Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability
2010-09-13T00:00:00
ID ZDI-10-173 Type zdi Reporter regenrecht Modified 2010-11-09T00:00:00
Description
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the fix implemented for CVE-2010-2753 in the nsTreeSelection interface. In a certain condition, the application still can be made to free a reference and then made to use said freed reference. This can lead to code execution under the context of the application.
{"hash": "48581b87e4f35814bc974b34c969605bdfd7826bcef584bd4d24911e22509008", "edition": 2, "title": "Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the fix implemented for CVE-2010-2753 in the nsTreeSelection interface. In a certain condition, the application still can be made to free a reference and then made to use said freed reference. This can lead to code execution under the context of the application.", "viewCount": 0, "objectVersion": "1.2", "hashmap": [{"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "4dcdee95a72e3c99a0d035602914bea5", "key": "cvelist"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "25710115c0401918eebd35ba2fdef31f", "key": "description"}, {"hash": "5a30f28b0b079f7e3f7dca44c7e3028b", "key": "href"}, {"hash": "b210634c8afc62fbf98ebd2272eb0583", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "3248c1d4f8dd65b887e0c98ec5ccb2e9", "key": "published"}, {"hash": "4a2cba3614b16b415817f3ac9edab3a9", "key": "references"}, {"hash": "23185900299cc7a7e24adbdf3463e077", "key": "reporter"}, {"hash": "889e349b04fbc6f5993b67d0fc6040d1", "key": "title"}, {"hash": "3dd086b59554fe33c1b8f051475b4b31", "key": "type"}], "cvelist": ["CVE-2010-2753", "CVE-2010-2760"], "bulletinFamily": "info", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.zerodayinitiative.com/advisories/ZDI-10-173", "history": [{"bulletin": {"hash": "a13c8df1b07aa521368354afaa8df49adbf7b5d8ed5709ba0f48e28ecac79f3b", "id": "ZDI-10-173", "title": "Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the fix implemented for CVE-2010-2753 in the nsTreeSelection interface. In a certain condition, the application still can be made to free a reference and then made to use said freed reference. This can lead to code execution under the context of the application.", "viewCount": 0, "objectVersion": "1.2", "hashmap": [{"hash": "3248c1d4f8dd65b887e0c98ec5ccb2e9", "key": "published"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "d34edbff14a773d3bd1d3af2579872d7", "key": "cvelist"}, {"hash": "bac40eb51580541713b17ae268399944", "key": "modified"}, {"hash": "3dd086b59554fe33c1b8f051475b4b31", "key": "type"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "5a30f28b0b079f7e3f7dca44c7e3028b", "key": "href"}, {"hash": "889e349b04fbc6f5993b67d0fc6040d1", "key": "title"}, {"hash": "25710115c0401918eebd35ba2fdef31f", "key": "description"}, {"hash": "23185900299cc7a7e24adbdf3463e077", "key": "reporter"}, {"hash": "4a2cba3614b16b415817f3ac9edab3a9", "key": "references"}], "cvelist": ["CVE-2010-2760"], "bulletinFamily": "info", "published": "2010-09-13T00:00:00", "references": ["http://www.mozilla.org/security/announce/2010/mfsa2010-54.html"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "edition": 1, "reporter": "regenrecht", "lastseen": "2016-09-04T11:33:55", "history": [], "modified": "2010-09-04T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-10-173", "type": "zdi"}, "lastseen": "2016-09-04T11:33:55", "edition": 1, "differentElements": ["cvelist", "modified"]}], "id": "ZDI-10-173", "reporter": "regenrecht", "published": "2010-09-13T00:00:00", "references": ["http://www.mozilla.org/security/announce/2010/mfsa2010-54.html"], "lastseen": "2016-11-09T00:17:57", "modified": "2010-11-09T00:00:00", "enchantments": {"vulnersScore": 9.3}, "type": "zdi"}
{"result": {"cve": [{"id": "CVE-2010-2753", "type": "cve", "title": "CVE-2010-2753", "description": "Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free.", "published": "2010-07-30T16:30:02", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2753", "cvelist": ["CVE-2010-2753"], "lastseen": "2017-09-19T13:37:01"}, {"id": "CVE-2010-2760", "type": "cve", "title": "CVE-2010-2760", "description": "Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a \"dangling pointer vulnerability.\" NOTE: this issue exists because of an incomplete fix for CVE-2010-2753.", "published": "2010-09-09T15:00:02", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2760", "cvelist": ["CVE-2010-2760"], "lastseen": "2017-09-19T13:37:01"}], "mozilla": [{"id": "MFSA2010-54", "type": "mozilla", "title": "Dangling pointer vulnerability in nsTreeSelection", "description": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that there was a remaining dangling\npointer issue leftover from the fix\nto CVE-2010-2753.\nUnder certain circumstances one of the pointers held by a XUL tree\nselection could be freed and then later reused, potentially resulting\nin the execution of attacker-controlled memory.", "published": "2010-09-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2010-54/", "cvelist": ["CVE-2010-2753"], "lastseen": "2016-09-05T13:37:52"}], "zdi": [{"id": "ZDI-10-131", "type": "zdi", "title": "Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the implementation of XUL <tree> element's \"selection\" attribute. There is an integer overflow when calculating the bounds of a new selection range. When calling adjustSelection on this manged range both ranges are deleted leaving a dangling reference. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.", "published": "2010-07-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.zerodayinitiative.com/advisories/ZDI-10-131", "cvelist": ["CVE-2010-2753"], "lastseen": "2016-11-09T00:17:51"}], "threatpost": [{"id": "MOZILLA-PATCHES-FIREFOX-DLL-LOAD-HIJACKING-BUG-090810/74439", "type": "threatpost", "title": "Mozilla Patches Firefox DLL Load Hijacking Bug", "description": "Mozilla has joined Apple in being among the first to fix the DLL load hijacking attack vector that continues to haunt hundreds of Windows applications.\n\nThe open-source group released Firefox 3.6.9 with patches for a total of 15 vulnerabilities (11 rated critical), including the publicly known DLL load hijacking flaw that exposes Windows users to remote code execution attacks.\n\n### Related Posts\n\n#### [Browser Address Bar Spoofing Vulnerability Disclosed](<https://threatpost.com/browser-address-bar-spoofing-vulnerability-disclosed/119951/> \"Permalink to Browser Address Bar Spoofing Vulnerability Disclosed\" )\n\nAugust 17, 2016 , 12:54 pm\n\n#### [Firefox to Block Flash in August, Disable in 2017](<https://threatpost.com/firefox-to-block-flash-in-august-disable-in-2017/119419/> \"Permalink to Firefox to Block Flash in August, Disable in 2017\" )\n\nJuly 21, 2016 , 4:35 pm\n\n#### [Selfrando Technique Mitigates Attacks Unmasking Tor Users](<https://threatpost.com/selfrando-technique-mitigates-attacks-unmasking-tor-users/118909/> \"Permalink to Selfrando Technique Mitigates Attacks Unmasking Tor Users\" )\n\nJune 24, 2016 , 12:00 pm\n\nThe majority of the 15 vulnerabilities in this Firefox patch batch could be exploited to launch drive-by download attacks from booby-trapped Web sites. \n\nAccording to Firefox, the DLL load hijacking issue only affects Windows XP users:\n\nFirefox could be used to load a malicious code library that had been planted on a victim\u2019s computer.\n\n_Firefox attempts to load dwmapi.dll upon startup as part of its platform detection, so on systems that don\u2019t have this library, such as Windows XP, Firefox will subsequently attempt to load the library from the current working directory. An attacker could use this vulnerability to trick a user into downloading a HTML file and a malicious copy of dwmapi.dll into the same directory on their computer and opening the HTML file with Firefox, thus causing the malicious code to be executed. If the attacker was on the same network as the victim, the malicious DLL could also be loaded via a UNC path. The attack also requires that Firefox not currently be running when it is asked to open the HTML file and accompanying DLL._\n\nFirefox 3.6.9 also fixes the following \u201ccritical\u201d security problems issues:\n\n * **MFSA 2010-59**: Mozilla developer Blake Kaplan reported that the wrapper class XPCSafeJSObjectWrapper (SJOW), a security wrapper that allows content-defined objects to be safely accessed by privileged code, creates scope chains ending in outer objects. Users of SJOWs which expect the scope chain to end on an inner object may be handed a chrome privileged object which could be leveraged to run arbitrary JavaScript with chrome privileges. Mozilla said Google researcher Michal Zalewski\u2019s recent contributions helped to identify this architectural weakness.\n * **MFSA 2010-58: **Security researcher Marc Schoenefeld reported that a specially crafted font could be applied to a document and cause a crash on Mac systems. The crash showed signs of memory corruption and presumably could be used by an attacker to execute arbitrary code on a victim\u2019s computer.\n * **MFSA 2010-57:** Security researcher regenrecht reported via TippingPoint\u2019s Zero Day Initiative that code used to normalize a document contained a logical flaw that could be leveraged to run arbitrary code. When the normalization code ran, a static count of the document\u2019s child nodes was used in the traversal, so a page could be constructed that would remove DOM nodes during this normalization which could lead to the accessing of a deleted object and potentially the execution of attacker-controlled memory.\n * **MFSA 2010-56: **Security researcher regenrecht reported via TippingPoint\u2019s Zero Day Initiative that the implementation of XUL \u2019s content view contains a dangling pointer vulnerability. One of the content view\u2019s methods for accessing the internal structure of the tree could be manipulated into removing a node prior to accessing it, resulting in the accessing of deleted memory. If an attacker can control the contents of the deleted memory prior to its access they could use this vulnerability to run arbitrary code on a victim\u2019s machine.\n * **MFSA 2010-54:** Security researcher regenrecht reported via TippingPoint\u2019s Zero Day Initiative that there was a remaining dangling pointer issue leftover from the fix to CVE-2010-2753. Under certain circumstances one of the pointers held by a XUL tree selection could be freed and then later reused, potentially resulting in the execution of attacker-controlled memory.\n * **MFSA 2010-53:** Security researcher wushi of team509 reported a heap buffer overflow in code routines responsible for transforming text runs. A page could be constructed with a bidirectional text run which upon reflow could result in an incorrect length being calculated for the run of text. When this value is subsequently used to allocate memory for the text too small a buffer may be created potentially resulting in a buffer overflow and the execution of attacker controlled memory.\n * **MFSA 2010-51: **Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim\u2019s computer.\n * **MFSA 2010-50:** Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory.\n * **MFSA 2010-49:** Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.\n\nMozilla Firefox 3.6.9 is available for Windows, Mac and Linux users via the browser\u2019s auto-update mechanism.", "published": "2010-09-08T14:01:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threatpost.com/mozilla-patches-firefox-dll-load-hijacking-bug-090810/74439/", "cvelist": ["CVE-2010-2753"], "lastseen": "2016-09-04T20:50:23"}], "nessus": [{"id": "MANDRIVA_MDVSA-2010-169.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:169)", "description": "Multiple vulnerabilities has been found and corrected in mozilla-thunderbird :\n\ndom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler (CVE-2010-2754).\n\nMozilla Firefox permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document (CVE-2010-0654).\n\nThe importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document (CVE-2010-1213).\n\nInteger overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element (CVE-2010-2753).\n\nInteger overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array (CVE-2010-2752).\n\nMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2010-1211).\n\nPackages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4 90\n\nAdditionally, some packages which require so, have been rebuilt and are being provided as updates.", "published": "2010-09-03T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=49099", "cvelist": ["CVE-2010-0654", "CVE-2010-1213", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-2754"], "lastseen": "2017-10-29T13:38:09"}, {"id": "SL_20100720_SEAMONKEY_ON_SL3_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64", "description": "Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1211, CVE-2010-2753, CVE-2010-1214)\n\nA memory corruption flaw was found in the way SeaMonkey decoded certain PNG images. An attacker could create a specially crafted PNG image that, when opened, could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1205)\n\nA same-origin policy bypass flaw was found in SeaMonkey. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with SeaMonkey. (CVE-2010-2754)\n\nA flaw was found in the way SeaMonkey displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751)\n\nSeaMonkey must be restarted for the changes to take effect.", "published": "2012-08-01T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=60820", "cvelist": ["CVE-2010-1214", "CVE-2010-1205", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-2751", "CVE-2010-2754"], "lastseen": "2017-10-29T13:37:58"}, {"id": "UBUNTU_USN-958-1.NASL", "type": "nessus", "title": "Ubuntu 10.04 LTS : thunderbird vulnerabilities (USN-958-1)", "description": "Several flaws were discovered in the browser engine of Thunderbird. If a user were tricked into viewing malicious content, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-1211, CVE-2010-1212)\n\nAn integer overflow was discovered in how Thunderbird processed CSS values. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program.\n(CVE-2010-2752)\n\nAn integer overflow was discovered in how Thunderbird interpreted the XUL element. If a user were tricked into viewing malicious content, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753)\n\nAki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205)\n\nYosuke Hasegawa discovered that the same-origin check in Thunderbird could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing malicious content, an attacker could exploit this to read data from other domains. (CVE-2010-1213)\n\nChris Evans discovered that Thunderbird did not properly process improper CSS selectors. If a user were tricked into viewing malicious content, an attacker could exploit this to read data from other domains. (CVE-2010-0654)\n\nSoroush Dalili discovered that Thunderbird did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2010-07-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47857", "cvelist": ["CVE-2010-0654", "CVE-2010-1205", "CVE-2010-1213", "CVE-2010-1212", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-2754", "CVE-2010-2760", "CVE-2010-2752"], "lastseen": "2017-10-29T13:40:06"}, {"id": "SUSE_11_2_MOZILLATHUNDERBIRD-100721.NASL", "type": "nessus", "title": "openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2010:0430-2)", "description": "This update brings Mozilla Thunderbird to the 3.0.6 security release.\n\nIt fixes following security bugs: MFSA 2010-34 / CVE-2010-1211:\nMozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.\n\nMFSA 2010-39 / CVE-2010-2752: Security researcher J23 reported via TippingPoint's Zero Day Initiative that an array class used to store CSS values contained an integer overflow vulnerability. The 16 bit integer value used in allocating the size of the array could overflow, resulting in too small a memory buffer being created. When the array was later populated with CSS values data would be written past the end of the buffer potentially resulting in the execution of attacker-controlled memory.\n\nMFSA 2010-40 / CVE-2010-2753: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an integer overflow vulnerability in the implementation of the XUL <tree> element's selection attribute. When the size of a new selection is sufficiently large the integer used in calculating the length of the selection can overflow, resulting in a bogus range being marked selected. When adjustSelection is then called on the bogus range the range is deleted leaving dangling references to the ranges which could be used by an attacker to call into deleted memory and run arbitrary code on a victim's computer.\n\nMFSA 2010-41 / CVE-2010-1205: OUSPG researcher Aki Helin reported a buffer overflow in Mozilla graphics code which consumes image data processed by libpng. A malformed PNG file could be created which would cause libpng to incorrectly report the size of the image to downstream consumers. When the dimensions of such images are underreported, the Mozilla code responsible for displaying the graphic will allocate too small a memory buffer to contain the image data and will wind up writing data past the end of the buffer. This could result in the execution of attacker-controlled memory.\n\nMFSA 2011-42 / CVE-2010-1213: Security researcher Yosuke Hasegawa reported that the Web Worker method importScripts can read and parse resources from other domains even when the content is not valid JavaScript. This is a violation of the same-origin policy and could be used by an attacker to steal information from other sites.\n\nMFSA 2010-46 / CVE-2010-0654: Google security researcher Chris Evans reported that data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target page, then the region between the two injection points becomes readable to JavaScript through, for example, the getComputedStyle() API.\n\nMFSA 2010-47 / CVE-2010-2754: Security researcher Soroush Dalili reported that potentially sensitive URL parameters could be leaked across domains upon script errors when the script filename and line number is included in the error message.", "published": "2010-07-28T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47868", "cvelist": ["CVE-2010-0654", "CVE-2010-1205", "CVE-2010-1213", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-2754", "CVE-2010-2752"], "lastseen": "2017-10-29T13:44:26"}, {"id": "MOZILLA_THUNDERBIRD_306.NASL", "type": "nessus", "title": "Mozilla Thunderbird < 3.0.6 Multiple Vulnerabilities", "description": "The installed version of Thunderbird is earlier than 3.0.6. Such versions are potentially affected by the following security issues :\n\n - Multiple memory safety bugs could result in memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-34)\n\n - The array class used to store CSS values is affected by an integer overflow vulnerability. (MFSA 2010-39)\n\n - An integer overflow vulnerability exists in the 'selection' attribute of XUL <tree> element.\n (MFSA 2010-40)\n\n - A buffer overflow vulnerability in Mozilla graphics code could lead to arbitrary code execution.\n (MFSA 2010-41)\n\n - It is possible to read and parse resources from other domains even when the content is not valid JavaScript leading to cross-domain data disclosure. (MFSA 2010-42)\n\n - It is possible to read data across domains by injecting bogus CSS selectors into a target site.\n (MFSA 2010-46)\n\n - Potentially sensitive URL parameters could be leaked across domains via script errors. (MFSA 2010-47)", "published": "2010-07-21T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47783", "cvelist": ["CVE-2010-0654", "CVE-2010-1205", "CVE-2010-1213", "CVE-2010-1212", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-2754", "CVE-2010-2752"], "lastseen": "2017-10-29T13:44:38"}, {"id": "DEBIAN_DSA-2075.NASL", "type": "nessus", "title": "Debian DSA-2075-1 : xulrunner - several vulnerabilities", "description": "Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2010-0182 Wladimir Palant discovered that security checks in XML processing were insufficiently enforced.\n\n - CVE-2010-0654 Chris Evans discovered that insecure CSS handling could lead to reading data across domain boundaries.\n\n - CVE-2010-1205 Aki Helin discovered a buffer overflow in the internal copy of libpng, which could lead to the execution of arbitrary code.\n\n - CVE-2010-1208 'regenrecht' discovered that incorrect memory handling in DOM parsing could lead to the execution of arbitrary code.\n\n - CVE-2010-1211 Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert discovered crashes in the layout engine, which might allow the execution of arbitrary code.\n\n - CVE-2010-1214 'JS3' discovered an integer overflow in the plugin code, which could lead to the execution of arbitrary code.\n\n - CVE-2010-2751 Jordi Chancel discovered that the location could be spoofed to appear like a secured page.\n\n - CVE-2010-2753 'regenrecht' discovered that incorrect memory handling in XUL parsing could lead to the execution of arbitrary code.\n\n - CVE-2010-2754 Soroush Dalili discovered an information leak in script processing.", "published": "2010-07-29T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47889", "cvelist": ["CVE-2010-0654", "CVE-2010-1214", "CVE-2010-1205", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-0182", "CVE-2010-2751", "CVE-2010-1208", "CVE-2010-2754"], "lastseen": "2017-10-29T13:37:33"}, {"id": "SUSE_11_3_MOZILLATHUNDERBIRD-100721.NASL", "type": "nessus", "title": "openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2010:0430-2)", "description": "This update brings Mozilla Thunderbird to the 3.0.6 security release.\n\nIt fixes following security bugs: MFSA 2010-34 / CVE-2010-1211:\nMozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.\n\nMFSA 2010-39 / CVE-2010-2752: Security researcher J23 reported via TippingPoint's Zero Day Initiative that an array class used to store CSS values contained an integer overflow vulnerability. The 16 bit integer value used in allocating the size of the array could overflow, resulting in too small a memory buffer being created. When the array was later populated with CSS values data would be written past the end of the buffer potentially resulting in the execution of attacker-controlled memory.\n\nMFSA 2010-40 / CVE-2010-2753: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an integer overflow vulnerability in the implementation of the XUL <tree> element's selection attribute. When the size of a new selection is sufficiently large the integer used in calculating the length of the selection can overflow, resulting in a bogus range being marked selected. When adjustSelection is then called on the bogus range the range is deleted leaving dangling references to the ranges which could be used by an attacker to call into deleted memory and run arbitrary code on a victim's computer.\n\nMFSA 2010-41 / CVE-2010-1205: OUSPG researcher Aki Helin reported a buffer overflow in Mozilla graphics code which consumes image data processed by libpng. A malformed PNG file could be created which would cause libpng to incorrectly report the size of the image to downstream consumers. When the dimensions of such images are underreported, the Mozilla code responsible for displaying the graphic will allocate too small a memory buffer to contain the image data and will wind up writing data past the end of the buffer. This could result in the execution of attacker-controlled memory.\n\nMFSA 2011-42 / CVE-2010-1213: Security researcher Yosuke Hasegawa reported that the Web Worker method importScripts can read and parse resources from other domains even when the content is not valid JavaScript. This is a violation of the same-origin policy and could be used by an attacker to steal information from other sites.\n\nMFSA 2010-46 / CVE-2010-0654: Google security researcher Chris Evans reported that data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target page, then the region between the two injection points becomes readable to JavaScript through, for example, the getComputedStyle() API.\n\nMFSA 2010-47 / CVE-2010-2754: Security researcher Soroush Dalili reported that potentially sensitive URL parameters could be leaked across domains upon script errors when the script filename and line number is included in the error message.", "published": "2014-06-13T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=75658", "cvelist": ["CVE-2010-0654", "CVE-2010-1205", "CVE-2010-1213", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-2754", "CVE-2010-2752"], "lastseen": "2017-10-29T13:44:42"}, {"id": "SUSE_11_3_SEAMONKEY-100721.NASL", "type": "nessus", "title": "openSUSE Security Update : seamonkey (openSUSE-SU-2010:0430-1)", "description": "This update brings Mozilla SeaMonkey to the 2.0.6 security release.\n\nIt fixes following security bugs: MFSA 2010-34 / CVE-2010-1211:\nMozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.\n\nMFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the DOM attribute cloning routine where under certain circumstances an event attribute node can be deleted while another object still contains a reference to it. This reference could subsequently be accessed, potentially causing the execution of attacker controlled memory.\n\nMFSA 2010-36 / CVE-2010-1209: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in Mozilla's implementation of NodeIterator in which a malicious NodeFilter could be created which would detach nodes from the DOM tree while it was being traversed. The use of a detached and subsequently deleted node could result in the execution of attacker-controlled memory.\n\nMFSA 2010-37 / CVE-2010-1214: Security researcher J23 reported via TippingPoint's Zero Day Initiative an error in the code used to store the names and values of plugin parameter elements. A malicious page could embed plugin content containing a very large number of parameter elements which would cause an overflow in the integer value counting them. This integer is later used in allocating a memory buffer used to store the plugin parameters. Under such conditions, too small a buffer would be created and attacker-controlled data could be written past the end of the buffer, potentially resulting in code execution.\n\nMFSA 2010-39 / CVE-2010-2752: Security researcher J23 reported via TippingPoint's Zero Day Initiative that an array class used to store CSS values contained an integer overflow vulnerability. The 16 bit integer value used in allocating the size of the array could overflow, resulting in too small a memory buffer being created. When the array was later populated with CSS values data would be written past the end of the buffer potentially resulting in the execution of attacker-controlled memory.\n\nMFSA 2010-40 / CVE-2010-2753: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an integer overflow vulnerability in the implementation of the XUL <tree> element's selection attribute. When the size of a new selection is sufficiently large the integer used in calculating the length of the selection can overflow, resulting in a bogus range being marked selected. When adjustSelection is then called on the bogus range the range is deleted leaving dangling references to the ranges which could be used by an attacker to call into deleted memory and run arbitrary code on a victim's computer.\n\nMFSA 2010-41 / CVE-2010-1205: OUSPG researcher Aki Helin reported a buffer overflow in Mozilla graphics code which consumes image data processed by libpng. A malformed PNG file could be created which would cause libpng to incorrectly report the size of the image to downstream consumers. When the dimensions of such images are underreported, the Mozilla code responsible for displaying the graphic will allocate too small a memory buffer to contain the image data and will wind up writing data past the end of the buffer. This could result in the execution of attacker-controlled memory.\n\nMFSA 2011-42 / CVE-2010-1213: Security researcher Yosuke Hasegawa reported that the Web Worker method importScripts can read and parse resources from other domains even when the content is not valid JavaScript. This is a violation of the same-origin policy and could be used by an attacker to steal information from other sites.\n\nMFSA 2010-45 / CVE-2010-1206: Google security researcher Michal Zalewski reported two methods for spoofing the contents of the location bar. The first method works by opening a new window containing a resource that responds with an HTTP 204 (no content) and then using the reference to the new window to insert HTML content into the blank document. The second location bar spoofing method does not require that the resource opened in a new window respond with 204, as long as the opener calls window.stop() before the document is loaded.\nIn either case a user could be mislead as to the correct location of the document they are currently viewing.\n\nMFSA 2010-45 / CVE-2010-2751: Security researcher Jordi Chancel reported that the location bar could be spoofed to look like a secure page when the current document was served via plaintext. The vulnerability is triggered by a server by first redirecting a request for a plaintext resource to another resource behind a valid SSL/TLS certificate. A second request made to the original plaintext resource which is responded to not with a redirect but with JavaScript containing history.back() and history.forward() will result in the plaintext resource being displayed with valid SSL/TLS badging in the location bar. References\n\nMFSA 2010-46 / CVE-2010-0654: Google security researcher Chris Evans reported that data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target page, then the region between the two injection points becomes readable to JavaScript through, for example, the getComputedStyle() API.\n\nMFSA 2010-47 / CVE-2010-2754: Security researcher Soroush Dalili reported that potentially sensitive URL parameters could be leaked across domains upon script errors when the script filename and line number is included in the error message.", "published": "2014-06-13T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=75731", "cvelist": ["CVE-2010-0654", "CVE-2010-1214", "CVE-2010-1205", "CVE-2010-1213", "CVE-2010-1206", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-2751", "CVE-2010-1208", "CVE-2010-1209", "CVE-2010-2754", "CVE-2010-2752"], "lastseen": "2017-10-29T13:42:52"}, {"id": "UBUNTU_USN-978-1.NASL", "type": "nessus", "title": "Ubuntu 10.04 LTS : thunderbird vulnerabilities (USN-978-1)", "description": "Several dangling pointer vulnerabilities were discovered in Thunderbird. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program.\n(CVE-2010-2760, CVE-2010-2767, CVE-2010-3167)\n\nIt was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper did not always honor the same-origin policy. If JavaScript was enabled, an attacker could exploit this to run untrusted JavaScript from other domains. (CVE-2010-2763)\n\nMatt Haggard discovered that Thunderbird did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. If a user were tricked into viewing a malicious site, a remote attacker could use this to gather information about servers on internal private networks. (CVE-2010-2764)\n\nChris Rohlf discovered an integer overflow when Thunderbird processed the HTML frameset element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program.\n(CVE-2010-2765)\n\nSeveral issues were discovered in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-2766, CVE-2010-3168)\n\nDavid Huang and Collin Jackson discovered that the <object> tag could override the charset of a framed HTML document in another origin. An attacker could utilize this to perform cross-site scripting attacks.\n(CVE-2010-2768)\n\nPaul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. If JavaScript was enabled, an attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2769)\n\nA buffer overflow was discovered in Thunderbird when processing text runs. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-3166)\n\nPeter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-3169).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2010-09-09T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=49170", "cvelist": ["CVE-2010-2766", "CVE-2010-3169", "CVE-2010-2763", "CVE-2010-3167", "CVE-2010-2753", "CVE-2010-3168", "CVE-2010-2764", "CVE-2010-3166", "CVE-2010-2769", "CVE-2010-2768", "CVE-2010-2765", "CVE-2010-2767", "CVE-2010-2760"], "lastseen": "2017-10-29T13:39:40"}, {"id": "SUSE_11_1_MOZILLAFIREFOX-100722.NASL", "type": "nessus", "title": "openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0430-3)", "description": "This update brings Mozilla Firefox to the 3.5.11 security release.\n\nIt fixes following security bugs: MFSA 2010-34 / CVE-2010-1211:\nMozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.\n\nMFSA 2010-35 / CVE-2010-1208: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in the DOM attribute cloning routine where under certain circumstances an event attribute node can be deleted while another object still contains a reference to it. This reference could subsequently be accessed, potentially causing the execution of attacker controlled memory.\n\nMFSA 2010-36 / CVE-2010-1209: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in Mozilla's implementation of NodeIterator in which a malicious NodeFilter could be created which would detach nodes from the DOM tree while it was being traversed. The use of a detached and subsequently deleted node could result in the execution of attacker-controlled memory.\n\nMFSA 2010-37 / CVE-2010-1214: Security researcher J23 reported via TippingPoint's Zero Day Initiative an error in the code used to store the names and values of plugin parameter elements. A malicious page could embed plugin content containing a very large number of parameter elements which would cause an overflow in the integer value counting them. This integer is later used in allocating a memory buffer used to store the plugin parameters. Under such conditions, too small a buffer would be created and attacker-controlled data could be written past the end of the buffer, potentially resulting in code execution.\n\nMFSA 2010-39 / CVE-2010-2752: Security researcher J23 reported via TippingPoint's Zero Day Initiative that an array class used to store CSS values contained an integer overflow vulnerability. The 16 bit integer value used in allocating the size of the array could overflow, resulting in too small a memory buffer being created. When the array was later populated with CSS values data would be written past the end of the buffer potentially resulting in the execution of attacker-controlled memory.\n\nMFSA 2010-40 / CVE-2010-2753: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an integer overflow vulnerability in the implementation of the XUL <tree> element's selection attribute. When the size of a new selection is sufficiently large the integer used in calculating the length of the selection can overflow, resulting in a bogus range being marked selected. When adjustSelection is then called on the bogus range the range is deleted leaving dangling references to the ranges which could be used by an attacker to call into deleted memory and run arbitrary code on a victim's computer.\n\nMFSA 2010-41 / CVE-2010-1205: OUSPG researcher Aki Helin reported a buffer overflow in Mozilla graphics code which consumes image data processed by libpng. A malformed PNG file could be created which would cause libpng to incorrectly report the size of the image to downstream consumers. When the dimensions of such images are underreported, the Mozilla code responsible for displaying the graphic will allocate too small a memory buffer to contain the image data and will wind up writing data past the end of the buffer. This could result in the execution of attacker-controlled memory.\n\nMFSA 2010-42 / CVE-2010-1213: Security researcher Yosuke Hasegawa reported that the Web Worker method importScripts can read and parse resources from other domains even when the content is not valid JavaScript. This is a violation of the same-origin policy and could be used by an attacker to steal information from other sites.\n\nMFSA 2010-45 / CVE-2010-1206: Google security researcher Michal Zalewski reported two methods for spoofing the contents of the location bar. The first method works by opening a new window containing a resource that responds with an HTTP 204 (no content) and then using the reference to the new window to insert HTML content into the blank document. The second location bar spoofing method does not require that the resource opened in a new window respond with 204, as long as the opener calls window.stop() before the document is loaded.\nIn either case a user could be mislead as to the correct location of the document they are currently viewing.\n\nMFSA 2010-45 / CVE-2010-2751: Security researcher Jordi Chancel reported that the location bar could be spoofed to look like a secure page when the current document was served via plaintext. The vulnerability is triggered by a server by first redirecting a request for a plaintext resource to another resource behind a valid SSL/TLS certificate. A second request made to the original plaintext resource which is responded to not with a redirect but with JavaScript containing history.back() and history.forward() will result in the plaintext resource being displayed with valid SSL/TLS badging in the location bar. References\n\nMFSA 2010-46 / CVE-2010-0654: Google security researcher Chris Evans reported that data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target page, then the region between the two injection points becomes readable to JavaScript through, for example, the getComputedStyle() API.\n\nMFSA 2010-47 / CVE-2010-2754: Security researcher Soroush Dalili reported that potentially sensitive URL parameters could be leaked across domains upon script errors when the script filename and line number is included in the error message.", "published": "2010-07-30T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47906", "cvelist": ["CVE-2010-0654", "CVE-2010-1214", "CVE-2010-1205", "CVE-2010-1213", "CVE-2010-1206", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-2751", "CVE-2010-1208", "CVE-2010-1209", "CVE-2010-2754", "CVE-2010-2752"], "lastseen": "2017-10-29T13:41:17"}], "openvas": [{"id": "OPENVAS:1361412562310831146", "type": "openvas", "title": "Mandriva Update for mozilla-thunderbird MDVSA-2010:169 (mozilla-thunderbird)", "description": "Check for the Version of mozilla-thunderbird", "published": "2010-09-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831146", "cvelist": ["CVE-2010-0654", "CVE-2010-1213", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-2754", "CVE-2010-2752"], "lastseen": "2018-01-17T11:05:17"}, {"id": "OPENVAS:870294", "type": "openvas", "title": "RedHat Update for seamonkey RHSA-2010:0546-01", "description": "Check for the Version of seamonkey", "published": "2010-07-23T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870294", "cvelist": ["CVE-2010-1214", "CVE-2010-1205", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-2751", "CVE-2010-2754"], "lastseen": "2017-12-14T11:48:38"}, {"id": "OPENVAS:831146", "type": "openvas", "title": "Mandriva Update for mozilla-thunderbird MDVSA-2010:169 (mozilla-thunderbird)", "description": "Check for the Version of mozilla-thunderbird", "published": "2010-09-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=831146", "cvelist": ["CVE-2010-0654", "CVE-2010-1213", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-2754", "CVE-2010-2752"], "lastseen": "2017-12-20T13:17:46"}, {"id": "OPENVAS:1361412562310870294", "type": "openvas", "title": "RedHat Update for seamonkey RHSA-2010:0546-01", "description": "Check for the Version of seamonkey", "published": "2010-07-23T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870294", "cvelist": ["CVE-2010-1214", "CVE-2010-1205", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-2751", "CVE-2010-2754"], "lastseen": "2018-01-02T10:54:23"}, {"id": "OPENVAS:1361412562310880410", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2010:0546 centos3 i386", "description": "Check for the Version of seamonkey", "published": "2010-08-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880410", "cvelist": ["CVE-2010-1214", "CVE-2010-1205", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-2751", "CVE-2010-2754"], "lastseen": "2018-01-22T13:06:05"}, {"id": "OPENVAS:880410", "type": "openvas", "title": "CentOS Update for seamonkey CESA-2010:0546 centos3 i386", "description": "Check for the Version of seamonkey", "published": "2010-08-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=880410", "cvelist": ["CVE-2010-1214", "CVE-2010-1205", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-2751", "CVE-2010-2754"], "lastseen": "2018-01-02T10:54:45"}, {"id": "OPENVAS:801385", "type": "openvas", "title": "Mozilla Products Multiple Vulnerabilities jul-10 (Windows)", "description": "The host is installed with Mozilla Firefox/Seamonkey/Thunderbird that are\n prone to multiple vulnerabilities.", "published": "2010-07-26T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=801385", "cvelist": ["CVE-2010-0654", "CVE-2010-1213", "CVE-2010-1212", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-2754", "CVE-2010-2752"], "lastseen": "2017-07-12T10:50:19"}, {"id": "OPENVAS:136141256231067832", "type": "openvas", "title": "Debian Security Advisory DSA 2075-1 (xulrunner)", "description": "The remote host is missing an update to xulrunner\nannounced via advisory DSA 2075-1.", "published": "2010-08-21T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067832", "cvelist": ["CVE-2010-0654", "CVE-2010-1214", "CVE-2010-1205", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-0182", "CVE-2010-2751", "CVE-2010-1208", "CVE-2010-2754"], "lastseen": "2018-01-18T11:04:52"}, {"id": "OPENVAS:67832", "type": "openvas", "title": "Debian Security Advisory DSA 2075-1 (xulrunner)", "description": "The remote host is missing an update to xulrunner\nannounced via advisory DSA 2075-1.", "published": "2010-08-21T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=67832", "cvelist": ["CVE-2010-0654", "CVE-2010-1214", "CVE-2010-1205", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-0182", "CVE-2010-2751", "CVE-2010-1208", "CVE-2010-2754"], "lastseen": "2017-07-24T12:49:13"}, {"id": "OPENVAS:1361412562310840470", "type": "openvas", "title": "Ubuntu Update for thunderbird vulnerabilities USN-958-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-958-1", "published": "2010-07-30T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840470", "cvelist": ["CVE-2010-0654", "CVE-2010-1205", "CVE-2010-1213", "CVE-2010-1212", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-2754", "CVE-2010-2752"], "lastseen": "2018-01-06T13:04:59"}], "redhat": [{"id": "RHSA-2010:0546", "type": "redhat", "title": "(RHSA-2010:0546) Critical: seamonkey security update", "description": "SeaMonkey is an open source web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2010-1211, CVE-2010-2753, CVE-2010-1214)\n\nA memory corruption flaw was found in the way SeaMonkey decoded certain PNG\nimages. An attacker could create a specially-crafted PNG image that, when\nopened, could cause SeaMonkey to crash or, potentially, execute arbitrary\ncode with the privileges of the user running SeaMonkey. (CVE-2010-1205)\n\nA same-origin policy bypass flaw was found in SeaMonkey. An attacker could\ncreate a malicious web page that, when viewed by a victim, could steal\nprivate data from a different website the victim has loaded with SeaMonkey.\n(CVE-2010-2754)\n\nA flaw was found in the way SeaMonkey displayed the location bar when\nvisiting a secure web page. A malicious server could use this flaw to\npresent data that appears to originate from a secure server, even though it\ndoes not. (CVE-2010-2751)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n", "published": "2010-07-20T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0546", "cvelist": ["CVE-2010-1205", "CVE-2010-1211", "CVE-2010-1214", "CVE-2010-2751", "CVE-2010-2753", "CVE-2010-2754"], "lastseen": "2018-05-27T21:43:30"}, {"id": "RHSA-2010:0544", "type": "redhat", "title": "(RHSA-2010:0544) Moderate: thunderbird security update", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211,\nCVE-2010-1214, CVE-2010-2753)\n\nAn integer overflow flaw was found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1199)\n\nSeveral use-after-free flaws were found in Thunderbird. Viewing an HTML\nmail message containing malicious content could result in Thunderbird\nexecuting arbitrary code with the privileges of the user running\nThunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in the way Thunderbird plug-ins interact. It was possible\nfor a plug-in to reference the freed memory from a different plug-in,\nresulting in the execution of arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-1198)\n\nA flaw was found in the way Thunderbird handled the \"Content-Disposition:\nattachment\" HTTP header when the \"Content-Type: multipart\" HTTP header was\nalso present. Loading remote HTTP content that allows arbitrary uploads and\nrelies on the \"Content-Disposition: attachment\" HTTP header to prevent\ncontent from being displayed inline, could be used by an attacker to serve\nmalicious content to users. (CVE-2010-1197)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird has loaded. (CVE-2010-2754)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n", "published": "2010-07-20T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0544", "cvelist": ["CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0176", "CVE-2010-0177", "CVE-2010-1197", "CVE-2010-1198", "CVE-2010-1199", "CVE-2010-1200", "CVE-2010-1211", "CVE-2010-1214", "CVE-2010-2753", "CVE-2010-2754"], "lastseen": "2017-09-09T07:19:47"}, {"id": "RHSA-2010:0545", "type": "redhat", "title": "(RHSA-2010:0545) Critical: thunderbird security update", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nA memory corruption flaw was found in the way Thunderbird decoded certain\nPNG images. An attacker could create a mail message containing a\nspecially-crafted PNG image that, when opened, could cause Thunderbird to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-1205)\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211,\nCVE-2010-1214, CVE-2010-2753)\n\nAn integer overflow flaw was found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1199)\n\nSeveral use-after-free flaws were found in Thunderbird. Viewing an HTML\nmail message containing malicious content could result in Thunderbird\nexecuting arbitrary code with the privileges of the user running\nThunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in the way Thunderbird plug-ins interact. It was possible\nfor a plug-in to reference the freed memory from a different plug-in,\nresulting in the execution of arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-1198)\n\nA flaw was found in the way Thunderbird handled the \"Content-Disposition:\nattachment\" HTTP header when the \"Content-Type: multipart\" HTTP header was\nalso present. Loading remote HTTP content that allows arbitrary uploads and\nrelies on the \"Content-Disposition: attachment\" HTTP header to prevent\ncontent from being displayed inline, could be used by an attacker to serve\nmalicious content to users. (CVE-2010-1197)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird has loaded. (CVE-2010-2754)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n", "published": "2010-07-20T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0545", "cvelist": ["CVE-2010-0174", "CVE-2010-0175", "CVE-2010-0176", "CVE-2010-0177", "CVE-2010-1197", "CVE-2010-1198", "CVE-2010-1199", "CVE-2010-1200", "CVE-2010-1205", "CVE-2010-1211", "CVE-2010-1214", "CVE-2010-2753", "CVE-2010-2754"], "lastseen": "2017-09-09T07:20:39"}, {"id": "RHSA-2010:0547", "type": "redhat", "title": "(RHSA-2010:0547) Critical: firefox security update", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212,\nCVE-2010-1214, CVE-2010-1215, CVE-2010-2752, CVE-2010-2753)\n\nA memory corruption flaw was found in the way Firefox decoded certain PNG\nimages. An attacker could create a specially-crafted PNG image that, when\nopened, could cause Firefox to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2010-1205)\n\nSeveral same-origin policy bypass flaws were found in Firefox. An attacker\ncould create a malicious web page that, when viewed by a victim, could\nsteal private data from a different website the victim has loaded with\nFirefox. (CVE-2010-0654, CVE-2010-1207, CVE-2010-1213, CVE-2010-2754)\n\nA flaw was found in the way Firefox presented the location bar to a user. A\nmalicious website could trick a user into thinking they are visiting the\nsite reported by the location bar, when the page is actually content\ncontrolled by an attacker. (CVE-2010-1206)\n\nA flaw was found in the way Firefox displayed the location bar when\nvisiting a secure web page. A malicious server could use this flaw to\npresent data that appears to originate from a secure server, even though it\ndoes not. (CVE-2010-2751)\n\nA flaw was found in the way Firefox displayed certain malformed characters.\nA malicious web page could use this flaw to bypass certain string\nsanitization methods, allowing it to display malicious information to\nusers. (CVE-2010-1210)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.7. You can find a link to the Mozilla advisories\nin the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.7, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n", "published": "2010-07-20T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0547", "cvelist": ["CVE-2010-0654", "CVE-2010-1205", "CVE-2010-1206", "CVE-2010-1207", "CVE-2010-1208", "CVE-2010-1209", "CVE-2010-1210", "CVE-2010-1211", "CVE-2010-1212", "CVE-2010-1213", "CVE-2010-1214", "CVE-2010-1215", "CVE-2010-2751", "CVE-2010-2752", "CVE-2010-2753", "CVE-2010-2754"], "lastseen": "2017-09-09T07:20:31"}, {"id": "RHSA-2010:0682", "type": "redhat", "title": "(RHSA-2010:0682) Moderate: thunderbird security update", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-3169)\n\nA buffer overflow flaw was found in Thunderbird. An HTML mail message\ncontaining malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2010-2765)\n\nA use-after-free flaw and several dangling pointer flaws were found in\nThunderbird. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-2760, CVE-2010-2767,\nCVE-2010-3167, CVE-2010-3168)\n\nA cross-site scripting (XSS) flaw was found in Thunderbird. Remote HTML\ncontent could cause Thunderbird to execute JavaScript code with the\npermissions of different remote HTML content. (CVE-2010-2768)\n\nNote: JavaScript support is disabled by default in Thunderbird. None of the\nabove issues are exploitable unless JavaScript is enabled.\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n", "published": "2010-09-07T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0682", "cvelist": ["CVE-2010-2760", "CVE-2010-2765", "CVE-2010-2767", "CVE-2010-2768", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-3169"], "lastseen": "2017-09-09T07:20:21"}, {"id": "RHSA-2010:0680", "type": "redhat", "title": "(RHSA-2010:0680) Critical: seamonkey security update", "description": "SeaMonkey is an open source web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2010-3169)\n\nA buffer overflow flaw was found in SeaMonkey. A web page containing\nmalicious content could cause SeaMonkey to crash or, potentially, execute\narbitrary code with the privileges of the user running SeaMonkey.\n(CVE-2010-2765)\n\nA use-after-free flaw and several dangling pointer flaws were found in\nSeaMonkey. A web page containing malicious content could cause SeaMonkey to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running SeaMonkey. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167,\nCVE-2010-3168)\n\nA cross-site scripting (XSS) flaw was found in SeaMonkey. A web page\ncontaining malicious content could cause SeaMonkey to run JavaScript code\nwith the permissions of a different website. (CVE-2010-2768)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n", "published": "2010-09-07T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0680", "cvelist": ["CVE-2010-2760", "CVE-2010-2765", "CVE-2010-2767", "CVE-2010-2768", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-3169"], "lastseen": "2018-05-27T21:42:42"}, {"id": "RHSA-2010:0681", "type": "redhat", "title": "(RHSA-2010:0681) Critical: firefox security update", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-3169, CVE-2010-2762)\n\nSeveral use-after-free and dangling pointer flaws were found in Firefox. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-2760, CVE-2010-2766, CVE-2010-2767, CVE-2010-3167,\nCVE-2010-3168)\n\nMultiple buffer overflow flaws were found in Firefox. A web page containing\nmalicious content could cause Firefox to crash or, potentially, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2010-2765, CVE-2010-3166)\n\nMultiple cross-site scripting (XSS) flaws were found in Firefox. A web page\ncontaining malicious content could cause Firefox to run JavaScript code\nwith the permissions of a different website. (CVE-2010-2768, CVE-2010-2769)\n\nA flaw was found in the Firefox XMLHttpRequest object. A remote site could\nuse this flaw to gather information about servers on an internal private\nnetwork. (CVE-2010-2764)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.9. You can find a link to the Mozilla advisories\nin the References section of this erratum.\n\nNote: After installing this update, Firefox will fail to connect (with\nHTTPS) to a server using the SSL DHE (Diffie-Hellman Ephemeral) key\nexchange if the server's ephemeral key is too small. Connecting to such\nservers is a security risk as an ephemeral key that is too small makes the\nSSL connection vulnerable to attack. Refer to the Solution section for\nfurther information.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.9, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n", "published": "2010-09-07T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0681", "cvelist": ["CVE-2010-2760", "CVE-2010-2762", "CVE-2010-2764", "CVE-2010-2765", "CVE-2010-2766", "CVE-2010-2767", "CVE-2010-2768", "CVE-2010-2769", "CVE-2010-3166", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-3169"], "lastseen": "2017-09-09T07:20:11"}], "oraclelinux": [{"id": "ELSA-2010-0546", "type": "oraclelinux", "title": "seamonkey security update", "description": "[1.0.9-60.0.1.el4]\n- Added mozilla-oracle-default-prefs.js and mozilla-oracle-default-bookmarks.html\n and emoved corresponding RedHat ones\n[1.0.9-60.el4]\n- Added fixes from 1.9.1.11\n[1.0.9-59.el4]\n- Added fix for mozbz#570451 ", "published": "2010-07-21T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0546.html", "cvelist": ["CVE-2010-1214", "CVE-2010-1205", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-2751", "CVE-2010-2754"], "lastseen": "2016-09-04T11:15:58"}, {"id": "ELSA-2010-0544", "type": "oraclelinux", "title": "thunderbird security update", "description": "[1.5.0.12-28.0.1.el4]\n- Add thunderbird-oracle-default-prefs.js for errata rebuild and remove\n thunderbird-redhat-default-prefs.js\n- Replaced clean.gif in tarball\n[1.5.0.12-28]\n- Added fixes from 1.9.1.11\n[1.5.0.12-26]\n- Added patches from 1.9.1.10 ", "published": "2010-07-21T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0544.html", "cvelist": ["CVE-2010-0176", "CVE-2010-1214", "CVE-2010-0174", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-1197", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-0177", "CVE-2010-1199", "CVE-2010-2754", "CVE-2010-1198"], "lastseen": "2016-09-04T11:16:58"}, {"id": "ELSA-2010-0547", "type": "oraclelinux", "title": "firefox security update", "description": "firefox:\n[3.6.7-2.0.1.el5]\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\n and remove the corresponding Red Hat ones\n[3.6.7-2]\n- Update to 3.6.7 beta2\n[3.6.7-1]\n- Update to 3.6.7\n[3.6.4-9]\n- Fixed rhbz#531159 - default browser check\nxulrunner:\n[1.9.2.7-2.0.1.el5]\n- Added xulrunner-oracle-default-prefs.js and removed the corresponding\n RedHat one.\n[1.9.2.7-2]\n- Update to build 2\n[1.9.2.7-1]\n- Update to 1.9.2.7\n[1.9.2.4-10]\n- Fix a file dependency issue ", "published": "2010-07-21T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0547.html", "cvelist": ["CVE-2010-0654", "CVE-2010-1214", "CVE-2010-1205", "CVE-2010-1213", "CVE-2010-1210", "CVE-2010-1207", "CVE-2010-1212", "CVE-2010-1206", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-1215", "CVE-2010-2751", "CVE-2010-1208", "CVE-2010-1209", "CVE-2010-2754", "CVE-2010-2752"], "lastseen": "2016-09-04T11:16:03"}, {"id": "ELSA-2010-0680", "type": "oraclelinux", "title": "seamonkey security update", "description": "[1.0.9-63.0.1.el4]\n- Added mozilla-oracle-default-prefs.js and mozilla-oracle-default-bookmarks.html\n and emoved corresponding RedHat ones\n[1.0.9-63.el4]\n- Added fixes for mozbz#576447, #583225\n[1.0.9-62.el4]\n- Added fixes from 1.9.1.12 ", "published": "2010-09-08T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0680.html", "cvelist": ["CVE-2010-3169", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-2768", "CVE-2010-2765", "CVE-2010-2767", "CVE-2010-2760"], "lastseen": "2016-09-04T11:16:45"}, {"id": "ELSA-2010-0682", "type": "oraclelinux", "title": "thunderbird security update", "description": "[1.5.0.12-30.0.1.el4]\n- Add thunderbird-oracle-default-prefs.js for errata rebuild and remove\n thunderbird-redhat-default-prefs.js\n Replaced clean.gif in tarball\n[1.5.0.12-30]\n- Added fixes for mozbz#576447, #583225\n[1.5.0.12-29]\n- Added fixes from 1.9.1.12 ", "published": "2010-09-08T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0682.html", "cvelist": ["CVE-2010-3169", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-2768", "CVE-2010-2765", "CVE-2010-2767", "CVE-2010-2760"], "lastseen": "2016-09-04T11:15:56"}, {"id": "ELSA-2010-0681", "type": "oraclelinux", "title": "firefox security update", "description": "firefox:\n[3.6.9-2.0.1.el5]\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\n and remove the corresponding Red Hat ones\n[3.6.9-2]\n- Fixed xulrunner version\n[3.6.9-1]\n- Update to 3.6.9\nnspr:\n[4.8.6-1]\n- update to 4.8.6\nnss:\n[3.12.7-2.0.1.el5_5]\n- Update clean.gif in the nss-3.12.7-stripped.tar.bz2 tarball\n[3.12.7-2]\n- fix dependencies, undo previous change\n[3.12.7-1]\n- Update to 3.12.7\nxulrunner:\n[1.9.2.9-1.0.1.el5]\n- Added xulrunner-oracle-default-prefs.js and removed the corresponding\n RedHat one.\n[1.9.2.9-1]\n- Update to 1.9.2.9 ", "published": "2010-09-08T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0681.html", "cvelist": ["CVE-2010-2762", "CVE-2010-2766", "CVE-2010-3169", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-2764", "CVE-2010-3166", "CVE-2010-2769", "CVE-2010-2768", "CVE-2010-2765", "CVE-2010-2767", "CVE-2010-2760"], "lastseen": "2016-09-04T11:16:04"}], "centos": [{"id": "CESA-2010:0546", "type": "centos", "title": "seamonkey security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0546\n\n\nSeaMonkey is an open source web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2010-1211, CVE-2010-2753, CVE-2010-1214)\n\nA memory corruption flaw was found in the way SeaMonkey decoded certain PNG\nimages. An attacker could create a specially-crafted PNG image that, when\nopened, could cause SeaMonkey to crash or, potentially, execute arbitrary\ncode with the privileges of the user running SeaMonkey. (CVE-2010-1205)\n\nA same-origin policy bypass flaw was found in SeaMonkey. An attacker could\ncreate a malicious web page that, when viewed by a victim, could steal\nprivate data from a different website the victim has loaded with SeaMonkey.\n(CVE-2010-2754)\n\nA flaw was found in the way SeaMonkey displayed the location bar when\nvisiting a secure web page. A malicious server could use this flaw to\npresent data that appears to originate from a secure server, even though it\ndoes not. (CVE-2010-2751)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016924.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016925.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0546.html", "published": "2010-08-16T17:36:58", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-August/016924.html", "cvelist": ["CVE-2010-1214", "CVE-2010-1205", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-2751", "CVE-2010-2754"], "lastseen": "2017-10-03T18:25:31"}, {"id": "CESA-2010:0545", "type": "centos", "title": "thunderbird security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0545\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA memory corruption flaw was found in the way Thunderbird decoded certain\nPNG images. An attacker could create a mail message containing a\nspecially-crafted PNG image that, when opened, could cause Thunderbird to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-1205)\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211,\nCVE-2010-1214, CVE-2010-2753)\n\nAn integer overflow flaw was found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1199)\n\nSeveral use-after-free flaws were found in Thunderbird. Viewing an HTML\nmail message containing malicious content could result in Thunderbird\nexecuting arbitrary code with the privileges of the user running\nThunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in the way Thunderbird plug-ins interact. It was possible\nfor a plug-in to reference the freed memory from a different plug-in,\nresulting in the execution of arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-1198)\n\nA flaw was found in the way Thunderbird handled the \"Content-Disposition:\nattachment\" HTTP header when the \"Content-Type: multipart\" HTTP header was\nalso present. Loading remote HTTP content that allows arbitrary uploads and\nrelies on the \"Content-Disposition: attachment\" HTTP header to prevent\ncontent from being displayed inline, could be used by an attacker to serve\nmalicious content to users. (CVE-2010-1197)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird has loaded. (CVE-2010-2754)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-July/016819.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-July/016820.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\n", "published": "2010-07-22T10:50:56", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-July/016819.html", "cvelist": ["CVE-2010-0176", "CVE-2010-1214", "CVE-2010-0174", "CVE-2010-1205", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-1197", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-0177", "CVE-2010-1199", "CVE-2010-2754", "CVE-2010-1198"], "lastseen": "2017-10-03T18:24:49"}, {"id": "CESA-2010:0544", "type": "centos", "title": "thunderbird security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0544\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211,\nCVE-2010-1214, CVE-2010-2753)\n\nAn integer overflow flaw was found in the processing of malformed HTML mail\ncontent. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-1199)\n\nSeveral use-after-free flaws were found in Thunderbird. Viewing an HTML\nmail message containing malicious content could result in Thunderbird\nexecuting arbitrary code with the privileges of the user running\nThunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)\n\nA flaw was found in the way Thunderbird plug-ins interact. It was possible\nfor a plug-in to reference the freed memory from a different plug-in,\nresulting in the execution of arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-1198)\n\nA flaw was found in the way Thunderbird handled the \"Content-Disposition:\nattachment\" HTTP header when the \"Content-Type: multipart\" HTTP header was\nalso present. Loading remote HTTP content that allows arbitrary uploads and\nrelies on the \"Content-Disposition: attachment\" HTTP header to prevent\ncontent from being displayed inline, could be used by an attacker to serve\nmalicious content to users. (CVE-2010-1197)\n\nA same-origin policy bypass flaw was found in Thunderbird. Remote HTML\ncontent could steal private data from different remote HTML content\nThunderbird has loaded. (CVE-2010-2754)\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016886.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016887.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0544.html", "published": "2010-08-06T19:32:55", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-August/016886.html", "cvelist": ["CVE-2010-0176", "CVE-2010-1214", "CVE-2010-0174", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-1197", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-0177", "CVE-2010-1199", "CVE-2010-2754", "CVE-2010-1198"], "lastseen": "2017-10-03T18:25:05"}, {"id": "CESA-2010:0547", "type": "centos", "title": "firefox, xulrunner security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0547\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212,\nCVE-2010-1214, CVE-2010-1215, CVE-2010-2752, CVE-2010-2753)\n\nA memory corruption flaw was found in the way Firefox decoded certain PNG\nimages. An attacker could create a specially-crafted PNG image that, when\nopened, could cause Firefox to crash or, potentially, execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2010-1205)\n\nSeveral same-origin policy bypass flaws were found in Firefox. An attacker\ncould create a malicious web page that, when viewed by a victim, could\nsteal private data from a different website the victim has loaded with\nFirefox. (CVE-2010-0654, CVE-2010-1207, CVE-2010-1213, CVE-2010-2754)\n\nA flaw was found in the way Firefox presented the location bar to a user. A\nmalicious website could trick a user into thinking they are visiting the\nsite reported by the location bar, when the page is actually content\ncontrolled by an attacker. (CVE-2010-1206)\n\nA flaw was found in the way Firefox displayed the location bar when\nvisiting a secure web page. A malicious server could use this flaw to\npresent data that appears to originate from a secure server, even though it\ndoes not. (CVE-2010-2751)\n\nA flaw was found in the way Firefox displayed certain malformed characters.\nA malicious web page could use this flaw to bypass certain string\nsanitization methods, allowing it to display malicious information to\nusers. (CVE-2010-1210)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.7. You can find a link to the Mozilla advisories\nin the References section of this erratum.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.7, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016878.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-August/016879.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-July/016821.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-July/016822.html\n\n**Affected packages:**\nfirefox\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2010-0547.html", "published": "2010-07-22T11:29:05", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-July/016821.html", "cvelist": ["CVE-2010-0654", "CVE-2010-1214", "CVE-2010-1205", "CVE-2010-1213", "CVE-2010-1210", "CVE-2010-1207", "CVE-2010-1212", "CVE-2010-1206", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-1215", "CVE-2010-2751", "CVE-2010-1208", "CVE-2010-1209", "CVE-2010-2754", "CVE-2010-2752"], "lastseen": "2017-10-03T18:25:02"}, {"id": "CESA-2010:0680", "type": "centos", "title": "seamonkey security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0680\n\n\nSeaMonkey is an open source web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause SeaMonkey to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nSeaMonkey. (CVE-2010-3169)\n\nA buffer overflow flaw was found in SeaMonkey. A web page containing\nmalicious content could cause SeaMonkey to crash or, potentially, execute\narbitrary code with the privileges of the user running SeaMonkey.\n(CVE-2010-2765)\n\nA use-after-free flaw and several dangling pointer flaws were found in\nSeaMonkey. A web page containing malicious content could cause SeaMonkey to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running SeaMonkey. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167,\nCVE-2010-3168)\n\nA cross-site scripting (XSS) flaw was found in SeaMonkey. A web page\ncontaining malicious content could cause SeaMonkey to run JavaScript code\nwith the permissions of a different website. (CVE-2010-2768)\n\nAll SeaMonkey users should upgrade to these updated packages, which correct\nthese issues. After installing the update, SeaMonkey must be restarted for\nthe changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-September/016962.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-September/016963.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-September/016970.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-September/016971.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0680.html", "published": "2010-09-08T17:19:58", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-September/016962.html", "cvelist": ["CVE-2010-3169", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-2768", "CVE-2010-2765", "CVE-2010-2767", "CVE-2010-2760"], "lastseen": "2017-10-03T18:24:38"}, {"id": "CESA-2010:0682", "type": "centos", "title": "thunderbird security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0682\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nSeveral flaws were found in the processing of malformed HTML mail content.\nAn HTML mail message containing malicious content could cause Thunderbird\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2010-3169)\n\nA buffer overflow flaw was found in Thunderbird. An HTML mail message\ncontaining malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2010-2765)\n\nA use-after-free flaw and several dangling pointer flaws were found in\nThunderbird. An HTML mail message containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2010-2760, CVE-2010-2767,\nCVE-2010-3167, CVE-2010-3168)\n\nA cross-site scripting (XSS) flaw was found in Thunderbird. Remote HTML\ncontent could cause Thunderbird to execute JavaScript code with the\npermissions of different remote HTML content. (CVE-2010-2768)\n\nNote: JavaScript support is disabled by default in Thunderbird. None of the\nabove issues are exploitable unless JavaScript is enabled.\n\nAll Thunderbird users should upgrade to this updated package, which\nresolves these issues. All running instances of Thunderbird must be\nrestarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-September/016972.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-September/016973.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-September/016992.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-September/016993.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0682.html", "published": "2010-09-08T18:58:38", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-September/016972.html", "cvelist": ["CVE-2010-3169", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-2768", "CVE-2010-2765", "CVE-2010-2767", "CVE-2010-2760"], "lastseen": "2017-10-03T18:24:50"}, {"id": "CESA-2010:0681", "type": "centos", "title": "firefox, nspr, nss, xulrunner security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0681\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-3169, CVE-2010-2762)\n\nSeveral use-after-free and dangling pointer flaws were found in Firefox. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-2760, CVE-2010-2766, CVE-2010-2767, CVE-2010-3167,\nCVE-2010-3168)\n\nMultiple buffer overflow flaws were found in Firefox. A web page containing\nmalicious content could cause Firefox to crash or, potentially, execute\narbitrary code with the privileges of the user running Firefox.\n(CVE-2010-2765, CVE-2010-3166)\n\nMultiple cross-site scripting (XSS) flaws were found in Firefox. A web page\ncontaining malicious content could cause Firefox to run JavaScript code\nwith the permissions of a different website. (CVE-2010-2768, CVE-2010-2769)\n\nA flaw was found in the Firefox XMLHttpRequest object. A remote site could\nuse this flaw to gather information about servers on an internal private\nnetwork. (CVE-2010-2764)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.9. You can find a link to the Mozilla advisories\nin the References section of this erratum.\n\nNote: After installing this update, Firefox will fail to connect (with\nHTTPS) to a server using the SSL DHE (Diffie-Hellman Ephemeral) key\nexchange if the server's ephemeral key is too small. Connecting to such\nservers is a security risk as an ephemeral key that is too small makes the\nSSL connection vulnerable to attack. Refer to the Solution section for\nfurther information.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 3.6.9, which corrects these issues. After installing the\nupdate, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-September/016968.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-September/016969.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-September/016976.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-September/016977.html\n\n**Affected packages:**\nfirefox\nnspr\nnspr-devel\nnss\nnss-devel\nnss-pkcs11-devel\nnss-tools\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2010-0681.html", "published": "2010-09-08T18:50:48", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-September/016968.html", "cvelist": ["CVE-2010-2762", "CVE-2010-2766", "CVE-2010-3169", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-2764", "CVE-2010-3166", "CVE-2010-2769", "CVE-2010-2768", "CVE-2010-2765", "CVE-2010-2767", "CVE-2010-2760"], "lastseen": "2017-10-03T18:25:25"}], "ubuntu": [{"id": "USN-958-1", "type": "ubuntu", "title": "Thunderbird vulnerabilities", "description": "Several flaws were discovered in the browser engine of Thunderbird. If a user were tricked into viewing malicious content, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-1211, CVE-2010-1212)\n\nAn integer overflow was discovered in how Thunderbird processed CSS values. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752)\n\nAn integer overflow was discovered in how Thunderbird interpreted the XUL element. If a user were tricked into viewing malicious content, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753)\n\nAki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205)\n\nYosuke Hasegawa discovered that the same-origin check in Thunderbird could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing malicious content, an attacker could exploit this to read data from other domains. (CVE-2010-1213)\n\nChris Evans discovered that Thunderbird did not properly process improper CSS selectors. If a user were tricked into viewing malicious content, an attacker could exploit this to read data from other domains. (CVE-2010-0654)\n\nSoroush Dalili discovered that Thunderbird did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754)", "published": "2010-07-26T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/958-1/", "cvelist": ["CVE-2010-0654", "CVE-2010-1205", "CVE-2010-1213", "CVE-2010-1212", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-2754", "CVE-2010-2752"], "lastseen": "2018-03-29T18:21:21"}, {"id": "USN-957-1", "type": "ubuntu", "title": "Firefox and Xulrunner vulnerabilities", "description": "Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212)\n\nAn integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1214)\n\nA flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. (CVE-2010-1215)\n\nAn integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752)\n\nAn integer overflow was discovered in how Firefox interpreted the XUL <tree> element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753)\n\nAki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205)\n\nYosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-1213, CVE-2010-1207)\n\nO. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-1210)\n\nMichal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no content) code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-1206)\n\nJordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-2751)\n\nChris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0654)\n\nSoroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754)", "published": "2010-07-23T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/957-1/", "cvelist": ["CVE-2010-0654", "CVE-2010-1214", "CVE-2010-1205", "CVE-2010-1213", "CVE-2010-1210", "CVE-2010-1207", "CVE-2010-1212", "CVE-2010-1206", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-1215", "CVE-2010-2751", "CVE-2010-1208", "CVE-2010-1209", "CVE-2010-2754", "CVE-2010-2752"], "lastseen": "2018-03-29T18:17:04"}, {"id": "USN-957-2", "type": "ubuntu", "title": "Firefox and Xulrunner vulnerability", "description": "USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. (CVE-2010-2755)\n\nThis update fixes the problem.\n\nOriginal advisory details:\n\nSeveral flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212)\n\nAn integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1214)\n\nA flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. (CVE-2010-1215)\n\nAn integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752)\n\nAn integer overflow was discovered in how Firefox interpreted the XUL <tree> element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753)\n\nAki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205)\n\nYosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-1213, CVE-2010-1207)\n\nO. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-1210)\n\nMichal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no content) code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-1206)\n\nJordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-2751)\n\nChris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0654)\n\nSoroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754)", "published": "2010-07-26T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/957-2/", "cvelist": ["CVE-2010-0654", "CVE-2010-1214", "CVE-2010-1205", "CVE-2010-1213", "CVE-2010-1210", "CVE-2010-1207", "CVE-2010-1212", "CVE-2010-1206", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-1215", "CVE-2010-2755", "CVE-2010-2751", "CVE-2010-1208", "CVE-2010-1209", "CVE-2010-2754", "CVE-2010-2752"], "lastseen": "2018-03-29T18:19:57"}, {"id": "USN-930-4", "type": "ubuntu", "title": "Firefox and Xulrunner vulnerabilities", "description": "USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides the corresponding updates for Ubuntu 9.04 and 9.10, along with additional updates affecting Firefox 3.6.6.\n\nSeveral flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212)\n\nAn integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1214)\n\nA flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. (CVE-2010-1215)\n\nAn integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752)\n\nAn integer overflow was discovered in how Firefox interpreted the XUL <tree> element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753)\n\nAki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205)\n\nYosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-1213, CVE-2010-1207)\n\nO. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-1210)\n\nMichal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no content) code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-1206)\n\nJordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-2751)\n\nChris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0654)\n\nSoroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754)\n\nOriginal advisory details:\n\nIf was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1121)\n\nSeveral flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203)\n\nA flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1198)\n\nAn integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1196)\n\nMartin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199)\n\nMichal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. (CVE-2010-1125)\n\nIlja van Sprundel discovered that the \u2018Content-Disposition: attachment\u2019 HTTP header was ignored when \u2018Content-Type: multipart\u2019 was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. (CVE-2010-1197)\n\nAmit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different web sites. (CVE-2008-5913)", "published": "2010-07-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/930-4/", "cvelist": ["CVE-2010-0654", "CVE-2010-1203", "CVE-2010-1214", "CVE-2010-1205", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1213", "CVE-2010-1210", "CVE-2010-1197", "CVE-2010-1207", "CVE-2010-1212", "CVE-2010-1206", "CVE-2010-1211", "CVE-2010-1121", "CVE-2010-2753", "CVE-2010-1215", "CVE-2010-1196", "CVE-2010-1201", "CVE-2008-5913", "CVE-2010-2751", "CVE-2010-1208", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1209", "CVE-2010-2754", "CVE-2010-1198", "CVE-2010-2752"], "lastseen": "2018-03-29T18:17:51"}, {"id": "USN-930-5", "type": "ubuntu", "title": "ant, apturl, Epiphany, gluezilla, gnome-python-extras, liferea, mozvoikko, OpenJDK, packagekit, ubufox, webfav, yelp update", "description": "USN-930-4 fixed vulnerabilities in Firefox and Xulrunner on Ubuntu 9.04 and 9.10. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2.\n\nOriginal advisory details:\n\nIf was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2010-1121)\n\nSeveral flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203)\n\nA flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1198)\n\nAn integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1196)\n\nMartin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1199)\n\nMichal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. (CVE-2010-1125)\n\nIlja van Sprundel discovered that the \u2018Content-Disposition: attachment\u2019 HTTP header was ignored when \u2018Content-Type: multipart\u2019 was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. (CVE-2010-1197)\n\nAmit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different web sites. (CVE-2008-5913)\n\nSeveral flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212)\n\nAn integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-1214)\n\nA flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. (CVE-2010-1215)\n\nAn integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2752)\n\nAn integer overflow was discovered in how Firefox interpreted the XUL <tree> element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2753)\n\nAki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205)\n\nYosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-1213, CVE-2010-1207)\n\nO. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-1210)\n\nMichal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no content) code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-1206)\n\nJordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2010-2751)\n\nChris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. (CVE-2010-0654)\n\nSoroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains. (CVE-2010-2754)", "published": "2010-07-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/930-5/", "cvelist": ["CVE-2010-0654", "CVE-2010-1203", "CVE-2010-1214", "CVE-2010-1205", "CVE-2010-1125", "CVE-2010-1200", "CVE-2010-1213", "CVE-2010-1210", "CVE-2010-1197", "CVE-2010-1207", "CVE-2010-1212", "CVE-2010-1206", "CVE-2010-1211", "CVE-2010-1121", "CVE-2010-2753", "CVE-2010-1215", "CVE-2010-1196", "CVE-2010-1201", "CVE-2008-5913", "CVE-2010-2751", "CVE-2010-1208", "CVE-2010-1202", "CVE-2010-1199", "CVE-2010-1209", "CVE-2010-2754", "CVE-2010-1198", "CVE-2010-2752"], "lastseen": "2018-03-29T18:19:15"}, {"id": "USN-978-2", "type": "ubuntu", "title": "Thunderbird regression", "description": "USN-978-1 fixed vulnerabilities in Thunderbird. Some users reported stability problems under certain circumstances. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nSeveral dangling pointer vulnerabilities were discovered in Thunderbird. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167)\n\nIt was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper did not always honor the same-origin policy. If JavaScript was enabled, an attacker could exploit this to run untrusted JavaScript from other domains. (CVE-2010-2763)\n\nMatt Haggard discovered that Thunderbird did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. If a user were tricked into viewing a malicious site, a remote attacker could use this to gather information about servers on internal private networks. (CVE-2010-2764)\n\nChris Rohlf discovered an integer overflow when Thunderbird processed the HTML frameset element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-2765)\n\nSeveral issues were discovered in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-2766, CVE-2010-3168)\n\nDavid Huang and Collin Jackson discovered that the <object> tag could override the charset of a framed HTML document in another origin. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2768)\n\nPaul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. If JavaScript was enabled, an attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2769)\n\nA buffer overflow was discovered in Thunderbird when processing text runs. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-3166)\n\nPeter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-3169)", "published": "2010-09-16T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/978-2/", "cvelist": ["CVE-2010-2766", "CVE-2010-3169", "CVE-2010-2763", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-2764", "CVE-2010-3166", "CVE-2010-2769", "CVE-2010-2768", "CVE-2010-2765", "CVE-2010-2767", "CVE-2010-2760"], "lastseen": "2018-03-29T18:20:33"}, {"id": "USN-978-1", "type": "ubuntu", "title": "Thunderbird vulnerabilities", "description": "Several dangling pointer vulnerabilities were discovered in Thunderbird. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167)\n\nIt was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper did not always honor the same-origin policy. If JavaScript was enabled, an attacker could exploit this to run untrusted JavaScript from other domains. (CVE-2010-2763)\n\nMatt Haggard discovered that Thunderbird did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. If a user were tricked into viewing a malicious site, a remote attacker could use this to gather information about servers on internal private networks. (CVE-2010-2764)\n\nChris Rohlf discovered an integer overflow when Thunderbird processed the HTML frameset element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-2765)\n\nSeveral issues were discovered in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-2766, CVE-2010-3168)\n\nDavid Huang and Collin Jackson discovered that the <object> tag could override the charset of a framed HTML document in another origin. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2768)\n\nPaul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. If JavaScript was enabled, an attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2769)\n\nA buffer overflow was discovered in Thunderbird when processing text runs. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-3166)\n\nPeter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. (CVE-2010-3169)", "published": "2010-09-08T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/978-1/", "cvelist": ["CVE-2010-2766", "CVE-2010-3169", "CVE-2010-2763", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-2764", "CVE-2010-3166", "CVE-2010-2769", "CVE-2010-2768", "CVE-2010-2765", "CVE-2010-2767", "CVE-2010-2760"], "lastseen": "2018-03-29T18:20:58"}, {"id": "USN-975-1", "type": "ubuntu", "title": "Firefox and Xulrunner vulnerabilities", "description": "Several dangling pointer vulnerabilities were discovered in Firefox. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167)\n\nBlake Kaplan and Michal Zalewski discovered several weaknesses in the XPCSafeJSObjectWrapper (SJOW) security wrapper. If a user were tricked into viewing a malicious site, a remote attacker could use this to run arbitrary JavaScript with chrome privileges. (CVE-2010-2762)\n\nMatt Haggard discovered that Firefox did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. If a user were tricked into viewing a malicious site, a remote attacker could use this to gather information about servers on internal private networks. (CVE-2010-2764)\n\nChris Rohlf discovered an integer overflow when Firefox processed the HTML frameset element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2765)\n\nSeveral issues were discovered in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2766, CVE-2010-3168)\n\nDavid Huang and Collin Jackson discovered that the <object> tag could override the charset of a framed HTML document in another origin. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2768)\n\nPaul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2769)\n\nA buffer overflow was discovered in Firefox when processing text runs. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3166)\n\nPeter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3169)", "published": "2010-09-08T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/975-1/", "cvelist": ["CVE-2010-2762", "CVE-2010-2766", "CVE-2010-3169", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-2764", "CVE-2010-3166", "CVE-2010-2769", "CVE-2010-2768", "CVE-2010-2765", "CVE-2010-2767", "CVE-2010-2760"], "lastseen": "2018-03-29T18:17:30"}, {"id": "USN-975-2", "type": "ubuntu", "title": "Firefox and Xulrunner regression", "description": "USN-975-1 fixed vulnerabilities in Firefox and Xulrunner. Some users reported stability problems under certain circumstances. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nSeveral dangling pointer vulnerabilities were discovered in Firefox. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167)\n\nBlake Kaplan and Michal Zalewski discovered several weaknesses in the XPCSafeJSObjectWrapper (SJOW) security wrapper. If a user were tricked into viewing a malicious site, a remote attacker could use this to run arbitrary JavaScript with chrome privileges. (CVE-2010-2762)\n\nMatt Haggard discovered that Firefox did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. If a user were tricked into viewing a malicious site, a remote attacker could use this to gather information about servers on internal private networks. (CVE-2010-2764)\n\nChris Rohlf discovered an integer overflow when Firefox processed the HTML frameset element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2765)\n\nSeveral issues were discovered in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-2766, CVE-2010-3168)\n\nDavid Huang and Collin Jackson discovered that the <object> tag could override the charset of a framed HTML document in another origin. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2768)\n\nPaul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. An attacker could utilize this to perform cross-site scripting attacks. (CVE-2010-2769)\n\nA buffer overflow was discovered in Firefox when processing text runs. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3166)\n\nPeter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. (CVE-2010-3169)", "published": "2010-09-16T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/975-2/", "cvelist": ["CVE-2010-2762", "CVE-2010-2766", "CVE-2010-3169", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-2764", "CVE-2010-3166", "CVE-2010-2769", "CVE-2010-2768", "CVE-2010-2765", "CVE-2010-2767", "CVE-2010-2760"], "lastseen": "2018-03-29T18:18:32"}], "debian": [{"id": "DSA-2075", "type": "debian", "title": "xulrunner -- several vulnerabilities", "description": "Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2010-0182](<https://security-tracker.debian.org/tracker/CVE-2010-0182>)\n\nWladimir Palant discovered that security checks in XML processing were insufficiently enforced.\n\n * [CVE-2010-0654](<https://security-tracker.debian.org/tracker/CVE-2010-0654>)\n\nChris Evans discovered that insecure CSS handling could lead to reading data across domain boundaries.\n\n * [CVE-2010-1205](<https://security-tracker.debian.org/tracker/CVE-2010-1205>)\n\nAki Helin discovered a buffer overflow in the internal copy of libpng, which could lead to the execution of arbitrary code.\n\n * [CVE-2010-1208](<https://security-tracker.debian.org/tracker/CVE-2010-1208>)\n\n\"regenrecht\" discovered that incorrect memory handling in DOM parsing could lead to the execution of arbitrary code.\n\n * [CVE-2010-1211](<https://security-tracker.debian.org/tracker/CVE-2010-1211>)\n\nJesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert discovered crashes in the layout engine, which might allow the execution of arbitrary code.\n\n * [CVE-2010-1214](<https://security-tracker.debian.org/tracker/CVE-2010-1214>)\n\n\"JS3\" discovered an integer overflow in the plugin code, which could lead to the execution of arbitrary code.\n\n * [CVE-2010-2751](<https://security-tracker.debian.org/tracker/CVE-2010-2751>)\n\nJordi Chancel discovered that the location could be spoofed to appear like a secured page.\n\n * [CVE-2010-2753](<https://security-tracker.debian.org/tracker/CVE-2010-2753>)\n\n\"regenrecht\" discovered that incorrect memory handling in XUL parsing could lead to the execution of arbitrary code.\n\n * [CVE-2010-2754](<https://security-tracker.debian.org/tracker/CVE-2010-2754>)\n\nSoroush Dalili discovered an information leak in script processing.\n\nFor the stable distribution (lenny), these problems have been fixed in version 1.9.0.19-3.\n\nFor the unstable distribution (sid), these problems have been fixed in version 1.9.1.11-1.\n\nFor the experimental distribution, these problems have been fixed in version 1.9.2.7-1.\n\nWe recommend that you upgrade your xulrunner packages.", "published": "2010-07-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-2075", "cvelist": ["CVE-2010-0654", "CVE-2010-1214", "CVE-2010-1205", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-0182", "CVE-2010-2751", "CVE-2010-1208", "CVE-2010-2754"], "lastseen": "2016-09-02T18:23:24"}, {"id": "DSA-2106", "type": "debian", "title": "xulrunner -- several vulnerabilities", "description": "Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2010-2760](<https://security-tracker.debian.org/tracker/CVE-2010-2760>), [CVE-2010-3167](<https://security-tracker.debian.org/tracker/CVE-2010-3167>), [CVE-2010-3168](<https://security-tracker.debian.org/tracker/CVE-2010-3168>)\n\nImplementation errors in XUL processing allow the execution of arbitrary code.\n\n * [CVE-2010-2763](<https://security-tracker.debian.org/tracker/CVE-2010-2763>)\n\nAn implementation error in the XPCSafeJSObjectWrapper wrapper allows the bypass of the same origin policy.\n\n * [CVE-2010-2765](<https://security-tracker.debian.org/tracker/CVE-2010-2765>)\n\nAn integer overflow in frame handling allows the execution of arbitrary code.\n\n * [CVE-2010-2766](<https://security-tracker.debian.org/tracker/CVE-2010-2766>)\n\nAn implementation error in DOM handling allows the execution of arbitrary code.\n\n * [CVE-2010-2767](<https://security-tracker.debian.org/tracker/CVE-2010-2767>)\n\nIncorrect pointer handling in the plugin code allow the execution of arbitrary code.\n\n * [CVE-2010-2768](<https://security-tracker.debian.org/tracker/CVE-2010-2768>)\n\nIncorrect handling of an object tag may lead to the bypass of cross site scripting filters.\n\n * [CVE-2010-2769](<https://security-tracker.debian.org/tracker/CVE-2010-2769>)\n\nIncorrect copy and paste handling could lead to cross site scripting.\n\n * [CVE-2010-3169](<https://security-tracker.debian.org/tracker/CVE-2010-3169>)\n\nCrashes in the layout engine may lead to the execution of arbitrary code.\n\nFor the stable distribution (lenny), these problems have been fixed in version 1.9.0.19-4.\n\nFor the unstable distribution (sid), these problems have been fixed in version 3.5.12-1 of the iceweasel source package (which now builds the xulrunner library binary packages).\n\nFor the experimental distribution, these problems have been fixed in version 3.6.9-1 of the iceweasel source package (which now builds the xulrunner library binary packages).\n\nWe recommend that you upgrade your xulrunner packages.", "published": "2010-09-08T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-2106", "cvelist": ["CVE-2010-2766", "CVE-2010-3169", "CVE-2010-2763", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-2769", "CVE-2010-2768", "CVE-2010-2765", "CVE-2010-2767", "CVE-2010-2760"], "lastseen": "2016-09-02T18:32:58"}], "freebsd": [{"id": "8C2EA875-9499-11DF-8E32-000F20797EDE", "type": "freebsd", "title": "mozilla -- multiple vulnerabilities", "description": "\nThe Mozilla Project reports:\n\nMFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)\nMFSA 2010-35 DOM attribute cloning remote code execution vulnerability\nMFSA 2010-36 Use-after-free error in NodeIterator\nMFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability\nMFSA 2010-38 Arbitrary code execution using SJOW and fast native function\nMFSA 2010-39 nsCSSValue::Array index integer overflow\nMFSA 2010-40 nsTreeSelection dangling pointer remote code execution vulnerability\nMFSA 2010-41 Remote code execution using malformed PNG image\nMFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts\nMFSA 2010-43 Same-origin bypass using canvas context\nMFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish\nMFSA 2010-45 Multiple location bar spoofing vulnerabilities\nMFSA 2010-46 Cross-domain data theft using CSS\nMFSA 2010-47 Cross-origin data leakage from script filename in error messages\n\n", "published": "2010-07-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/8c2ea875-9499-11df-8e32-000f20797ede.html", "cvelist": ["CVE-2010-0654", "CVE-2010-1214", "CVE-2010-1205", "CVE-2010-1213", "CVE-2010-1210", "CVE-2010-1207", "CVE-2010-1212", "CVE-2010-1206", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-1215", "CVE-2010-2751", "CVE-2010-1208", "CVE-2010-1209", "CVE-2010-2754", "CVE-2010-2752"], "lastseen": "2016-09-26T17:24:48"}, {"id": "4A21CE2C-BB13-11DF-8E32-000F20797EDE", "type": "freebsd", "title": "mozilla -- multiple vulnerabilities", "description": "\nThe Mozilla Project reports:\n\nMFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)\nMFSA 2010-50 Frameset integer overflow vulnerability\nMFSA 2010-51 Dangling pointer vulnerability using DOM plugin array\nMFSA 2010-52 Windows XP DLL loading vulnerability\nMFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText\nMFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection\nMFSA 2010-55 XUL tree removal crash and remote code execution\nMFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView\nMFSA 2010-57 Crash and remote code execution in normalizeDocument\nMFSA 2010-58 Crash on Mac using fuzzed font in data: URL\nMFSA 2010-59 SJOW creates scope chains ending in outer object\nMFSA 2010-60 XSS using SJOW scripted function\nMFSA 2010-61 UTF-7 XSS by overriding document charset using object type attribute\nMFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS\nMFSA 2010-63 Information leak via XMLHttpRequest statusText\n\n", "published": "2010-09-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/4a21ce2c-bb13-11df-8e32-000f20797ede.html", "cvelist": ["CVE-2010-2762", "CVE-2010-2766", "CVE-2010-3131", "CVE-2010-2770", "CVE-2010-3169", "CVE-2010-2763", "CVE-2010-3167", "CVE-2010-3168", "CVE-2010-2764", "CVE-2010-3166", "CVE-2010-2769", "CVE-2010-2768", "CVE-2010-2765", "CVE-2010-2767", "CVE-2010-2760"], "lastseen": "2016-09-26T17:24:48"}], "suse": [{"id": "SUSE-SA:2010:032", "type": "suse", "title": "remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey", "description": "Various security issues have been found in the Mozilla suite, and the various browsers have been updated to fix these issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2010-07-30T13:10:04", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00008.html", "cvelist": ["CVE-2010-0654", "CVE-2010-1214", "CVE-2010-1205", "CVE-2010-1213", "CVE-2010-1210", "CVE-2010-1207", "CVE-2010-1212", "CVE-2010-1206", "CVE-2010-1211", "CVE-2010-2753", "CVE-2010-1215", "CVE-2010-2755", "CVE-2010-2751", "CVE-2010-1208", "CVE-2010-1209", "CVE-2010-2754", "CVE-2010-2752"], "lastseen": "2016-09-04T11:20:21"}, {"id": "SUSE-SA:2010:049", "type": "suse", "title": "remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey", "description": "Mozilla Firefox was updated to version 3.6.10, fixing various bugs and security issues. Mozilla Thunderbird was updated to version 3.0.8 on openSUSE, fixing the same bugs. Mozilla Seamonkey was updated to version 2.0.8 on openSUSE, fixing the same bugs.\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2010-10-12T16:13:47", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html", "cvelist": ["CVE-2010-2762", "CVE-2010-2766", "CVE-2010-3131", "CVE-2010-2770", "CVE-2010-3169", "CVE-2010-2763", "CVE-2010-3167", "CVE-2010-2753", "CVE-2010-3168", "CVE-2010-2764", "CVE-2010-3166", "CVE-2010-2769", "CVE-2010-2768", "CVE-2010-2765", "CVE-2010-2767", "CVE-2010-2760"], "lastseen": "2016-09-04T12:38:13"}, {"id": "SUSE-SA:2010:056", "type": "suse", "title": "remote code execution in MozillaFirefox,seamonkey,MozillaThunderbird", "description": "Various Mozilla suite components, including Firefox, were updated to fix various bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2010-11-08T11:27:17", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00003.html", "cvelist": ["CVE-2010-2762", "CVE-2010-2766", "CVE-2010-3131", "CVE-2010-2770", "CVE-2010-3177", "CVE-2010-3765", "CVE-2010-3178", "CVE-2010-3169", "CVE-2010-3176", "CVE-2010-3174", "CVE-2010-2763", "CVE-2010-3167", "CVE-2010-3180", "CVE-2010-2753", "CVE-2010-3168", "CVE-2010-2764", "CVE-2010-3166", "CVE-2010-2769", "CVE-2010-3179", "CVE-2010-2768", "CVE-2010-2765", "CVE-2010-2767", "CVE-2010-3175", "CVE-2010-3182", "CVE-2010-3170", "CVE-2010-3183", "CVE-2010-2760"], "lastseen": "2016-09-04T11:57:58"}, {"id": "OPENSUSE-SU-2014:1100-1", "type": "suse", "title": "Firefox update to 31.1esr (important)", "description": "This patch contains security updates for\n\n * mozilla-nss 3.16.4\n - The following 1024-bit root CA certificate was restored to allow more\n time to develop a better transition strategy for affected sites. It\n was removed in NSS 3.16.3, but discussion in the\n mozilla.dev.security.policy forum led to the decision to keep this\n root included longer in order to give website administrators more time\n to update their web servers.\n - CN = GTE CyberTrust Global Root\n * In NSS 3.16.3, the 1024-bit "Entrust.net Secure Server Certification\n Authority" root CA certificate was removed. In NSS 3.16.4, a 2048-bit\n intermediate CA certificate has been included, without explicit trust.\n The intention is to mitigate the effects of the previous removal of\n the 1024-bit Entrust.net root certificate, because many public\n Internet sites still use the "USERTrust Legacy Secure Server CA"\n intermediate certificate that is signed by the 1024-bit Entrust.net\n root certificate. The inclusion of the intermediate certificate is a\n temporary measure to allow those sites to function, by allowing them\n to find a trust path to another 2048-bit root CA certificate. The\n temporarily included intermediate certificate expires November 1, 2015.\n\n * Firefox 31.1esr Firefox is updated from 24esr to 31esr as maintenance\n for version 24 stopped\n\n", "published": "2014-09-09T18:04:16", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00004.html", "cvelist": ["CVE-2012-1945", "CVE-2011-3648", "CVE-2014-1505", "CVE-2014-1536", "CVE-2011-0061", "CVE-2011-0077", "CVE-2014-1513", "CVE-2012-0478", "CVE-2012-4193", "CVE-2012-0442", "CVE-2013-5601", "CVE-2013-1687", "CVE-2013-5612", "CVE-2013-1692", "CVE-2010-0654", "CVE-2012-1962", "CVE-2013-0743", "CVE-2012-0443", "CVE-2012-5842", "CVE-2012-4212", "CVE-2013-5595", "CVE-2010-0176", "CVE-2014-1530", "CVE-2011-0083", "CVE-2010-1203", "CVE-2013-1737", "CVE-2012-4214", "CVE-2008-1236", "CVE-2013-5611", "CVE-2012-1970", "CVE-2008-3835", "CVE-2013-1709", "CVE-2007-3738", "CVE-2012-3989", "CVE-2013-5616", "CVE-2013-1678", "CVE-2010-2762", "CVE-2012-5830", "CVE-2013-0763", "CVE-2014-1510", "CVE-2011-3026", "CVE-2012-0460", "CVE-2013-5613", "CVE-2012-1973", "CVE-2014-1522", "CVE-2011-3654", "CVE-2014-1567", "CVE-2012-1974", "CVE-2010-2766", "CVE-2012-4195", "CVE-2012-3986", "CVE-2013-0783", "CVE-2007-3734", "CVE-2011-2371", "CVE-2014-1481", "CVE-2013-1670", "CVE-2012-4185", "CVE-2010-3777", "CVE-2012-3991", "CVE-2013-1719", "CVE-2012-3968", "CVE-2013-1725", "CVE-2012-3963", "CVE-2014-1539", "CVE-2010-0174", "CVE-2012-0452", "CVE-2013-1735", "CVE-2012-1956", "CVE-2014-1487", "CVE-2012-3978", "CVE-2012-3985", "CVE-2013-0746", "CVE-2012-5829", "CVE-2009-1571", "CVE-2012-1944", "CVE-2012-5838", "CVE-2011-2986", "CVE-2010-1205", "CVE-2014-1538", "CVE-2012-4213", "CVE-2013-1685", "CVE-2012-0479", "CVE-2013-5609", "CVE-2007-3737", "CVE-2013-0766", "CVE-2007-3736", "CVE-2012-1940", "CVE-2013-1697", "CVE-2014-1484", "CVE-2014-1525", "CVE-2012-3993", "CVE-2013-5619", "CVE-2012-5837", "CVE-2008-5500", "CVE-2012-5836", "CVE-2014-1509", "CVE-2009-0772", "CVE-2013-0787", "CVE-2012-3995", "CVE-2012-4201", "CVE-2010-0159", "CVE-2009-0773", "CVE-2011-3659", "CVE-2011-3663", "CVE-2014-1494", "CVE-2014-1559", "CVE-2013-0747", "CVE-2012-0470", "CVE-2012-0446", "CVE-2008-4063", "CVE-2014-1537", "CVE-2013-1694", "CVE-2014-1523", "CVE-2012-1972", "CVE-2010-1200", "CVE-2010-0175", "CVE-2012-3988", "CVE-2012-0457", "CVE-2010-3778", "CVE-2012-3994", "CVE-2013-5615", "CVE-2013-1680", "CVE-2012-3962", "CVE-2012-0459", "CVE-2011-2362", "CVE-2014-1529", "CVE-2013-1724", "CVE-2010-1213", "CVE-2013-5597", "CVE-2012-5843", "CVE-2014-1543", "CVE-2014-1486", "CVE-2011-0085", "CVE-2013-5590", "CVE-2008-5510", "CVE-2011-0080", "CVE-2013-0780", "CVE-2008-5502", "CVE-2010-3765", "CVE-2013-1732", "CVE-2013-0744", "CVE-2013-0795", "CVE-2008-1237", "CVE-2013-1720", "CVE-2008-4070", "CVE-2013-0748", "CVE-2012-4183", "CVE-2010-3178", "CVE-2013-1679", "CVE-2007-3285", "CVE-2013-5610", "CVE-2013-0768", "CVE-2011-3661", "CVE-2012-4181", "CVE-2014-1532", "CVE-2013-6671", "CVE-2009-0040", "CVE-2011-3652", "CVE-2013-0755", "CVE-2008-4067", "CVE-2014-1548", "CVE-2011-2364", "CVE-2014-1531", "CVE-2013-0752", "CVE-2012-4186", "CVE-2014-1508", "CVE-2012-1948", "CVE-2008-5012", "CVE-2012-1938", "CVE-2013-0796", "CVE-2012-0449", "CVE-2010-3769", "CVE-2012-3969", "CVE-2014-1502", "CVE-2013-1723", "CVE-2013-0782", "CVE-2012-1953", "CVE-2012-1949", "CVE-2014-1542", "CVE-2012-0456", "CVE-2011-2372", "CVE-2010-3169", "CVE-2012-3970", "CVE-2011-0053", "CVE-2012-5840", "CVE-2010-3176", "CVE-2012-4191", "CVE-2010-3174", "CVE-2010-3768", "CVE-2014-1477", "CVE-2013-0800", "CVE-2010-1212", "CVE-2013-1681", "CVE-2010-1211", "CVE-2010-1121", "CVE-2013-0773", "CVE-2013-0754", "CVE-2010-3167", "CVE-2012-4202", "CVE-2010-3180", "CVE-2012-3957", "CVE-2011-3660", "CVE-2014-1540", "CVE-2014-1534", "CVE-2012-1941", "CVE-2013-1738", "CVE-2014-1482", "CVE-2014-1479", "CVE-2008-4066", "CVE-2008-5018", "CVE-2012-3984", "CVE-2014-1504", "CVE-2012-0444", "CVE-2011-3650", "CVE-2014-1511", "CVE-2010-2753", "CVE-2012-1946", "CVE-2010-3776", "CVE-2012-4182", "CVE-2008-1233", "CVE-2012-4187", "CVE-2012-3983", "CVE-2011-0062", "CVE-2008-0016", "CVE-2011-3101", "CVE-2010-3168", "CVE-2013-0788", "CVE-2013-1728", "CVE-2014-1545", "CVE-2010-0173", "CVE-2012-0472", "CVE-2013-5592", "CVE-2013-1730", "CVE-2008-4059", "CVE-2010-2764", "CVE-2014-1492", "CVE-2011-0081", "CVE-2009-0771", "CVE-2007-3670", "CVE-2012-1954", "CVE-2009-0774", "CVE-2014-1556", "CVE-2012-0461", "CVE-2011-2376", "CVE-2012-3958", "CVE-2012-0469", "CVE-2014-1563", "CVE-2014-1524", "CVE-2014-1512", "CVE-2012-1975", "CVE-2011-0075", "CVE-2013-1690", "CVE-2012-0464", "CVE-2013-0775", "CVE-2012-1967", "CVE-2013-5604", "CVE-2014-1514", "CVE-2010-3166", "CVE-2011-0074", "CVE-2013-0801", "CVE-2012-3956", "CVE-2010-2769", "CVE-2012-3982", "CVE-2009-3555", "CVE-2013-1714", "CVE-2011-2989", "CVE-2010-1196", "CVE-2008-5021", "CVE-2008-5017", "CVE-2013-0769", "CVE-2012-3966", "CVE-2013-0771", "CVE-2014-1490", "CVE-2012-5839", "CVE-2013-0757", "CVE-2014-1498", "CVE-2012-1961", "CVE-2010-3173", "CVE-2012-4216", "CVE-2008-4062", "CVE-2010-3179", "CVE-2010-0182", "CVE-2014-1565", "CVE-2012-3967", "CVE-2013-0749", "CVE-2011-3651", "CVE-2008-4060", "CVE-2007-3656", "CVE-2008-1234", "CVE-2012-1951", "CVE-2012-0475", "CVE-2014-1555", "CVE-2014-1564", "CVE-2012-1952", "CVE-2010-1201", "CVE-2013-0761", "CVE-2013-1669", "CVE-2010-1585", "CVE-2012-3959", "CVE-2012-0455", "CVE-2014-1558", "CVE-2011-0084", "CVE-2012-0759", "CVE-2007-3089", "CVE-2014-1519", "CVE-2013-1701", "CVE-2012-0474", "CVE-2012-3975", "CVE-2010-2768", "CVE-2008-5014", "CVE-2013-1684", "CVE-2008-4058", "CVE-2012-4184", "CVE-2012-0447", "CVE-2014-1547", "CVE-2011-3232", "CVE-2012-4205", "CVE-2014-1480", "CVE-2014-1500", "CVE-2011-0069", "CVE-2013-6630", "CVE-2008-5022", "CVE-2008-5512", "CVE-2014-1497", "CVE-2013-5596", "CVE-2012-3992", "CVE-2008-1235", "CVE-2013-1676", "CVE-2013-0789", "CVE-2008-5501", "CVE-2008-4068", "CVE-2008-5016", "CVE-2013-1675", "CVE-2014-1478", "CVE-2012-3980", "CVE-2008-5503", "CVE-2011-2374", "CVE-2012-1955", "CVE-2012-1960", "CVE-2012-0445", "CVE-2012-0462", "CVE-2012-4217", "CVE-2013-1686", "CVE-2013-0745", "CVE-2013-0756", "CVE-2012-4218", "CVE-2013-0760", "CVE-2011-2377", "CVE-2014-1485", "CVE-2014-1493", "CVE-2007-3735", "CVE-2011-3000", "CVE-2010-2765", "CVE-2014-1544", "CVE-2010-2767", "CVE-2011-0078", "CVE-2012-3960", "CVE-2010-3175", "CVE-2012-0451", "CVE-2011-3655", "CVE-2012-4180", "CVE-2013-0767", "CVE-2010-3182", "CVE-2009-0776", "CVE-2013-5603", "CVE-2012-1959", "CVE-2011-2363", "CVE-2011-0070", "CVE-2013-1682", "CVE-2012-1947", "CVE-2013-6673", "CVE-2013-1674", "CVE-2013-0762", "CVE-2014-1562", "CVE-2010-3170", "CVE-2011-3005", "CVE-2012-4208", "CVE-2011-3658", "CVE-2014-1541", "CVE-2011-2373", "CVE-2008-5511", "CVE-2011-2992", "CVE-2014-1488", "CVE-2012-1957", "CVE-2012-1958", "CVE-2008-4064", "CVE-2012-1976", "CVE-2011-1187", "CVE-2012-5835", "CVE-2014-1552", "CVE-2010-3183", "CVE-2010-1202", "CVE-2012-0468", "CVE-2013-5599", "CVE-2014-1553", "CVE-2014-1549", "CVE-2013-1713", "CVE-2008-5508", "CVE-2012-3972", "CVE-2012-4207", "CVE-2011-2988", "CVE-2008-4061", "CVE-2013-5591", "CVE-2010-1199", "CVE-2012-4204", "CVE-2013-5602", "CVE-2011-2985", "CVE-2012-4192", "CVE-2011-2987", "CVE-2012-4188", "CVE-2012-0441", "CVE-2013-0774", "CVE-2008-5024", "CVE-2013-0753", "CVE-2012-5833", "CVE-2014-1557", "CVE-2013-1736", "CVE-2014-1526", "CVE-2013-0776", "CVE-2012-3964", "CVE-2013-5593", "CVE-2014-1550", "CVE-2013-1718", "CVE-2012-5841", "CVE-2014-1533", "CVE-2013-1717", "CVE-2010-2754", "CVE-2008-5507", "CVE-2012-3990", "CVE-2014-1491", "CVE-2013-6672", "CVE-2013-5614", "CVE-2008-4065", "CVE-2013-1693", "CVE-2010-2760", "CVE-2013-0750", "CVE-2012-1937", "CVE-2014-1560", "CVE-2012-4215", "CVE-2013-6629", "CVE-2012-0463", "CVE-2013-1677", "CVE-2011-2991", "CVE-2013-0770", "CVE-2013-0793", "CVE-2012-4179", "CVE-2011-3001", "CVE-2014-1483", "CVE-2014-1489", "CVE-2011-3062", "CVE-2012-0477", "CVE-2013-1722", "CVE-2012-0473", "CVE-2012-4194", "CVE-2011-2365", "CVE-2012-4209", "CVE-2012-1963", "CVE-2012-4196", "CVE-2008-5506", "CVE-2013-1710", "CVE-2012-0467", "CVE-2012-0458", "CVE-2013-0758", "CVE-2013-5600", "CVE-2010-2752", "CVE-2014-1499", "CVE-2014-1518", "CVE-2012-0471", "CVE-2012-3961", "CVE-2014-1561", "CVE-2012-3971", "CVE-2013-0764", "CVE-2014-1528", "CVE-2013-5618", "CVE-2011-0072"], "lastseen": "2016-09-04T12:21:58"}], "gentoo": [{"id": "GLSA-201301-01", "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the \u2018Mozilla Application Suite\u2019. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications such as Firefox and Thunderbird. NSS is Mozilla\u2019s Network Security Services library that implements PKI support. IceCat is the GNU version of Firefox. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL\u2019s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser\u2019s font, conduct clickjacking attacks, or have other unspecified impact. \n\nA local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nAll users of the Mozilla Firefox binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nAll users of the Mozilla Thunderbird binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nAll Mozilla SeaMonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.14-r1\"\n \n\nAll users of the Mozilla SeaMonkey binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.14\"\n \n\nAll NSS users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nss-3.14\"\n \n\nThe \u201cwww-client/mozilla-firefox\u201d package has been merged into the \u201cwww-client/firefox\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox\u201d and then emerge the latest \u201cwww-client/firefox\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-10.0.11\"\n \n\nThe \u201cwww-client/mozilla-firefox-bin\u201d package has been merged into the \u201cwww-client/firefox-bin\u201d package. To upgrade, please unmerge \u201cwww-client/mozilla-firefox-bin\u201d and then emerge the latest \u201cwww-client/firefox-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox-bin\"\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird\u201d package has been merged into the \u201cmail-client/thunderbird\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird\u201d and then emerge the latest \u201cmail-client/thunderbird\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird\"\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-10.0.11\"\n \n\nThe \u201cmail-client/mozilla-thunderbird-bin\u201d package has been merged into the \u201cmail-client/thunderbird-bin\u201d package. To upgrade, please unmerge \u201cmail-client/mozilla-thunderbird-bin\u201d and then emerge the latest \u201cmail-client/thunderbird-bin\u201d package: \n \n \n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird-bin\"\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-10.0.11\"\n \n\nGentoo discontinued support for GNU IceCat. We recommend that users unmerge GNU IceCat: \n \n \n # emerge --unmerge \"www-client/icecat\"\n \n\nGentoo discontinued support for XULRunner. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner\"\n \n\nGentoo discontinued support for the XULRunner binary package. We recommend that users unmerge XULRunner: \n \n \n # emerge --unmerge \"net-libs/xulrunner-bin\"", "published": "2013-01-08T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201301-01", "cvelist": ["CVE-2012-1945", "CVE-2011-3648", "CVE-2009-0355", "CVE-2011-0061", "CVE-2011-0077", "CVE-2012-0478", "CVE-2012-4193", "CVE-2011-1202", "CVE-2012-0442", "CVE-2010-3772", "CVE-2011-0071", "CVE-2009-2470", "CVE-2010-0654", "CVE-2009-3388", "CVE-2012-1962", "CVE-2012-0443", "CVE-2011-3866", "CVE-2011-0068", "CVE-2012-5842", "CVE-2012-4212", "CVE-2009-2477", "CVE-2009-1563", "CVE-2010-0176", "CVE-2011-3640", "CVE-2011-0083", "CVE-2010-1203", "CVE-2009-3076", "CVE-2012-1970", "CVE-2009-3389", "CVE-2008-3835", "CVE-2012-3989", "CVE-2010-2762", "CVE-2012-5830", "CVE-2012-4210", "CVE-2009-1305", "CVE-2011-3026", "CVE-2009-3979", "CVE-2011-2370", "CVE-2012-0460", "CVE-2012-1973", "CVE-2009-3376", "CVE-2011-2369", "CVE-2011-2998", "CVE-2011-3654", "CVE-2011-2605", "CVE-2009-1833", "CVE-2010-0165", "CVE-2012-1974", "CVE-2010-0220", "CVE-2010-2766", "CVE-2011-2993", "CVE-2012-4195", "CVE-2010-0168", "CVE-2012-3986", "CVE-2010-0160", "CVE-2009-1169", "CVE-2011-2371", "CVE-2009-3379", "CVE-2012-4185", "CVE-2010-3777", "CVE-2012-3991", "CVE-2012-5354", "CVE-2012-4206", "CVE-2009-3071", "CVE-2012-3968", "CVE-2010-1214", "CVE-2012-3963", "CVE-2010-0174", "CVE-2010-0172", "CVE-2009-2535", "CVE-2012-0452", "CVE-2009-1312", "CVE-2012-1956", "CVE-2012-3978", "CVE-2012-3985", "CVE-2011-2995", "CVE-2012-5829", "CVE-2009-1571", "CVE-2008-5505", "CVE-2012-5838", "CVE-2011-2986", "CVE-2010-1205", "CVE-2009-2210", "CVE-2009-2478", "CVE-2008-6961", "CVE-2012-0479", "CVE-2012-0450", "CVE-2012-1940", "CVE-2012-3993", "CVE-2008-5500", "CVE-2012-5836", "CVE-2009-3274", "CVE-2010-1125", "CVE-2009-0772", "CVE-2012-3995", "CVE-2012-4201", "CVE-2010-0159", "CVE-2009-0773", "CVE-2011-3659", "CVE-2011-3663", "CVE-2010-3131", "CVE-2012-0470", "CVE-2012-0446", "CVE-2008-4063", "CVE-2012-3976", "CVE-2012-1972", "CVE-2010-1200", "CVE-2010-0175", "CVE-2010-0170", "CVE-2012-3988", "CVE-2012-0457", "CVE-2010-3778", "CVE-2012-3994", "CVE-2007-2436", "CVE-2012-3962", "CVE-2010-2770", "CVE-2010-3774", "CVE-2012-0459", "CVE-2011-2362", "CVE-2009-1304", "CVE-2010-1213", "CVE-2010-3177", "CVE-2012-5843", "CVE-2009-1835", "CVE-2011-0085", "CVE-2009-0352", "CVE-2009-3984", "CVE-2009-3380", "CVE-2008-5510", "CVE-2011-0080", "CVE-2012-1950", "CVE-2008-5502", "CVE-2009-3981", "CVE-2010-3765", "CVE-2010-0167", "CVE-2009-3373", "CVE-2009-3980", "CVE-2008-4070", "CVE-2012-4183", "CVE-2010-3178", "CVE-2012-1994", "CVE-2011-3661", "CVE-2009-3383", "CVE-2012-4181", "CVE-2011-3652", "CVE-2009-1311", "CVE-2011-1712", "CVE-2008-4067", "CVE-2010-1210", "CVE-2011-2364", "CVE-2009-2469", "CVE-2011-0073", "CVE-2010-1197", "CVE-2010-1207", "CVE-2009-0652", "CVE-2012-4186", "CVE-2012-1948", "CVE-2008-5012", "CVE-2011-2982", "CVE-2012-1938", "CVE-2012-0449", "CVE-2010-3769", "CVE-2012-3969", "CVE-2009-1838", "CVE-2012-1953", "CVE-2008-5013", "CVE-2012-1949", "CVE-2012-0456", "CVE-2011-2372", "CVE-2010-3773", "CVE-2009-1309", "CVE-2011-0079", "CVE-2010-3169", "CVE-2009-2662", "CVE-2012-3970", "CVE-2011-2997", "CVE-2011-0053", "CVE-2009-1832", "CVE-2012-5840", "CVE-2010-3176", "CVE-2012-4191", "CVE-2010-3174", "CVE-2012-1966", "CVE-2010-3768", "CVE-2009-3372", "CVE-2010-2763", "CVE-2011-0066", "CVE-2010-1212", "CVE-2009-1837", "CVE-2010-1206", "CVE-2010-1211", "CVE-2009-2464", "CVE-2011-2990", "CVE-2010-1121", "CVE-2009-0356", "CVE-2011-3389", "CVE-2010-0164", "CVE-2008-3836", "CVE-2010-3167", "CVE-2012-4202", "CVE-2007-2671", "CVE-2011-2984", "CVE-2010-3180", "CVE-2012-3957", "CVE-2011-3660", "CVE-2009-3986", "CVE-2012-1941", "CVE-2009-2408", "CVE-2010-3399", "CVE-2009-2665", "CVE-2008-4066", "CVE-2008-5018", "CVE-2009-3978", "CVE-2012-3984", "CVE-2009-0354", "CVE-2009-3079", "CVE-2011-0056", "CVE-2012-0444", "CVE-2011-3650", "CVE-2010-2753", "CVE-2012-1946", "CVE-2010-3776", "CVE-2010-1215", "CVE-2012-4182", "CVE-2011-2980", "CVE-2012-4187", "CVE-2008-4069", "CVE-2010-0166", "CVE-2011-3647", "CVE-2011-0065", "CVE-2011-0062", "CVE-2008-0016", "CVE-2009-0358", "CVE-2011-3101", "CVE-2010-3168", "CVE-2010-0173", "CVE-2009-1044", "CVE-2008-5513", "CVE-2008-4059", "CVE-2010-2764", "CVE-2011-0081", "CVE-2009-0771", "CVE-2009-1392", "CVE-2008-5504", "CVE-2008-5019", "CVE-2012-1954", "CVE-2009-0774", "CVE-2009-3375", "CVE-2012-0461", "CVE-2011-2376", "CVE-2009-2472", "CVE-2012-3958", "CVE-2009-0071", "CVE-2008-5023", "CVE-2012-0469", "CVE-2010-3171", "CVE-2009-3072", "CVE-2012-3973", "CVE-2008-5822", "CVE-2012-1975", "CVE-2011-0075", "CVE-2012-0464", "CVE-2012-1967", "CVE-2011-3653", "CVE-2010-0648", "CVE-2010-0178", "CVE-2010-3166", "CVE-2010-0177", "CVE-2011-0074", "CVE-2012-3956", "CVE-2010-2769", "CVE-2011-3649", "CVE-2012-3982", "CVE-2009-3555", "CVE-2011-2989", "CVE-2010-1196", "CVE-2008-3837", "CVE-2009-0357", "CVE-2008-5021", "CVE-2008-5017", "CVE-2012-3966", "CVE-2012-5839", "CVE-2011-2378", "CVE-2009-1308", "CVE-2010-3775", "CVE-2009-2467", "CVE-2012-1961", "CVE-2010-5074", "CVE-2011-2996", "CVE-2010-3173", "CVE-2012-4216", "CVE-2008-4062", "CVE-2010-3179", "CVE-2010-0182", "CVE-2012-3967", "CVE-2011-3651", "CVE-2008-4060", "CVE-2010-0181", "CVE-2012-1951", "CVE-2012-0475", "CVE-2012-3965", "CVE-2012-1952", "CVE-2010-1201", "CVE-2011-4688", "CVE-2009-1306", "CVE-2010-1585", "CVE-2009-2479", "CVE-2012-3959", "CVE-2012-0455", "CVE-2009-0777", "CVE-2010-2755", "CVE-2011-0084", "CVE-2011-0051", "CVE-2010-3767", "CVE-2012-1939", "CVE-2009-1834", "CVE-2010-3771", "CVE-2010-0183", "CVE-2012-0474", "CVE-2012-3975", "CVE-2010-2768", "CVE-2008-5014", "CVE-2008-0367", "CVE-2008-4058", "CVE-2011-3002", "CVE-2012-4184", "CVE-2011-0057", "CVE-2012-0447", "CVE-2011-3232", "CVE-2008-5913", "CVE-2007-3073", "CVE-2012-4205", "CVE-2010-2751", "CVE-2009-1836", "CVE-2011-0069", "CVE-2008-5022", "CVE-2008-5512", "CVE-2012-3992", "CVE-2009-3374", "CVE-2008-5501", "CVE-2008-4068", "CVE-2008-5016", "CVE-2011-3004", "CVE-2012-3980", "CVE-2008-5503", "CVE-2011-2374", "CVE-2012-1955", "CVE-2009-1839", "CVE-2012-1960", "CVE-2012-0445", "CVE-2009-3074", "CVE-2012-1965", "CVE-2011-3670", "CVE-2012-0462", "CVE-2010-1028", "CVE-2010-0162", "CVE-2011-2377", "CVE-2009-2463", "CVE-2009-2061", "CVE-2009-3070", "CVE-2012-3977", "CVE-2011-3000", "CVE-2010-2765", "CVE-2009-3069", "CVE-2010-0171", "CVE-2010-2767", "CVE-2009-0353", "CVE-2011-0078", "CVE-2012-3960", "CVE-2010-3175", "CVE-2009-0775", "CVE-2012-0451", "CVE-2011-3655", "CVE-2012-4180", "CVE-2009-2044", "CVE-2010-3182", "CVE-2009-0776", "CVE-2009-3371", "CVE-2009-3377", "CVE-2012-1959", "CVE-2011-2363", "CVE-2009-3075", "CVE-2010-0163", "CVE-2010-1208", "CVE-2011-0070", "CVE-2012-1947", "CVE-2009-1841", "CVE-2010-3170", "CVE-2011-3005", "CVE-2011-0059", "CVE-2012-1971", "CVE-2009-3983", "CVE-2012-4208", "CVE-2009-3987", "CVE-2011-3658", "CVE-2011-2373", "CVE-2008-5511", "CVE-2012-1957", "CVE-2012-1958", "CVE-2011-0054", "CVE-2012-4190", "CVE-2008-4064", "CVE-2012-1976", "CVE-2011-1187", "CVE-2012-5835", "CVE-2010-3183", "CVE-2009-2654", "CVE-2010-1202", "CVE-2012-0468", "CVE-2009-3982", "CVE-2009-3985", "CVE-2009-2065", "CVE-2009-1313", "CVE-2009-3382", "CVE-2008-5508", "CVE-2012-3972", "CVE-2012-4207", "CVE-2011-2988", "CVE-2010-3770", "CVE-2008-4061", "CVE-2010-1199", "CVE-2012-4204", "CVE-2008-0017", "CVE-2009-3988", "CVE-2010-3400", "CVE-2009-1302", "CVE-2011-2985", "CVE-2009-2466", "CVE-2012-4192", "CVE-2011-0058", "CVE-2011-2987", "CVE-2012-4188", "CVE-2012-0441", "CVE-2008-5024", "CVE-2011-0076", "CVE-2007-2437", "CVE-2012-5833", "CVE-2011-2999", "CVE-2012-3964", "CVE-2012-5841", "CVE-2010-0179", "CVE-2010-1209", "CVE-2010-2754", "CVE-2008-5507", "CVE-2009-2471", "CVE-2012-3990", "CVE-2011-2375", "CVE-2010-1198", "CVE-2008-4065", "CVE-2009-1840", "CVE-2011-3665", "CVE-2009-3381", "CVE-2011-0067", "CVE-2010-2760", "CVE-2012-1937", "CVE-2012-4215", "CVE-2009-2043", "CVE-2009-1307", "CVE-2009-2664", "CVE-2012-0463", "CVE-2010-4508", "CVE-2009-1310", "CVE-2009-3077", "CVE-2011-3003", "CVE-2011-2991", "CVE-2008-5015", "CVE-2011-0082", "CVE-2011-2983", "CVE-2012-4179", "CVE-2008-4582", "CVE-2011-3001", "CVE-2012-1964", "CVE-2009-2462", "CVE-2009-3378", "CVE-2011-3062", "CVE-2009-1303", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-4194", "CVE-2011-2365", "CVE-2012-4209", "CVE-2012-1963", "CVE-2012-4196", "CVE-2008-5506", "CVE-2009-2404", "CVE-2009-2465", "CVE-2012-0467", "CVE-2011-2981", "CVE-2012-0458", "CVE-2010-0169", "CVE-2010-2752", "CVE-2009-3078", "CVE-2012-0471", "CVE-2012-3961", "CVE-2010-3766", "CVE-2012-3971", "CVE-2008-5052", "CVE-2011-0055", "CVE-2009-1828", "CVE-2011-0072"], "lastseen": "2016-09-06T19:46:13"}]}}
