA:2010:030", "type": "suse", "title": "remote code execution in MozillaFirefox,mozilla-xulrunner191", "description": "Mozilla Firefox was updated to version 3.5.10, fixing various bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2010-07-09T14:53:59", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1121", "CVE-2010-1196", "CVE-2010-1201", "CVE-2010-0183", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2016-09-04T11:29:42"}, {"id": "OPENSUSE-SU-2014:1100-1", "type": "suse", "title": "Firefox update to 31.1esr (important)", "description": "This patch contains security updates for\n\n * mozilla-nss 3.16.4\n - The following 1024-bit root CA certificate was restored to allow more\n time to develop a better transition strategy for affected sites. It\n was removed in NSS 3.16.3, but discussion in the\n mozilla.dev.security.policy forum led to the decision to keep this\n root included longer in order to give website administrators more time\n to update their web servers.\n - CN = GTE CyberTrust Global Root\n * In NSS 3.16.3, the 1024-bit "Entrust.net Secure Server Certification\n Authority" root CA certificate was removed. In NSS 3.16.4, a 2048-bit\n intermediate CA certificate has been included, without explicit trust.\n The intention is to mitigate the effects of the previous removal of\n the 1024-bit Entrust.net root certificate, because many public\n Internet sites still use the "USERTrust Legacy Secure Server CA"\n intermediate certificate that is signed by the 1024-bit Entrust.net\n root certificate. The inclusion of the intermediate certificate is a\n temporary measure to allow those sites to function, by allowing them\n to find a trust path to another 2048-bit root CA certificate. The\n temporarily included intermediate certificate expires November 1, 2015.\n\n * Firefox 31.1esr Firefox is updated from 24esr to 31esr as maintenance\n for version 24 stopped\n\n", "published": "2014-09-09T18:04:16", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00004.html", "cvelist": ["CVE-2012-1945", "CVE-2011-3648", "CVE-2014-1505", "CVE-2014-1536", "CVE-2011-0061", "CVE-2011-0077", "CVE-2014-1513", "CVE-2012-0478", "CVE-2012-4193", "CVE-2012-0442", "CVE-2013-5601", "CVE-2013-1687", "CVE-2013-5612", "CVE-2013-1692", "CVE-2010-0654", "CVE-2012-1962", "CVE-2013-0743", "CVE-2012-0443", "CVE-2012-5842", "CVE-2012-4212", "CVE-2013-5595", "CVE-2010-0176", "CVE-2014-1530", "CVE-2011-0083", "CVE-2010-1203", "CVE-2013-1737", "CVE-2012-4214", "CVE-2008-1236", "CVE-2013-5611", "CVE-2012-1970", "CVE-2008-3835", "CVE-2013-1709", "CVE-2007-3738", "CVE-2012-3989", "CVE-2013-5616", "CVE-2013-1678", "CVE-2010-2762", "CVE-2012-5830", "CVE-2013-0763", "CVE-2014-1510", "CVE-2011-3026", "CVE-2012-0460", "CVE-2013-5613", "CVE-2012-1973", "CVE-2014-1522", "CVE-2011-3654", "CVE-2014-1567", "CVE-2012-1974", "CVE-2010-2766", "CVE-2012-4195", "CVE-2012-3986", "CVE-2013-0783", "CVE-2007-3734", "CVE-2011-2371", "CVE-2014-1481", "CVE-2013-1670", "CVE-2012-4185", "CVE-2010-3777", "CVE-2012-3991", "CVE-2013-1719", "CVE-2012-3968", "CVE-2013-1725", "CVE-2012-3963", "CVE-2014-1539", "CVE-2010-0174", "CVE-2012-0452", "CVE-2013-1735", "CVE-2012-1956", "CVE-2014-1487", "CVE-2012-3978", "CVE-2012-3985", "CVE-2013-0746", "CVE-2012-5829", "CVE-2009-1571", "CVE-2012-1944", "CVE-2012-5838", "CVE-2011-2986", "CVE-2010-1205", "CVE-2014-1538", "CVE-2012-4213", "CVE-2013-1685", "CVE-2012-0479", "CVE-2013-5609", "CVE-2007-3737", "CVE-2013-0766", "CVE-2007-3736", "CVE-2012-1940", "CVE-2013-1697", "CVE-2014-1484", "CVE-2014-1525", "CVE-2012-3993", "CVE-2013-5619", "CVE-2012-5837", "CVE-2008-5500", "CVE-2012-5836", "CVE-2014-1509", "CVE-2009-0772", "CVE-2013-0787", "CVE-2012-3995", "CVE-2012-4201", "CVE-2010-0159", "CVE-2009-0773", "CVE-2011-3659", "CVE-2011-3663", "CVE-2014-1494", "CVE-2014-1559", "CVE-2013-0747", "CVE-2012-0470", "CVE-2012-0446", "CVE-2008-4063", "CVE-2014-1537", "CVE-2013-1694", "CVE-2014-1523", "CVE-2012-1972", "CVE-2010-1200", "CVE-2010-0175", "CVE-2012-3988", "CVE-2012-0457", "CVE-2010-3778", "CVE-2012-3994", "CVE-2013-5615", "CVE-2013-1680", "CVE-2012-3962", "CVE-2012-0459", "CVE-2011-2362", "CVE-2014-1529", "CVE-2013-1724", "CVE-2010-1213", "CVE-2013-5597", "CVE-2012-5843", "CVE-2014-1543", "CVE-2014-1486", "CVE-2011-0085", "CVE-2013-5590", "CVE-2008-5510", "CVE-2011-0080", "CVE-2013-0780", "CVE-2008-5502", "CVE-2010-3765", "CVE-2013-1732", "CVE-2013-0744", "CVE-2013-0795", "CVE-2008-1237", "CVE-2013-1720", "CVE-2008-4070", "CVE-2013-0748", "CVE-2012-4183", "CVE-2010-3178", "CVE-2013-1679", "CVE-2007-3285", "CVE-2013-5610", "CVE-2013-0768", "CVE-2011-3661", "CVE-2012-4181", "CVE-2014-1532", "CVE-2013-6671", "CVE-2009-0040", "CVE-2011-3652", "CVE-2013-0755", "CVE-2008-4067", "CVE-2014-1548", "CVE-2011-2364", "CVE-2014-1531", "CVE-2013-0752", "CVE-2012-4186", "CVE-2014-1508", "CVE-2012-1948", "CVE-2008-5012", "CVE-2012-1938", "CVE-2013-0796", "CVE-2012-0449", "CVE-2010-3769", "CVE-2012-3969", "CVE-2014-1502", "CVE-2013-1723", "CVE-2013-0782", "CVE-2012-1953", "CVE-2012-1949", "CVE-2014-1542", "CVE-2012-0456", "CVE-2011-2372", "CVE-2010-3169", "CVE-2012-3970", "CVE-2011-0053", "CVE-2012-5840", "CVE-2010-3176", "CVE-2012-4191", "CVE-2010-3174", "CVE-2010-3768", "CVE-2014-1477", "CVE-2013-0800", "CVE-2010-1212", "CVE-2013-1681", "CVE-2010-1211", "CVE-2010-1121", "CVE-2013-0773", "CVE-2013-0754", "CVE-2010-3167", "CVE-2012-4202", "CVE-2010-3180", "CVE-2012-3957", "CVE-2011-3660", "CVE-2014-1540", "CVE-2014-1534", "CVE-2012-1941", "CVE-2013-1738", "CVE-2014-1482", "CVE-2014-1479", "CVE-2008-4066", "CVE-2008-5018", "CVE-2012-3984", "CVE-2014-1504", "CVE-2012-0444", "CVE-2011-3650", "CVE-2014-1511", "CVE-2010-2753", "CVE-2012-1946", "CVE-2010-3776", "CVE-2012-4182", "CVE-2008-1233", "CVE-2012-4187", "CVE-2012-3983", "CVE-2011-0062", "CVE-2008-0016", "CVE-2011-3101", "CVE-2010-3168", "CVE-2013-0788", "CVE-2013-1728", "CVE-2014-1545", "CVE-2010-0173", "CVE-2012-0472", "CVE-2013-5592", "CVE-2013-1730", "CVE-2008-4059", "CVE-2010-2764", "CVE-2014-1492", "CVE-2011-0081", "CVE-2009-0771", "CVE-2007-3670", "CVE-2012-1954", "CVE-2009-0774", "CVE-2014-1556", "CVE-2012-0461", "CVE-2011-2376", "CVE-2012-3958", "CVE-2012-0469", "CVE-2014-1563", "CVE-2014-1524", "CVE-2014-1512", "CVE-2012-1975", "CVE-2011-0075", "CVE-2013-1690", "CVE-2012-0464", "CVE-2013-0775", "CVE-2012-1967", "CVE-2013-5604", "CVE-2014-1514", "CVE-2010-3166", "CVE-2011-0074", "CVE-2013-0801", "CVE-2012-3956", "CVE-2010-2769", "CVE-2012-3982", "CVE-2009-3555", "CVE-2013-1714", "CVE-2011-2989", "CVE-2010-1196", "CVE-2008-5021", "CVE-2008-5017", "CVE-2013-0769", "CVE-2012-3966", "CVE-2013-0771", "CVE-2014-1490", "CVE-2012-5839", "CVE-2013-0757", "CVE-2014-1498", "CVE-2012-1961", "CVE-2010-3173", "CVE-2012-4216", "CVE-2008-4062", "CVE-2010-3179", "CVE-2010-0182", "CVE-2014-1565", "CVE-2012-3967", "CVE-2013-0749", "CVE-2011-3651", "CVE-2008-4060", "CVE-2007-3656", "CVE-2008-1234", "CVE-2012-1951", "CVE-2012-0475", "CVE-2014-1555", "CVE-2014-1564", "CVE-2012-1952", "CVE-2010-1201", "CVE-2013-0761", "CVE-2013-1669", "CVE-2010-1585", "CVE-2012-3959", "CVE-2012-0455", "CVE-2014-1558", "CVE-2011-0084", "CVE-2012-0759", "CVE-2007-3089", "CVE-2014-1519", "CVE-2013-1701", "CVE-2012-0474", "CVE-2012-3975", "CVE-2010-2768", "CVE-2008-5014", "CVE-2013-1684", "CVE-2008-4058", "CVE-2012-4184", "CVE-2012-0447", "CVE-2014-1547", "CVE-2011-3232", "CVE-2012-4205", "CVE-2014-1480", "CVE-2014-1500", "CVE-2011-0069", "CVE-2013-6630", "CVE-2008-5022", "CVE-2008-5512", "CVE-2014-1497", "CVE-2013-5596", "CVE-2012-3992", "CVE-2008-1235", "CVE-2013-1676", "CVE-2013-0789", "CVE-2008-5501", "CVE-2008-4068", "CVE-2008-5016", "CVE-2013-1675", "CVE-2014-1478", "CVE-2012-3980", "CVE-2008-5503", "CVE-2011-2374", "CVE-2012-1955", "CVE-2012-1960", "CVE-2012-0445", "CVE-2012-0462", "CVE-2012-4217", "CVE-2013-1686", "CVE-2013-0745", "CVE-2013-0756", "CVE-2012-4218", "CVE-2013-0760", "CVE-2011-2377", "CVE-2014-1485", "CVE-2014-1493", "CVE-2007-3735", "CVE-2011-3000", "CVE-2010-2765", "CVE-2014-1544", "CVE-2010-2767", "CVE-2011-0078", "CVE-2012-3960", "CVE-2010-3175", "CVE-2012-0451", "CVE-2011-3655", "CVE-2012-4180", "CVE-2013-0767", "CVE-2010-3182", "CVE-2009-0776", "CVE-2013-5603", "CVE-2012-1959", "CVE-2011-2363", "CVE-2011-0070", "CVE-2013-1682", "CVE-2012-1947", "CVE-2013-6673", "CVE-2013-1674", "CVE-2013-0762", "CVE-2014-1562", "CVE-2010-3170", "CVE-2011-3005", "CVE-2012-4208", "CVE-2011-3658", "CVE-2014-1541", "CVE-2011-2373", "CVE-2008-5511", "CVE-2011-2992", "CVE-2014-1488", "CVE-2012-1957", "CVE-2012-1958", "CVE-2008-4064", "CVE-2012-1976", "CVE-2011-1187", "CVE-2012-5835", "CVE-2014-1552", "CVE-2010-3183", "CVE-2010-1202", "CVE-2012-0468", "CVE-2013-5599", "CVE-2014-1553", "CVE-2014-1549", "CVE-2013-1713", "CVE-2008-5508", "CVE-2012-3972", "CVE-2012-4207", "CVE-2011-2988", "CVE-2008-4061", "CVE-2013-5591", "CVE-2010-1199", "CVE-2012-4204", "CVE-2013-5602", "CVE-2011-2985", "CVE-2012-4192", "CVE-2011-2987", "CVE-2012-4188", "CVE-2012-0441", "CVE-2013-0774", "CVE-2008-5024", "CVE-2013-0753", "CVE-2012-5833", "CVE-2014-1557", "CVE-2013-1736", "CVE-2014-1526", "CVE-2013-0776", "CVE-2012-3964", "CVE-2013-5593", "CVE-2014-1550", "CVE-2013-1718", "CVE-2012-5841", "CVE-2014-1533", "CVE-2013-1717", "CVE-2010-2754", "CVE-2008-5507", "CVE-2012-3990", "CVE-2014-1491", "CVE-2013-6672", "CVE-2013-5614", "CVE-2008-4065", "CVE-2013-1693", "CVE-2010-2760", "CVE-2013-0750", "CVE-2012-1937", "CVE-2014-1560", "CVE-2012-4215", "CVE-2013-6629", "CVE-2012-0463", "CVE-2013-1677", "CVE-2011-2991", "CVE-2013-0770", "CVE-2013-0793", "CVE-2012-4179", "CVE-2011-3001", "CVE-2014-1483", "CVE-2014-1489", "CVE-2011-3062", "CVE-2012-0477", "CVE-2013-1722", "CVE-2012-0473", "CVE-2012-4194", "CVE-2011-2365", "CVE-2012-4209", "CVE-2012-1963", "CVE-2012-4196", "CVE-2008-5506", "CVE-2013-1710", "CVE-2012-0467", "CVE-2012-0458", "CVE-2013-0758", "CVE-2013-5600", "CVE-2010-2752", "CVE-2014-1499", "CVE-2014-1518", "CVE-2012-0471", "CVE-2012-3961", "CVE-2014-1561", "CVE-2012-3971", "CVE-2013-0764", "CVE-2014-1528", "CVE-2013-5618", "CVE-2011-0072"], "lastseen": "2016-09-04T12:21:58"}], "freebsd": [{"id": "99858B7C-7ECE-11DF-A007-000F20797EDE", "type": "freebsd", "title": "mozilla -- multiple vulnerabilities", "description": "\nMozilla Project reports:\n\nMFSA 2010-33 User tracking across sites using Math.random()\nMFSA 2010-32 Content-Disposition: attachment ignored if Content-Type: multipart also present\nMFSA 2010-31 focus() behavior can be used to inject or steal keystrokes\nMFSA 2010-30 Integer Overflow in XSLT Node Sorting\nMFSA 2010-29 Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal\nMFSA 2010-28 Freed object reuse across plugin instances\nMFSA 2010-27 Use-after-free error in nsCycleCollector::MarkRoots()\nMFSA 2010-26 Crashes with evidence of memory corruption (rv:1.9.2.4/ 1.9.1.10)\nMFSA 2010-25 Re-use of freed object due to scope confusion\n\n", "published": "2010-06-22T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/99858b7c-7ece-11df-a007-000f20797ede.html", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1121", "CVE-2010-1196", "CVE-2010-1201", "CVE-2010-0183", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2016-09-26T17:24:48"}, {"id": "EC8F449F-40ED-11DF-9EDC-000F20797EDE", "type": "freebsd", "title": "firefox -- Re-use of freed object due to scope confusion", "description": "\nMozilla Project reports:\n\nMFSA 2009-25 Re-use of freed object due to scope confusion\n\n", "published": "2010-04-01T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/ec8f449f-40ed-11df-9edc-000f20797ede.html", "cvelist": ["CVE-2010-1121"], "lastseen": "2016-09-26T17:24:49"}], "centos": [{"id": "CESA-2010:0501", "type": "centos", "title": "devhelp, esc, firefox, gnome, totem, xulrunner, yelp security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0501\n\n\nMozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203)\n\nA flaw was found in the way browser plug-ins interact. It was possible for\na plug-in to reference the freed memory from a different plug-in, resulting\nin the execution of arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-1198)\n\nSeveral integer overflow flaws were found in the processing of malformed\nweb content. A web page containing malicious content could cause Firefox to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running Firefox. (CVE-2010-1196, CVE-2010-1199)\n\nA focus stealing flaw was found in the way Firefox handled focus changes. A\nmalicious website could use this flaw to steal sensitive data from a user,\nsuch as usernames and passwords. (CVE-2010-1125)\n\nA flaw was found in the way Firefox handled the \"Content-Disposition:\nattachment\" HTTP header when the \"Content-Type: multipart\" HTTP header was\nalso present. A website that allows arbitrary uploads and relies on the\n\"Content-Disposition: attachment\" HTTP header to prevent content from being\ndisplayed inline, could be used by an attacker to serve malicious content\nto users. (CVE-2010-1197)\n\nA flaw was found in the Firefox Math.random() function. This function could\nbe used to identify a browsing session and track a user across different\nwebsites. (CVE-2008-5913)\n\nA flaw was found in the Firefox XML document loading security checks.\nCertain security checks were not being called when an XML document was\nloaded. This could possibly be leveraged later by an attacker to load\ncertain resources that violate the security policies of the browser or its\nadd-ons. Note that this issue cannot be exploited by only loading an XML\ndocument. (CVE-2010-0182)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.4. You can find a link to the Mozilla advisories\nin the References section of this erratum.\n\nThis erratum upgrades Firefox from version 3.0.19 to version 3.6.4. Due to\nthe requirements of Firefox 3.6.4, this erratum also provides a number of\nother updated packages, including esc, totem, and yelp.\n\nThis erratum also contains multiple bug fixes and numerous enhancements.\nSpace precludes documenting these changes in this advisory. For details\nconcerning these changes, refer to the Firefox Release Notes links in the\nReferences section of this erratum.\n\nImportant: Firefox 3.6.4 is not completely backwards-compatible with all\nMozilla Add-ons and Firefox plug-ins that worked with Firefox 3.0.19.\nFirefox 3.6 checks compatibility on first-launch, and, depending on the\nindividual configuration and the installed Add-ons and plug-ins, may\ndisable said Add-ons and plug-ins, or attempt to check for updates and\nupgrade them. Add-ons and plug-ins may have to be manually updated.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.4. After installing the update, Firefox must be\nrestarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-June/016745.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-June/016746.html\n\n**Affected packages:**\ndevhelp\ndevhelp-devel\nesc\nfirefox\ngnome-python2-extras\ngnome-python2-gtkhtml2\ngnome-python2-gtkmozembed\ngnome-python2-gtkspell\ngnome-python2-libegg\ntotem\ntotem-devel\ntotem-mozplugin\nxulrunner\nxulrunner-devel\nyelp\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0501.html", "published": "2010-06-24T12:14:16", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-June/016746.html", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1121", "CVE-2010-1196", "CVE-2009-5017", "CVE-2010-0182", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2017-10-03T18:24:41"}, {"id": "CESA-2010:0500", "type": "centos", "title": "firefox security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0500\n\n\nMozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203)\n\nA flaw was found in the way browser plug-ins interact. It was possible for\na plug-in to reference the freed memory from a different plug-in, resulting\nin the execution of arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-1198)\n\nSeveral integer overflow flaws were found in the processing of malformed\nweb content. A web page containing malicious content could cause Firefox to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running Firefox. (CVE-2010-1196, CVE-2010-1199)\n\nA focus stealing flaw was found in the way Firefox handled focus changes. A\nmalicious website could use this flaw to steal sensitive data from a user,\nsuch as usernames and passwords. (CVE-2010-1125)\n\nA flaw was found in the way Firefox handled the \"Content-Disposition:\nattachment\" HTTP header when the \"Content-Type: multipart\" HTTP header was\nalso present. A website that allows arbitrary uploads and relies on the\n\"Content-Disposition: attachment\" HTTP header to prevent content from being\ndisplayed inline, could be used by an attacker to serve malicious content\nto users. (CVE-2010-1197)\n\nA flaw was found in the Firefox Math.random() function. This function could\nbe used to identify a browsing session and track a user across different\nwebsites. (CVE-2008-5913)\n\nA flaw was found in the Firefox XML document loading security checks.\nCertain security checks were not being called when an XML document was\nloaded. This could possibly be leveraged later by an attacker to load\ncertain resources that violate the security policies of the browser or its\nadd-ons. Note that this issue cannot be exploited by only loading an XML\ndocument. (CVE-2010-0182)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.4. You can find a link to the Mozilla advisories\nin the References section of this erratum.\n\nThis erratum upgrades Firefox from version 3.0.19 to version 3.6.4, and as\nsuch, contains multiple bug fixes and numerous enhancements. Space\nprecludes documenting these changes in this advisory. For details\nconcerning these changes, refer to the Firefox Release Notes links in the\nReferences section of this erratum.\n\nImportant: Firefox 3.6.4 is not completely backwards-compatible with all\nMozilla Add-ons and Firefox plug-ins that worked with Firefox 3.0.19.\nFirefox 3.6 checks compatibility on first-launch, and, depending on the\nindividual configuration and the installed Add-ons and plug-ins, may\ndisable said Add-ons and plug-ins, or attempt to check for updates and\nupgrade them. Add-ons and plug-ins may have to be manually updated.\n\nAll Firefox users should upgrade to this updated package, which contains\nFirefox version 3.6.4. After installing the update, Firefox must be\nrestarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016876.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016877.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0500.html", "published": "2010-08-06T19:15:15", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-August/016876.html", "cvelist": ["CVE-2010-1203", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1121", "CVE-2010-1196", "CVE-2009-5017", "CVE-2010-0182", "CVE-2008-5913", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2017-10-03T18:24:57"}, {"id": "CESA-2010:0499", "type": "centos", "title": "seamonkey security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0499\n\n\nSeaMonkey is an open source web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2010-1200)\n\nA flaw was found in the way browser plug-ins interact. It was possible for\na plug-in to reference the freed memory from a different plug-in, resulting\nin the execution of arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2010-1198)\n\nAn integer overflow flaw was found in the processing of malformed web\ncontent. A web page containing malicious content could cause SeaMonkey to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running SeaMonkey. (CVE-2010-1199)\n\nA flaw was found in the way SeaMonkey processed mail attachments. A\nspecially-crafted mail message could cause SeaMonkey to crash.\n(CVE-2010-0163)\n\nA flaw was found in the way SeaMonkey handled the \"Content-Disposition:\nattachment\" HTTP header when the \"Content-Type: multipart\" HTTP header was\nalso present. A website that allows arbitrary uploads and relies on the\n\"Content-Disposition: attachment\" HTTP header to prevent content from being\ndisplayed inline, could be used by an attacker to serve malicious content\nto users. (CVE-2010-1197)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016912.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016913.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-July/016789.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-July/016790.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0499.html", "published": "2010-07-21T15:15:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-July/016789.html", "cvelist": ["CVE-2010-1200", "CVE-2010-1197", "CVE-2010-0163", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2017-10-03T18:24:26"}, {"id": "CESA-2010:0545", "type": "centos", "title": "thunderbird security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0545\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA memory corruption flaw was found in the way Thunderbird decoded certain\nPNG images. An attacker could create a mail message containing a\nspecially-crafted PNG image that, when opened, could cause Thunderbird to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-1205)\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211,\nCVE-2010-1214, CVE-2010-2753)\n\nAn integer overflow flaw was found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1199)\n\nSeveral use-after-free flaws were found in Thunderbird. Viewing an HTML\nmail message containing malicious content could result in Thunderbird\nexecuting arbitrary code with the privileges of the user running\nThunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in the way Thunderbird plug-ins interact. It was possible\nfor a plug-in to reference the freed memory from a different plug-in,\nresulting in the execution of arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-1198)\n\nA flaw was found in the way Thunderbird handled the \"Content-Disposition:\nattachment\" HTTP header when the \"Content-Type: multipart\" HTTP header was\nalso present. Loading remote HTTP content that allows arbitrary uploads and\nrelies on the \"Content-Disposition: attachment\" HTTP header to prevent\ncontent from being displayed inline, could be used by an attacker to serve\nmalicious content to users. (CVE-2010-1197)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird has loaded. (CVE-2010-2754)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-July/016819.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-July/016820.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\n", "published": "2010-07-22T10:50:56", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-July/016819.html", "cvelist": ["CVE-2010-0176", "CVE-2010-1214", "CVE-2010-0174", "CVE-2010-1205", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-1197", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-0177", "CVE-2010-1199", "CVE-2010-2754", "CVE-2010-1198"], "lastseen": "2017-10-03T18:24:49"}, {"id": "CESA-2010:0544", "type": "centos", "title": "thunderbird security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0544\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211,\nCVE-2010-1214, CVE-2010-2753)\n\nAn integer overflow flaw was found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1199)\n\nSeveral use-after-free flaws were found in Thunderbird. Viewing an HTML\nmail message containing malicious content could result in Thunderbird\nexecuting arbitrary code with the privileges of the user running\nThunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in the way Thunderbird plug-ins interact. It was possible\nfor a plug-in to reference the freed memory from a different plug-in,\nresulting in the execution of arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-1198)\n\nA flaw was found in the way Thunderbird handled the \"Content-Disposition:\nattachment\" HTTP header when the \"Content-Type: multipart\" HTTP header was\nalso present. Loading remote HTTP content that allows arbitrary uploads and\nrelies on the \"Content-Disposition: attachment\" HTTP header to prevent\ncontent from being displayed inline, could be used by an attacker to serve\nmalicious content to users. (CVE-2010-1197)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird has loaded. (CVE-2010-2754)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016886.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016887.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0544.html", "published": "2010-08-06T19:32:55", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-August/016886.html", "cvelist": ["CVE-2010-0176", "CVE-2010-1214", "CVE-2010-0174", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-1197", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-0177", "CVE-2010-1199", "CVE-2010-2754", "CVE-2010-1198"], "lastseen": "2017-10-03T18:25:05"}], "redhat": [{"id": "RHSA-2010:0500", "type": "redhat", "title": "(RHSA-2010:0500) Critical: firefox security, bug fix, and enhancement update", "description": "Mozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203)\n\nA flaw was found in the way browser plug-ins interact. It was possible for\na plug-in to reference the freed memory from a different plug-in, resulting\nin the execution of arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-1198)\n\nSeveral integer overflow flaws were found in the processing of malformed\nweb content. A web page containing malicious content could cause Firefox to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running Firefox. (CVE-2010-1196, CVE-2010-1199)\n\nA focus stealing flaw was found in the way Firefox handled focus changes. A\nmalicious website could use this flaw to steal sensitive data from a user,\nsuch as usernames and passwords. (CVE-2010-1125)\n\nA flaw was found in the way Firefox handled the \"Content-Disposition:\nattachment\" HTTP header when the \"Content-Type: multipart\" HTTP header was\nalso present. A website that allows arbitrary uploads and relies on the\n\"Content-Disposition: attachment\" HTTP header to prevent content from being\ndisplayed inline, could be used by an attacker to serve malicious content\nto users. (CVE-2010-1197)\n\nA flaw was found in the Firefox Math.random() function. This function could\nbe used to identify a browsing session and track a user across different\nwebsites. (CVE-2008-5913)\n\nA flaw was found in the Firefox XML document loading security checks.\nCertain security checks were not being called when an XML document was\nloaded. This could possibly be leveraged later by an attacker to load\ncertain resources that violate the security policies of the browser or its\nadd-ons. Note that this issue cannot be exploited by only loading an XML\ndocument. (CVE-2010-0182)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.4. You can find a link to the Mozilla advisories\nin the References section of this erratum.\n\nThis erratum upgrades Firefox from version 3.0.19 to version 3.6.4, and as\nsuch, contains multiple bug fixes and numerous enhancements. Space\nprecludes documenting these changes in this advisory. For details\nconcerning these changes, refer to the Firefox Release Notes links in the\nReferences section of this erratum.\n\nImportant: Firefox 3.6.4 is not completely backwards-compatible with all\nMozilla Add-ons and Firefox plug-ins that worked with Firefox 3.0.19.\nFirefox 3.6 checks compatibility on first-launch, and, depending on the\nindividual configuration and the installed Add-ons and plug-ins, may\ndisable said Add-ons and plug-ins, or attempt to check for updates and\nupgrade them. Add-ons and plug-ins may have to be manually updated.\n\nAll Firefox users should upgrade to this updated package, which contains\nFirefox version 3.6.4. After installing the update, Firefox must be\nrestarted for the changes to take effect.\n", "published": "2010-06-22T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0500", "cvelist": ["CVE-2008-5913", "CVE-2009-5017", "CVE-2010-0182", "CVE-2010-1121", "CVE-2010-1125", "CVE-2010-1196", "CVE-2010-1197", "CVE-2010-1198", "CVE-2010-1199", "CVE-2010-1200", "CVE-2010-1202", "CVE-2010-1203"], "lastseen": "2017-09-09T07:19:31"}, {"id": "RHSA-2010:0501", "type": "redhat", "title": "(RHSA-2010:0501) Critical: firefox security, bug fix, and enhancement update", "description": "Mozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203)\n\nA flaw was found in the way browser plug-ins interact. It was possible for\na plug-in to reference the freed memory from a different plug-in, resulting\nin the execution of arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-1198)\n\nSeveral integer overflow flaws were found in the processing of malformed\nweb content. A web page containing malicious content could cause Firefox to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running Firefox. (CVE-2010-1196, CVE-2010-1199)\n\nA focus stealing flaw was found in the way Firefox handled focus changes. A\nmalicious website could use this flaw to steal sensitive data from a user,\nsuch as usernames and passwords. (CVE-2010-1125)\n\nA flaw was found in the way Firefox handled the \"Content-Disposition:\nattachment\" HTTP header when the \"Content-Type: multipart\" HTTP header was\nalso present. A website that allows arbitrary uploads and relies on the\n\"Content-Disposition: attachment\" HTTP header to prevent content from being\ndisplayed inline, could be used by an attacker to serve malicious content\nto users. (CVE-2010-1197)\n\nA flaw was found in the Firefox Math.random() function. This function could\nbe used to identify a browsing session and track a user across different\nwebsites. (CVE-2008-5913)\n\nA flaw was found in the Firefox XML document loading security checks.\nCertain security checks were not being called when an XML document was\nloaded. This could possibly be leveraged later by an attacker to load\ncertain resources that violate the security policies of the browser or its\nadd-ons. Note that this issue cannot be exploited by only loading an XML\ndocument. (CVE-2010-0182)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.4. You can find a link to the Mozilla advisories\nin the References section of this erratum.\n\nThis erratum upgrades Firefox from version 3.0.19 to version 3.6.4. Due to\nthe requirements of Firefox 3.6.4, this erratum also provides a number of\nother updated packages, including esc, totem, and yelp.\n\nThis erratum also contains multiple bug fixes and numerous enhancements.\nSpace precludes documenting these changes in this advisory. For details\nconcerning these changes, refer to the Firefox Release Notes links in the\nReferences section of this erratum.\n\nImportant: Firefox 3.6.4 is not completely backwards-compatible with all\nMozilla Add-ons and Firefox plug-ins that worked with Firefox 3.0.19.\nFirefox 3.6 checks compatibility on first-launch, and, depending on the\nindividual configuration and the installed Add-ons and plug-ins, may\ndisable said Add-ons and plug-ins, or attempt to check for updates and\nupgrade them. Add-ons and plug-ins may have to be manually updated.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.4. After installing the update, Firefox must be\nrestarted for the changes to take effect.\n", "published": "2010-06-22T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0501", "cvelist": ["CVE-2008-5913", "CVE-2009-5017", "CVE-2010-0182", "CVE-2010-1121", "CVE-2010-1125", "CVE-2010-1196", "CVE-2010-1197", "CVE-2010-1198", "CVE-2010-1199", "CVE-2010-1200", "CVE-2010-1202", "CVE-2010-1203"], "lastseen": "2017-09-09T07:19:14"}, {"id": "RHSA-2010:0499", "type": "redhat", "title": "(RHSA-2010:0499) Critical: seamonkey security update", "description": "SeaMonkey is an open source web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2010-1200)\n\nA flaw was found in the way browser plug-ins interact. It was possible for\na plug-in to reference the freed memory from a different plug-in, resulting\nin the execution of arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2010-1198)\n\nAn integer overflow flaw was found in the processing of malformed web\ncontent. A web page containing malicious content could cause SeaMonkey to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running SeaMonkey. (CVE-2010-1199)\n\nA flaw was found in the way SeaMonkey processed mail attachments. A\nspecially-crafted mail message could cause SeaMonkey to crash.\n(CVE-2010-0163)\n\nA flaw was found in the way SeaMonkey handled the \"Content-Disposition:\nattachment\" HTTP header when the \"Content-Type: multipart\" HTTP header was\nalso present. A website that allows arbitrary uploads and relies on the\n\"Content-Disposition: attachment\" HTTP header to prevent content from being\ndisplayed inline, could be used by an attacker to serve malicious content\nto users. (CVE-2010-1197)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n", "published": "2010-06-22T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0499", "cvelist": ["CVE-2010-0163", "CVE-2010-1197", "CVE-2010-1198", "CVE-2010-1199", "CVE-2010-1200"], "lastseen": "2017-09-09T07:19:49"}, {"id": "RHSA-2010:0544", "type": "redhat", "title": "(RHSA-2010:0544) Moderate: thunderbird security update", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211,\nCVE-2010-1214, CVE-2010-2753)\n\nAn integer overflow flaw was found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1199)\n\nSeveral use-after-free flaws were found in Thunderbird. Viewing an HTML\nmail message containing malicious content could result in Thunderbird\nexecuting arbitrary code with the privileges of the user running\nThunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in the way Thunderbird plug-ins interact. It was possible\nfor a plug-in to reference the freed memory from a different plug-in,\nresulting in the execution of arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-1198)\n\nA flaw was found in the way Thunderbird handled the \"Content-Disposition:\nattachment\" HTTP header when the \"Content-Type: multipart\" HTTP header was\nalso present. Loading remote HTTP content that allows arbitrary uploads and\nrelies on the \"Content-Disposition: attachment\" HTTP header to prevent\ncontent from being displayed inline, could be used by an attacker to serve\nmalicious content to users. (CVE-2010-1197)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird has loaded. (CVE-2010-2754)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n", "published": "2010-07-20T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0544", "cvelist": ["CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0176", "CVE-2010-0177", "CVE-2010-1197", "CVE-2010-1198", "CVE-2010-1199", "CVE-2010-1200", "CVE-2010-1211", "CVE-2010-1214", "CVE-2010-2753", "CVE-2010-2754"], "lastseen": "2017-09-09T07:19:47"}, {"id": "RHSA-2010:0545", "type": "redhat", "title": "(RHSA-2010:0545) Critical: thunderbird security update", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nA memory corruption flaw was found in the way Thunderbird decoded certain\nPNG images. An attacker could create a mail message containing a\nspecially-crafted PNG image that, when opened, could cause Thunderbird to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-1205)\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211,\nCVE-2010-1214, CVE-2010-2753)\n\nAn integer overflow flaw was found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1199)\n\nSeveral use-after-free flaws were found in Thunderbird. Viewing an HTML\nmail message containing malicious content could result in Thunderbird\nexecuting arbitrary code with the privileges of the user running\nThunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in the way Thunderbird plug-ins interact. It was possible\nfor a plug-in to reference the freed memory from a different plug-in,\nresulting in the execution of arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-1198)\n\nA flaw was found in the way Thunderbird handled the \"Content-Disposition:\nattachment\" HTTP header when the \"Content-Type: multipart\" HTTP header was\nalso present. Loading remote HTTP content that allows arbitrary uploads and\nrelies on the \"Content-Disposition: attachment\" HTTP header to prevent\ncontent from being displayed inline, could be used by an attacker to serve\nmalicious content to users. (CVE-2010-1197)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird has loaded. (CVE-2010-2754)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n", "published": "2010-07-20T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0545", "cvelist": ["CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0176", "CVE-2010-0177", "CVE-2010-1197", "CVE-2010-1198", "CVE-2010-1199", "CVE-2010-1200", "CVE-2010-1205", "CVE-2010-1211", "CVE-2010-1214", "CVE-2010-2753", "CVE-2010-2754"], "lastseen": "2017-09-09T07:20:39"}], "gentoo": [{"id": "GLSA-201301-01", "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the \u2018Mozilla Application Suite\u2019. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications such as Firefox and Thunderbird. NSS is Mozilla\u2019s Network Security Services library that implements PKI support. IceCat is the GNU version of Firefox. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL\u2019s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser\u2019s font, conduct clickjacking attacks, or have other unspecified impact. \n\nA local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nAll users of the Mozilla Firefox binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nAll users of the Mozilla Thunderbird binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nAll Mozilla SeaMonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.14-r1\"\n \n\nAll users of the Mozilla SeaMonkey binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.14\"\n \n\nAll NSS users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nss-3.14\"\n \n\nThe \u201cwww-client/mozilla-firefox\u201d package has been merged into the \u201cwww-client/firefox\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox\u201d and then emerge the latest \u201cwww-client/firefox\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nThe \u201cwww-client/mozilla-firefox-bin\u201d package has been merged into the \u201cwww-client/firefox-bin\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox-bin\u201d and then emerge the latest \u201cwww-client/firefox-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox-bin\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird\u201d package has been merged into the \u201cmail-client/thunderbird\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird\u201d and then emerge the latest \u201cmail-client/thunderbird\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird\"\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird-bin\u201d package has been merged into the \u201cmail-client/thunderbird-bin\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird-bin\u201d and then emerge the latest \u201cmail-client/thunderbird-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird-bin\"\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nGentoo discontinued support for GNU IceCat. We recommend that users unmerge GNU IceCat: \n \n \n # emerge --unmerge \"www-client/icecat\"\n \n\nGentoo discontinued support for XULRunner. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner\"\n \n\nGentoo discontinued support for the XULRunner binary package. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner-bin\"", "published": "2013-01-08T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201301-01", "cvelist": ["CVE-2012-1945", "CVE-2011-3648", "CVE-2009-0355", "CVE-2011-0061", "CVE-2011-0077", "CVE-2012-0478", "CVE-2012-4193", "CVE-2011-1202", "CVE-2012-0442", "CVE-2010-3772", "CVE-2011-0071", "CVE-2009-2470", "CVE-2010-0654", "CVE-2009-3388", "CVE-2012-1962", "CVE-2012-0443", "CVE-2011-3866", "CVE-2011-0068", "CVE-2012-5842", "CVE-2012-4212", "CVE-2009-2477", "CVE-2009-1563", "CVE-2010-0176", "CVE-2011-3640", "CVE-2011-0083", "CVE-2010-1203", "CVE-2009-3076", "CVE-2012-1970", "CVE-2009-3389", "CVE-2008-3835", "CVE-2012-3989", "CVE-2010-2762", "CVE-2012-5830", "CVE-2012-4210", "CVE-2009-1305", "CVE-2011-3026", "CVE-2009-3979", "CVE-2011-2370", "CVE-2012-0460", "CVE-2012-1973", "CVE-2009-3376", "CVE-2011-2369", "CVE-2011-2998", "CVE-2011-3654", "CVE-2011-2605", "CVE-2009-1833", "CVE-2010-0165", "CVE-2012-1974", "CVE-2010-0220", "CVE-2010-2766", "CVE-2011-2993", "CVE-2012-4195", "CVE-2010-0168", "CVE-2012-3986", "CVE-2010-0160", "CVE-2009-1169", "CVE-2011-2371", "CVE-2009-3379", "CVE-2012-4185", "CVE-2010-3777", "CVE-2012-3991", "CVE-2012-5354", "CVE-2012-4206", "CVE-2009-3071", "CVE-2012-3968", "CVE-2010-1214", "CVE-2012-3963", "CVE-2010-0174", "CVE-2010-0172", "CVE-2009-2535", "CVE-2012-0452", "CVE-2009-1312", "CVE-2012-1956", "CVE-2012-3978", "CVE-2012-3985", "CVE-2011-2995", "CVE-2012-5829", "CVE-2009-1571", "CVE-2008-5505", "CVE-2012-5838", "CVE-2011-2986", "CVE-2010-1205", "CVE-2009-2210", "CVE-2009-2478", "CVE-2008-6961", "CVE-2012-0479", "CVE-2012-0450", "CVE-2012-1940", "CVE-2012-3993", "CVE-2008-5500", "CVE-2012-5836", "CVE-2009-3274", "CVE-2010-1125", "CVE-2009-0772", "CVE-2012-3995", "CVE-2012-4201", "CVE-2010-0159", "CVE-2009-0773", "CVE-2011-3659", "CVE-2011-3663", "CVE-2010-3131", "CVE-2012-0470", "CVE-2012-0446", "CVE-2008-4063", "CVE-2012-3976", "CVE-2012-1972", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-0170", "CVE-2012-3988", "CVE-2012-0457", "CVE-2010-3778", "CVE-2012-3994", "CVE-2007-2436", "CVE-2012-3962", "CVE-2010-2770", "CVE-2010-3774", "CVE-2012-0459", "CVE-2011-2362", "CVE-2009-1304", "CVE-2010-1213", "CVE-2010-3177", "CVE-2012-5843", "CVE-2009-1835", "CVE-2011-0085", "CVE-2009-0352", "CVE-2009-3984", "CVE-2009-3380", "CVE-2008-5510", "CVE-2011-0080", "CVE-2012-1950", "CVE-2008-5502", "CVE-2009-3981", "CVE-2010-3765", "CVE-2010-0167", "CVE-2009-3373", "CVE-2009-3980", "CVE-2008-4070", "CVE-2012-4183", "CVE-2010-3178", "CVE-2012-1994", "CVE-2011-3661", "CVE-2009-3383", "CVE-2012-4181", "CVE-2011-3652", "CVE-2009-1311", "CVE-2011-1712", "CVE-2008-4067", "CVE-2010-1210", "CVE-2011-2364", "CVE-2009-2469", "CVE-2011-0073", "CVE-2010-1197", "CVE-2010-1207", "CVE-2009-0652", "CVE-2012-4186", "CVE-2012-1948", "CVE-2008-5012", "CVE-2011-2982", "CVE-2012-1938", "CVE-2012-0449", "CVE-2010-3769", "CVE-2012-3969", "CVE-2009-1838", "CVE-2012-1953", "CVE-2008-5013", "CVE-2012-1949", "CVE-2012-0456", "CVE-2011-2372", "CVE-2010-3773", "CVE-2009-1309", "CVE-2011-0079", "CVE-2010-3169", "CVE-2009-2662", "CVE-2012-3970", "CVE-2011-2997", "CVE-2011-0053", "CVE-2009-1832", "CVE-2012-5840", "CVE-2010-3176", "CVE-2012-4191", "CVE-2010-3174", "CVE-2012-1966", "CVE-2010-3768", "CVE-2009-3372", "CVE-2010-2763", "CVE-2011-0066", "CVE-2010-1212", "CVE-2009-1837", "CVE-2010-1206", "CVE-2010-1211", "CVE-2009-2464", "CVE-2011-2990", "CVE-2010-1121", "CVE-2009-0356", "CVE-2011-3389", "CVE-2010-0164", "CVE-2008-3836", "CVE-2010-3167", "CVE-2012-4202", "CVE-2007-2671", "CVE-2011-2984", "CVE-2010-3180", "CVE-2012-3957", "CVE-2011-3660", "CVE-2009-3986", "CVE-2012-1941", "CVE-2009-2408", "CVE-2010-3399", "CVE-2009-2665", "CVE-2008-4066", "CVE-2008-5018", "CVE-2009-3978", "CVE-2012-3984", "CVE-2009-0354", "CVE-2009-3079", "CVE-2011-0056", "CVE-2012-0444", "CVE-2011-3650", "CVE-2010-2753", "CVE-2012-1946", "CVE-2010-3776", "CVE-2010-1215", "CVE-2012-4182", "CVE-2011-2980", "CVE-2012-4187", "CVE-2008-4069", "CVE-2010-0166", "CVE-2011-3647", "CVE-2011-0065", "CVE-2011-0062", "CVE-2008-0016", "CVE-2009-0358", "CVE-2011-3101", "CVE-2010-3168", "CVE-2010-0173", "CVE-2009-1044", "CVE-2008-5513", "CVE-2008-4059", "CVE-2010-2764", "CVE-2011-0081", "CVE-2009-0771", "CVE-2009-1392", "CVE-2008-5504", "CVE-2008-5019", "CVE-2012-1954", "CVE-2009-0774", "CVE-2009-3375", "CVE-2012-0461", "CVE-2011-2376", "CVE-2009-2472", "CVE-2012-3958", "CVE-2009-0071", "CVE-2008-5023", "CVE-2012-0469", "CVE-2010-3171", "CVE-2009-3072", "CVE-2012-3973", "CVE-2008-5822", "CVE-2012-1975", "CVE-2011-0075", "CVE-2012-0464", "CVE-2012-1967", "CVE-2011-3653", "CVE-2010-0648", "CVE-2010-0178", "CVE-2010-3166", "CVE-2010-0177", "CVE-2011-0074", "CVE-2012-3956", "CVE-2010-2769", "CVE-2011-3649", "CVE-2012-3982", "CVE-2009-3555", "CVE-2011-2989", "CVE-2010-1196", "CVE-2008-3837", "CVE-2009-0357", "CVE-2008-5021", "CVE-2008-5017", "CVE-2012-3966", "CVE-2012-5839", "CVE-2011-2378", "CVE-2009-1308", "CVE-2010-3775", "CVE-2009-2467", "CVE-2012-1961", "CVE-2010-5074", "CVE-2011-2996", "CVE-2010-3173", "CVE-2012-4216", "CVE-2008-4062", "CVE-2010-3179", "CVE-2010-0182", "CVE-2012-3967", "CVE-2011-3651", "CVE-2008-4060", "CVE-2010-0181", "CVE-2012-1951", "CVE-2012-0475", "CVE-2012-3965", "CVE-2012-1952", "CVE-2010-1201", "CVE-2011-4688", "CVE-2009-1306", "CVE-2010-1585", "CVE-2009-2479", "CVE-2012-3959", "CVE-2012-0455", "CVE-2009-0777", "CVE-2010-2755", "CVE-2011-0084", "CVE-2011-0051", "CVE-2010-3767", "CVE-2012-1939", "CVE-2009-1834", "CVE-2010-3771", "CVE-2010-0183", "CVE-2012-0474", "CVE-2012-3975", "CVE-2010-2768", "CVE-2008-5014", "CVE-2008-0367", "CVE-2008-4058", "CVE-2011-3002", "CVE-2012-4184", "CVE-2011-0057", "CVE-2012-0447", "CVE-2011-3232", "CVE-2008-5913", "CVE-2007-3073", "CVE-2012-4205", "CVE-2010-2751", "CVE-2009-1836", "CVE-2011-0069", "CVE-2008-5022", "CVE-2008-5512", "CVE-2012-3992", "CVE-2009-3374", "CVE-2008-5501", "CVE-2008-4068", "CVE-2008-5016", "CVE-2011-3004", "CVE-2012-3980", "CVE-2008-5503", "CVE-2011-2374", "CVE-2012-1955", "CVE-2009-1839", "CVE-2012-1960", "CVE-2012-0445", "CVE-2009-3074", "CVE-2012-1965", "CVE-2011-3670", "CVE-2012-0462", "CVE-2010-1028", "CVE-2010-0162", "CVE-2011-2377", "CVE-2009-2463", "CVE-2009-2061", "CVE-2009-3070", "CVE-2012-3977", "CVE-2011-3000", "CVE-2010-2765", "CVE-2009-3069", "CVE-2010-0171", "CVE-2010-2767", "CVE-2009-0353", "CVE-2011-0078", "CVE-2012-3960", "CVE-2010-3175", "CVE-2009-0775", "CVE-2012-0451", "CVE-2011-3655", "CVE-2012-4180", "CVE-2009-2044", "CVE-2010-3182", "CVE-2009-0776", "CVE-2009-3371", "CVE-2009-3377", "CVE-2012-1959", "CVE-2011-2363", "CVE-2009-3075", "CVE-2010-0163", "CVE-2010-1208", "CVE-2011-0070", "CVE-2012-1947", "CVE-2009-1841", "CVE-2010-3170", "CVE-2011-3005", "CVE-2011-0059", "CVE-2012-1971", "CVE-2009-3983", "CVE-2012-4208", "CVE-2009-3987", "CVE-2011-3658", "CVE-2011-2373", "CVE-2008-5511", "CVE-2012-1957", "CVE-2012-1958", "CVE-2011-0054", "CVE-2012-4190", "CVE-2008-4064", "CVE-2012-1976", "CVE-2011-1187", "CVE-2012-5835", "CVE-2010-3183", "CVE-2009-2654", "CVE-2010-1202", "CVE-2012-0468", "CVE-2009-3982", "CVE-2009-3985", "CVE-2009-2065", "CVE-2009-1313", "CVE-2009-3382", "CVE-2008-5508", "CVE-2012-3972", "CVE-2012-4207", "CVE-2011-2988", "CVE-2010-3770", "CVE-2008-4061", "CVE-2010-1199", "CVE-2012-4204", "CVE-2008-0017", "CVE-2009-3988", "CVE-2010-3400", "CVE-2009-1302", "CVE-2011-2985", "CVE-2009-2466", "CVE-2012-4192", "CVE-2011-0058", "CVE-2011-2987", "CVE-2012-4188", "CVE-2012-0441", "CVE-2008-5024", "CVE-2011-0076", "CVE-2007-2437", "CVE-2012-5833", "CVE-2011-2999", "CVE-2012-3964", "CVE-2012-5841", "CVE-2010-0179", "CVE-2010-1209", "CVE-2010-2754", "CVE-2008-5507", "CVE-2009-2471", "CVE-2012-3990", "CVE-2011-2375", "CVE-2010-1198", "CVE-2008-4065", "CVE-2009-1840", "CVE-2011-3665", "CVE-2009-3381", "CVE-2011-0067", "CVE-2010-2760", "CVE-2012-1937", "CVE-2012-4215", "CVE-2009-2043", "CVE-2009-1307", "CVE-2009-2664", "CVE-2012-0463", "CVE-2010-4508", "CVE-2009-1310", "CVE-2009-3077", "CVE-2011-3003", "CVE-2011-2991", "CVE-2008-5015", "CVE-2011-0082", "CVE-2011-2983", "CVE-2012-4179", "CVE-2008-4582", "CVE-2011-3001", "CVE-2012-1964", "CVE-2009-2462", "CVE-2009-3378", "CVE-2011-3062", "CVE-2009-1303", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-4194", "CVE-2011-2365", "CVE-2012-4209", "CVE-2012-1963", "CVE-2012-4196", "CVE-2008-5506", "CVE-2009-2404", "CVE-2009-2465", "CVE-2012-0467", "CVE-2011-2981", "CVE-2012-0458", "CVE-2010-0169", "CVE-2010-2752", "CVE-2009-3078", "CVE-2012-0471", "CVE-2012-3961", "CVE-2010-3766", "CVE-2012-3971", "CVE-2008-5052", "CVE-2011-0055", "CVE-2009-1828", "CVE-2011-0072"], "lastseen": "2016-09-06T19:46:13"}], "debian": [{"id": "DSA-2064", "type": "debian", "title": "xulrunner -- several vulnerabilities", "description": "Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2010-0183](<https://security-tracker.debian.org/tracker/CVE-2010-0183>)\n\n\"wushi\" discovered that incorrect pointer handling in the frame processing code could lead to the execution of arbitrary code.\n\n * [CVE-2010-1196](<https://security-tracker.debian.org/tracker/CVE-2010-1196>)\n\n\"Nils\" discovered that an integer overflow in DOM node parsing could lead to the execution of arbitrary code.\n\n * [CVE-2010-1197](<https://security-tracker.debian.org/tracker/CVE-2010-1197>)\n\nIlja von Sprundel discovered that incorrect parsing of Content-Disposition headers could lead to cross-site scripting.\n\n * [CVE-2010-1198](<https://security-tracker.debian.org/tracker/CVE-2010-1198>)\n\nMicrosoft engineers discovered that incorrect memory handling in the interaction of browser plugins could lead to the execution of arbitrary code.\n\n * [CVE-2010-1199](<https://security-tracker.debian.org/tracker/CVE-2010-1199>)\n\nMartin Barbella discovered that an integer overflow in XSLT node parsing could lead to the execution of arbitrary code.\n\n * [CVE-2010-1200](<https://security-tracker.debian.org/tracker/CVE-2010-1200>)\n\nOlli Pettay, Martijn Wargers, Justin Lebar, Jesse Ruderman, Ben Turner, Jonathan Kew and David Humphrey discovered crashes in the layout engine, which might allow the execution of arbitrary code.\n\n * [CVE-2010-1201](<https://security-tracker.debian.org/tracker/CVE-2010-1201>)\n\n\"boardraider\" and \"stedenon\" discovered crashes in the layout engine, which might allow the execution of arbitrary code.\n\n * [CVE-2010-1202](<https://security-tracker.debian.org/tracker/CVE-2010-1202>)\n\nBob Clary, Igor Bukanov, Gary Kwong and Andreas Gal discovered crashes in the Javascript engine, which might allow the execution of arbitrary code.\n\nFor the stable distribution (lenny), these problems have been fixed in version 1.9.0.19-2.\n\nFor the unstable distribution (sid), these problems have been fixed in version 1.9.1.10-1 \n\nFor the experimental distribution, these problems have been fixed in version 1.9.2.4-1.\n\nWe recommend that you upgrade your xulrunner packages.", "published": "2010-06-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-2064", "cvelist": ["CVE-2010-1200", "CVE-2010-1197", "CVE-2010-1196", "CVE-2010-1201", "CVE-2010-0183", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1198"], "lastseen": "2016-09-02T18:30:28"}], "zdi": [{"id": "ZDI-10-063", "type": "zdi", "title": "Mozilla Firefox Cross Document DOM Node Moving Remote Code Execution Vulnerability", "description": "This vulnerability allows remote attackers to bypass specific script execution enforcements on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.\n\nThe specific flaw exists when moving DOM nodes in between documents with a specific timing while triggering garbage collection. If timed correctly Firefox will incorrectly reference a previously freed object which can be leveraged by an attacker to execute arbitrary code under the context of the current user.", "published": "2010-04-05T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.zerodayinitiative.com/advisories/ZDI-10-063", "cvelist": ["CVE-2010-1121"], "lastseen": "2016-11-09T00:17:49"}, {"id": "ZDI-10-113", "type": "zdi", "title": "Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or otherwise render a malicious file.\n\nThe specific flaw exists within a particular XSLT transformation when applied to an XML document. If a large number of elements have this transformation applied to them, the application will misallocate a buffer. Upon usage of this buffer the application will copy more data than allocated thus causing an overflow. This can lead to code execution under the context of the application.", "published": "2010-06-23T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.zerodayinitiative.com/advisories/ZDI-10-113", "cvelist": ["CVE-2010-1199"], "lastseen": "2016-11-09T00:18:00"}], "packetstorm": [{"id": "PACKETSTORM:93712", "type": "packetstorm", "title": "Month Of Abysssec Undisclosed Bugs - Firefox XSLT Sort Code Execution", "description": "", "published": "2010-09-11T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://packetstormsecurity.com/files/93712/Month-Of-Abysssec-Undisclosed-Bugs-Firefox-XSLT-Sort-Code-Execution.html", "cvelist": ["CVE-2010-1199"], "lastseen": "2016-12-05T22:22:41"}], "exploitdb": [{"id": "EDB-ID:14949", "type": "exploitdb", "title": "Mozilla Firefox - XSLT Sort Remote Code Execution Vulnerability", "description": "MOAUB #9 - Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability. Dos exploit for windows platform", "published": "2010-09-09T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/14949/", "cvelist": ["CVE-2010-1199"], "lastseen": "2016-02-01T20:51:13"}, {"id": "EDB-ID:34192", "type": "exploitdb", "title": "Mozilla Firefox/Thunderbird/SeaMonkey - XSLT Integer Overflow Vulnerability", "description": "Mozilla Firefox/Thunderbird/SeaMonkey XSLT Integer Overflow Vulnerability. CVE-2010-1199. Remote exploit for linux platform", "published": "2010-06-22T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/34192/", "cvelist": ["CVE-2010-1199"], "lastseen": "2016-02-03T20:41:02"}]}}