Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:24290
[Rus]
Version
2
Class
patch
ALTXid
157767
Language
English
Severity
NotAvailable
Title
SUSE-SA:2007:057 -- SUSE Security Announcement: MozillaFirefox,mozilla,seamonkey
Description
Various problems were identified and fixed in the Mozilla family of browsers.
Family
unix
Platform
openSUSE 10.2
openSUSE 10.3
Product
seamonkey
Reference
VENDOR: SUSE-SA:2007:057
VENDOR: SUSE-SA:2007:057
Id:
SUSE-SA:2007:057
Reference:
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00007.html
CVE: CVE-2006-2894
CVE: CVE-2006-2894
Id:
CVE-2006-2894
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2894
Comment
: Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
CVSSv2 Score:
4
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:N
CWE:
20 (Improper Input Validation)
References:
20070211 Firefox focus stealing vulnerability (possibly other browsers) (BUGTRAQ)
20070212 Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers) (BUGTRAQ)
HPSBUX02153 (HP)
http://lcamtuf.coredump.cx/focusbug/ (MISC)
20060605 file upload widgets in IE and Firefox have issues (FULLDISC)
20070211 Firefox focus stealing vulnerability (possibly other browsers) (FULLDISC)
20442 (SECUNIA)
20467 (SECUNIA)
20470 (SECUNIA)
20472 (SECUNIA)
21532 (SECUNIA)
27298 (SECUNIA)
27335 (SECUNIA)
27383 (SECUNIA)
27387 (SECUNIA)
27403 (SECUNIA)
27414 (SECUNIA)
1059 (SREASON)
1018837 (SECTRACK)
201516 (SUNALERT)
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html (CONFIRM)
http://www.gnucitizen.org/blog/browser-focus-rip (MISC)
MDKSA-2007:202 (MANDRIVA)
MDKSA-2006:143 (MANDRIVA)
MDKSA-2006:145 (MANDRIVA)
http://www.mozilla.org/security/announce/2007/mfsa2007-32.html (CONFIRM)
SUSE-SA:2007:057 (SUSE)
20071026 rPSA-2007-0225-1 firefox (BUGTRAQ)
20071029 FLEA-2007-0062-1 firefox (BUGTRAQ)
20071029 rPSA-2007-0225-2 firefox thunderbird (BUGTRAQ)
18308 (BID)
http://www.thanhngan.org/fflinuxversion.html (MISC)
USN-536-1 (UBUNTU)
ADV-2006-2160 (VUPEN)
ADV-2006-2162 (VUPEN)
ADV-2006-2163 (VUPEN)
ADV-2006-2164 (VUPEN)
ADV-2007-3544 (VUPEN)
ADV-2008-0083 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=290478 (MISC)
https://bugzilla.mozilla.org/show_bug.cgi?id=370092 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=56236 (MISC)
https://issues.rpath.com/browse/RPL-1858 (CONFIRM)
USN-535-1 (UBUNTU)
FEDORA-2007-2664 (FEDORA)
CVE: CVE-2006-4965
CVE: CVE-2006-4965
Id:
CVE-2006-4965
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4965
Comment
: Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE:
94 (Improper Control of Generation of Code ('Code Injection'))
References:
http://docs.info.apple.com/article.html?artnum=305149 (CONFIRM)
APPLE-SA-2007-03-05 (APPLE)
22048 (SECUNIA)
27414 (SECUNIA)
1631 (SREASON)
http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox (MISC)
http://www.gnucitizen.org/blog/backdooring-mp3-files/ (MISC)
http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up (MISC)
VU#751808 (CERT-VN)
20060920 Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting) (BUGTRAQ)
20061207 New MySpace worm could be on its way (BUGTRAQ)
20070912 0DAY: QuickTime pwns Firefox (BUGTRAQ)
20138 (BID)
1018687 (SECTRACK)
ADV-2007-3155 (VUPEN)
CVE: CVE-2007-1095
CVE: CVE-2007-1095
Id:
CVE-2007-1095
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1095
Comment
: Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
HPSBUX02153 (HP)
http://lcamtuf.coredump.cx/ietrap/ff/ (MISC)
20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too) (FULLDISC)
33809 (OSVDB)
27276 (SECUNIA)
27298 (SECUNIA)
27311 (SECUNIA)
27315 (SECUNIA)
27325 (SECUNIA)
27327 (SECUNIA)
27335 (SECUNIA)
27336 (SECUNIA)
27356 (SECUNIA)
27360 (SECUNIA)
27383 (SECUNIA)
27387 (SECUNIA)
27403 (SECUNIA)
27414 (SECUNIA)
27425 (SECUNIA)
27480 (SECUNIA)
27665 (SECUNIA)
27680 (SECUNIA)
28398 (SECUNIA)
2310 (SREASON)
1018837 (SECTRACK)
201516 (SUNALERT)
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html (CONFIRM)
DSA-1392 (DEBIAN)
DSA-1396 (DEBIAN)
DSA-1401 (DEBIAN)
GLSA-200711-14 (GENTOO)
MDKSA-2007:202 (MANDRIVA)
http://www.mozilla.org/security/announce/2007/mfsa2007-30.html (CONFIRM)
SUSE-SA:2007:057 (SUSE)
RHSA-2007:0979 (REDHAT)
RHSA-2007:0980 (REDHAT)
RHSA-2007:0981 (REDHAT)
20070223 Firefox: onUnload tailgating (MSIE7 entrapment bug variant) (BUGTRAQ)
20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too) (BUGTRAQ)
20071026 rPSA-2007-0225-1 firefox (BUGTRAQ)
20071029 FLEA-2007-0062-1 firefox (BUGTRAQ)
20071029 rPSA-2007-0225-2 firefox thunderbird (BUGTRAQ)
22688 (BID)
USN-536-1 (UBUNTU)
ADV-2007-3544 (VUPEN)
ADV-2007-3587 (VUPEN)
ADV-2008-0083 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=371360 (MISC)
ie-mozilla-onunload-dos(32647) (XF)
ie-mozilla-onunload-url-spoofing(32649) (XF)
https://issues.rpath.com/browse/RPL-1858 (CONFIRM)
oval:org.mitre.oval:def:11665 (OVAL)
USN-535-1 (UBUNTU)
FEDORA-2007-3431 (FEDORA)
FEDORA-2007-2601 (FEDORA)
FEDORA-2007-2664 (FEDORA)
CVE: CVE-2007-2292
CVE: CVE-2007-2292
Id:
CVE-2007-2292
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2292
Comment
: CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
20 (Improper Input Validation)
References:
http://www.wisec.it/vulns.php?id=11 (MISC)
23668 (BID)
1017968 (SECTRACK)
https://bugzilla.mozilla.org/show_bug.cgi?id=378787 (MISC)
http://www.mozilla.org/security/announce/2007/mfsa2007-31.html (CONFIRM)
https://issues.rpath.com/browse/RPL-1858 (CONFIRM)
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html (CONFIRM)
DSA-1396 (DEBIAN)
DSA-1401 (DEBIAN)
DSA-1392 (DEBIAN)
FEDORA-2007-2601 (FEDORA)
FEDORA-2007-2664 (FEDORA)
GLSA-200711-14 (GENTOO)
MDKSA-2007:202 (MANDRIVA)
RHSA-2007:0979 (REDHAT)
RHSA-2007:0980 (REDHAT)
RHSA-2007:0981 (REDHAT)
SUSE-SA:2007:057 (SUSE)
USN-536-1 (UBUNTU)
27276 (SECUNIA)
27325 (SECUNIA)
27327 (SECUNIA)
27335 (SECUNIA)
27356 (SECUNIA)
27383 (SECUNIA)
27425 (SECUNIA)
27403 (SECUNIA)
27480 (SECUNIA)
27387 (SECUNIA)
27298 (SECUNIA)
27311 (SECUNIA)
27315 (SECUNIA)
27336 (SECUNIA)
27665 (SECUNIA)
27414 (SECUNIA)
2654 (SREASON)
FEDORA-2007-3431 (FEDORA)
27680 (SECUNIA)
27360 (SECUNIA)
28398 (SECUNIA)
201516 (SUNALERT)
HPSBUX02153 (HP)
ADV-2007-3544 (VUPEN)
ADV-2007-3587 (VUPEN)
ADV-2008-0083 (VUPEN)
firefox-lf-response-splitting(33981) (XF)
oval:org.mitre.oval:def:10195 (OVAL)
USN-535-1 (UBUNTU)
20071029 rPSA-2007-0225-2 firefox thunderbird (BUGTRAQ)
20071029 FLEA-2007-0062-1 firefox (BUGTRAQ)
20071026 rPSA-2007-0225-1 firefox (BUGTRAQ)
20070425 IE 7 and Firefox Browsers Digest Authentication Request Splitting (BUGTRAQ)
CVE: CVE-2007-3511
CVE: CVE-2007-3511
Id:
CVE-2007-3511
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3511
Comment
: The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
20070630 New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities (FULLDISC)
http://yathong.googlepages.com/FirefoxFocusBug.html (MISC)
25904 (SECUNIA)
http://www.mozilla.org/security/announce/2007/mfsa2007-32.html (CONFIRM)
https://issues.rpath.com/browse/RPL-1858 (CONFIRM)
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html (CONFIRM)
DSA-1396 (DEBIAN)
DSA-1401 (DEBIAN)
DSA-1392 (DEBIAN)
FEDORA-2007-2601 (FEDORA)
FEDORA-2007-2664 (FEDORA)
MDKSA-2007:202 (MANDRIVA)
RHSA-2007:0979 (REDHAT)
RHSA-2007:0980 (REDHAT)
RHSA-2007:0981 (REDHAT)
SUSE-SA:2007:057 (SUSE)
USN-536-1 (UBUNTU)
24725 (BID)
1018837 (SECTRACK)
27276 (SECUNIA)
27325 (SECUNIA)
27327 (SECUNIA)
27335 (SECUNIA)
27356 (SECUNIA)
27383 (SECUNIA)
27425 (SECUNIA)
27403 (SECUNIA)
27480 (SECUNIA)
27387 (SECUNIA)
27298 (SECUNIA)
27336 (SECUNIA)
27414 (SECUNIA)
FEDORA-2007-3431 (FEDORA)
27680 (SECUNIA)
201516 (SUNALERT)
HPSBUX02153 (HP)
ADV-2008-0083 (VUPEN)
ADV-2007-3544 (VUPEN)
ADV-2007-3587 (VUPEN)
20070630 Re: New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities (FULLDISC)
37994 (OSVDB)
firefox-focus-security-bypass(35299) (XF)
oval:org.mitre.oval:def:9763 (OVAL)
USN-535-1 (UBUNTU)
20071029 rPSA-2007-0225-2 firefox thunderbird (BUGTRAQ)
20071029 FLEA-2007-0062-1 firefox (BUGTRAQ)
20071026 rPSA-2007-0225-1 firefox (BUGTRAQ)
http://sla.ckers.org/forum/read.php?3%2C13142 ()
CVE: CVE-2007-3844
CVE: CVE-2007-3844
Id:
CVE-2007-3844
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3844
Comment
: Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
CWE-Other ()
References:
http://bugzilla.mozilla.org/show_bug.cgi?id=388121 (CONFIRM)
HPSBUX02153 (HP)
HPSBUX02156 (HP)
26234 (SECUNIA)
26258 (SECUNIA)
26288 (SECUNIA)
26303 (SECUNIA)
26309 (SECUNIA)
26331 (SECUNIA)
26335 (SECUNIA)
26393 (SECUNIA)
26460 (SECUNIA)
26572 (SECUNIA)
27276 (SECUNIA)
27298 (SECUNIA)
27325 (SECUNIA)
27326 (SECUNIA)
27327 (SECUNIA)
27356 (SECUNIA)
27414 (SECUNIA)
27680 (SECUNIA)
28135 (SECUNIA)
28363 (SECUNIA)
1018479 (SECTRACK)
1018480 (SECTRACK)
1018481 (SECTRACK)
SSA:2007-213-01 (SLACKWARE)
103177 (SUNALERT)
201516 (SUNALERT)
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html (CONFIRM)
DSA-1344 (DEBIAN)
DSA-1345 (DEBIAN)
DSA-1346 (DEBIAN)
DSA-1391 (DEBIAN)
GLSA-200708-09 (GENTOO)
MDKSA-2007:152 (MANDRIVA)
MDVSA-2007:047 (MANDRIVA)
MDVSA-2008:047 (MANDRIVA)
http://www.mozilla.org/security/announce/2007/mfsa2007-26.html (CONFIRM)
SUSE-SA:2007:057 (SUSE)
RHSA-2007:0979 (REDHAT)
RHSA-2007:0980 (REDHAT)
RHSA-2007:0981 (REDHAT)
20070801 FLEA-2007-0039-1 firefox (BUGTRAQ)
20070803 FLEA-2007-0040-1 thunderbird (BUGTRAQ)
25142 (BID)
USN-493-1 (UBUNTU)
USN-503-1 (UBUNTU)
ADV-2007-3587 (VUPEN)
ADV-2007-4256 (VUPEN)
ADV-2008-0082 (VUPEN)
https://issues.rpath.com/browse/RPL-1600 (CONFIRM)
oval:org.mitre.oval:def:9493 (OVAL)
FEDORA-2007-3431 (FEDORA)
FEDORA-2007-2601 (FEDORA)
CVE: CVE-2007-3845
CVE: CVE-2007-3845
Id:
CVE-2007-3845
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3845
Comment
: Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
References:
http://bugzilla.mozilla.org/show_bug.cgi?id=389580 (CONFIRM)
http://www.mozilla.org/security/announce/2007/mfsa2007-27.html (CONFIRM)
https://issues.rpath.com/browse/RPL-1600 (CONFIRM)
DSA-1344 (DEBIAN)
DSA-1345 (DEBIAN)
DSA-1346 (DEBIAN)
DSA-1391 (DEBIAN)
MDKSA-2007:152 (MANDRIVA)
SSA:2007-213-01 (SLACKWARE)
USN-493-1 (UBUNTU)
USN-503-1 (UBUNTU)
26234 (SECUNIA)
26258 (SECUNIA)
26309 (SECUNIA)
26331 (SECUNIA)
26335 (SECUNIA)
26303 (SECUNIA)
26393 (SECUNIA)
26572 (SECUNIA)
27326 (SECUNIA)
27414 (SECUNIA)
103177 (SUNALERT)
28135 (SECUNIA)
https://bugzilla.mozilla.org/show_bug.cgi?id=389106 (CONFIRM)
MDVSA-2007:047 (MANDRIVA)
25053 (BID)
MDVSA-2008:047 (MANDRIVA)
201516 (SUNALERT)
ADV-2007-4256 (VUPEN)
HPSBUX02156 (HP)
HPSBUX02153 (HP)
ADV-2008-0082 (VUPEN)
20070803 FLEA-2007-0040-1 thunderbird (BUGTRAQ)
20070801 FLEA-2007-0039-1 firefox (BUGTRAQ)
CVE: CVE-2007-4841
CVE: CVE-2007-4841
Id:
CVE-2007-4841
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4841
Comment
: Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
20 (Improper Input Validation)
References:
SSRT061181 (HP)
HPSBUX02156 (HP)
27311 (SECUNIA)
27315 (SECUNIA)
27360 (SECUNIA)
27414 (SECUNIA)
27744 (SECUNIA)
28363 (SECUNIA)
28398 (SECUNIA)
SSA:2007-324-01 (SLACKWARE)
MDKSA-2007:202 (MANDRIVA)
http://www.mozilla.org/security/announce/2007/mfsa2007-36.html (CONFIRM)
25543 (BID)
ADV-2007-3544 (VUPEN)
ADV-2008-0082 (VUPEN)
ADV-2008-0083 (VUPEN)
http://xs-sniper.com/blog/2007/09/01/firefox-file-handling-woes/ (MISC)
CVE: CVE-2007-5334
CVE: CVE-2007-5334
Id:
CVE-2007-5334
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5334
Comment
: Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
16 (Configuration)
References:
HPSBUX02153 (HP)
27276 (SECUNIA)
27298 (SECUNIA)
27311 (SECUNIA)
27315 (SECUNIA)
27325 (SECUNIA)
27327 (SECUNIA)
27335 (SECUNIA)
27336 (SECUNIA)
27356 (SECUNIA)
27360 (SECUNIA)
27383 (SECUNIA)
27387 (SECUNIA)
27403 (SECUNIA)
27414 (SECUNIA)
27425 (SECUNIA)
27480 (SECUNIA)
27665 (SECUNIA)
27680 (SECUNIA)
28398 (SECUNIA)
1018837 (SECTRACK)
201516 (SUNALERT)
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html (CONFIRM)
DSA-1392 (DEBIAN)
DSA-1396 (DEBIAN)
DSA-1401 (DEBIAN)
GLSA-200711-14 (GENTOO)
VU#349217 (CERT-VN)
MDKSA-2007:202 (MANDRIVA)
http://www.mozilla.org/security/announce/2007/mfsa2007-33.html (CONFIRM)
SUSE-SA:2007:057 (SUSE)
RHSA-2007:0979 (REDHAT)
RHSA-2007:0980 (REDHAT)
RHSA-2007:0981 (REDHAT)
20071026 rPSA-2007-0225-1 firefox (BUGTRAQ)
20071029 FLEA-2007-0062-1 firefox (BUGTRAQ)
20071029 rPSA-2007-0225-2 firefox thunderbird (BUGTRAQ)
26132 (BID)
USN-536-1 (UBUNTU)
ADV-2007-3544 (VUPEN)
ADV-2007-3587 (VUPEN)
ADV-2008-0083 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=391043 (MISC)
mozilla-xul-page-spoofing(37286) (XF)
https://issues.rpath.com/browse/RPL-1858 (CONFIRM)
oval:org.mitre.oval:def:11482 (OVAL)
USN-535-1 (UBUNTU)
FEDORA-2007-3431 (FEDORA)
FEDORA-2007-2601 (FEDORA)
FEDORA-2007-2664 (FEDORA)
CVE: CVE-2007-5337
CVE: CVE-2007-5337
Id:
CVE-2007-5337
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5337
Comment
: Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
HPSBUX02153 (HP)
27276 (SECUNIA)
27298 (SECUNIA)
27325 (SECUNIA)
27327 (SECUNIA)
27335 (SECUNIA)
27336 (SECUNIA)
27356 (SECUNIA)
27360 (SECUNIA)
27383 (SECUNIA)
27387 (SECUNIA)
27403 (SECUNIA)
27414 (SECUNIA)
27425 (SECUNIA)
27480 (SECUNIA)
27665 (SECUNIA)
27680 (SECUNIA)
28398 (SECUNIA)
1018837 (SECTRACK)
201516 (SUNALERT)
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html (CONFIRM)
DSA-1392 (DEBIAN)
DSA-1396 (DEBIAN)
DSA-1401 (DEBIAN)
GLSA-200711-14 (GENTOO)
MDKSA-2007:202 (MANDRIVA)
http://www.mozilla.org/security/announce/2007/mfsa2007-34.html (CONFIRM)
SUSE-SA:2007:057 (SUSE)
RHSA-2007:0979 (REDHAT)
RHSA-2007:0980 (REDHAT)
RHSA-2007:0981 (REDHAT)
20071026 rPSA-2007-0225-1 firefox (BUGTRAQ)
20071029 FLEA-2007-0062-1 firefox (BUGTRAQ)
20071029 rPSA-2007-0225-2 firefox thunderbird (BUGTRAQ)
26132 (BID)
USN-536-1 (UBUNTU)
ADV-2007-3544 (VUPEN)
ADV-2007-3587 (VUPEN)
ADV-2008-0083 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=381146 (MISC)
mozilla-sftp-file-access(37287) (XF)
https://issues.rpath.com/browse/RPL-1858 (CONFIRM)
oval:org.mitre.oval:def:11443 (OVAL)
USN-535-1 (UBUNTU)
FEDORA-2007-3431 (FEDORA)
FEDORA-2007-2601 (FEDORA)
FEDORA-2007-2664 (FEDORA)
CVE: CVE-2007-5338
CVE: CVE-2007-5338
Id:
CVE-2007-5338
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5338
Comment
: Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
HPSBUX02153 (HP)
27276 (SECUNIA)
27298 (SECUNIA)
27311 (SECUNIA)
27315 (SECUNIA)
27325 (SECUNIA)
27327 (SECUNIA)
27335 (SECUNIA)
27336 (SECUNIA)
27356 (SECUNIA)
27360 (SECUNIA)
27383 (SECUNIA)
27387 (SECUNIA)
27403 (SECUNIA)
27414 (SECUNIA)
27425 (SECUNIA)
27480 (SECUNIA)
27665 (SECUNIA)
27680 (SECUNIA)
28398 (SECUNIA)
1018836 (SECTRACK)
201516 (SUNALERT)
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html (CONFIRM)
DSA-1392 (DEBIAN)
DSA-1396 (DEBIAN)
DSA-1401 (DEBIAN)
GLSA-200711-14 (GENTOO)
MDKSA-2007:202 (MANDRIVA)
http://www.mozilla.org/security/announce/2007/mfsa2007-35.html (CONFIRM)
SUSE-SA:2007:057 (SUSE)
RHSA-2007:0979 (REDHAT)
RHSA-2007:0980 (REDHAT)
RHSA-2007:0981 (REDHAT)
20071026 rPSA-2007-0225-1 firefox (BUGTRAQ)
20071029 FLEA-2007-0062-1 firefox (BUGTRAQ)
20071029 rPSA-2007-0225-2 firefox thunderbird (BUGTRAQ)
26132 (BID)
USN-536-1 (UBUNTU)
ADV-2007-3544 (VUPEN)
ADV-2007-3587 (VUPEN)
ADV-2008-0083 (VUPEN)
mozilla-xpcnativewrapper-code-execution(37288) (XF)
https://issues.rpath.com/browse/RPL-1858 (CONFIRM)
oval:org.mitre.oval:def:10965 (OVAL)
USN-535-1 (UBUNTU)
FEDORA-2007-3431 (FEDORA)
FEDORA-2007-2601 (FEDORA)
FEDORA-2007-2664 (FEDORA)
CVE: CVE-2007-5339
CVE: CVE-2007-5339
Id:
CVE-2007-5339
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5339
Comment
: Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption or assert errors.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE:
20 (Improper Input Validation)
References:
http://www.mozilla.org/security/announce/2007/mfsa2007-29.html (CONFIRM)
https://issues.rpath.com/browse/RPL-1858 (CONFIRM)
https://issues.rpath.com/browse/RPL-1884 (CONFIRM)
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html (CONFIRM)
http://bugs.gentoo.org/show_bug.cgi?id=196481 (CONFIRM)
DSA-1396 (DEBIAN)
DSA-1401 (DEBIAN)
DSA-1391 (DEBIAN)
DSA-1392 (DEBIAN)
FEDORA-2007-2601 (FEDORA)
FEDORA-2007-2664 (FEDORA)
GLSA-200711-14 (GENTOO)
GLSA-200711-24 (GENTOO)
MDKSA-2007:202 (MANDRIVA)
RHSA-2007:0979 (REDHAT)
RHSA-2007:0980 (REDHAT)
RHSA-2007:0981 (REDHAT)
SUSE-SA:2007:057 (SUSE)
USN-536-1 (UBUNTU)
VU#559977 (CERT-VN)
26132 (BID)
1018834 (SECTRACK)
1018835 (SECTRACK)
27276 (SECUNIA)
27325 (SECUNIA)
27327 (SECUNIA)
27335 (SECUNIA)
27356 (SECUNIA)
27383 (SECUNIA)
27425 (SECUNIA)
27403 (SECUNIA)
27480 (SECUNIA)
27387 (SECUNIA)
27298 (SECUNIA)
27311 (SECUNIA)
27313 (SECUNIA)
27315 (SECUNIA)
27326 (SECUNIA)
27336 (SECUNIA)
27665 (SECUNIA)
27704 (SECUNIA)
27414 (SECUNIA)
FEDORA-2007-3431 (FEDORA)
27680 (SECUNIA)
28179 (SECUNIA)
27360 (SECUNIA)
28363 (SECUNIA)
28398 (SECUNIA)
SUSE-SR:2008:002 (SUSE)
28636 (SECUNIA)
SSA:2007-324-01 (SLACKWARE)
27744 (SECUNIA)
MDVSA-2007:047 (MANDRIVA)
231441 (SUNALERT)
MDVSA-2008:047 (MANDRIVA)
201516 (SUNALERT)
1018977 (SUNALERT)
ADV-2007-4272 (VUPEN)
ADV-2007-3544 (VUPEN)
ADV-2008-0082 (VUPEN)
ADV-2007-3587 (VUPEN)
HPSBUX02156 (HP)
ADV-2008-0083 (VUPEN)
HPSBUX02153 (HP)
ADV-2008-0643 (VUPEN)
ADV-2007-3545 (VUPEN)
mozilla-multiple-browser-code-execution(37281) (XF)
oval:org.mitre.oval:def:10459 (OVAL)
USN-535-1 (UBUNTU)
20071029 rPSA-2007-0225-2 firefox thunderbird (BUGTRAQ)
20071029 FLEA-2007-0062-1 firefox (BUGTRAQ)
20071026 rPSA-2007-0225-1 firefox (BUGTRAQ)
https://bugzilla.mozilla.org/buglist.cgi?bug_id=309322%2C330563%2C341858%2C344064%2C348126%2C354645%2C361745%2C362901%2C378670%2C378682%2C379799%2C382376%2C384105%2C386382%2C386914%2C387033%2C387460%2C387844%2C391974%2C392285%2C393770%2C394014%2C394418 (MISC)
CVE: CVE-2007-5340
CVE: CVE-2007-5340
Id:
CVE-2007-5340
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5340
Comment
: Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE:
20 (Improper Input Validation)
References:
http://www.mozilla.org/security/announce/2007/mfsa2007-29.html (CONFIRM)
https://issues.rpath.com/browse/RPL-1858 (CONFIRM)
https://issues.rpath.com/browse/RPL-1884 (CONFIRM)
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html (CONFIRM)
http://bugs.gentoo.org/show_bug.cgi?id=196481 (CONFIRM)
DSA-1396 (DEBIAN)
DSA-1401 (DEBIAN)
DSA-1391 (DEBIAN)
DSA-1392 (DEBIAN)
FEDORA-2007-2601 (FEDORA)
FEDORA-2007-2664 (FEDORA)
GLSA-200711-14 (GENTOO)
GLSA-200711-24 (GENTOO)
MDKSA-2007:202 (MANDRIVA)
RHSA-2007:0979 (REDHAT)
RHSA-2007:0980 (REDHAT)
RHSA-2007:0981 (REDHAT)
SUSE-SA:2007:057 (SUSE)
USN-536-1 (UBUNTU)
VU#755513 (CERT-VN)
26132 (BID)
1018834 (SECTRACK)
1018835 (SECTRACK)
27276 (SECUNIA)
27325 (SECUNIA)
27327 (SECUNIA)
27335 (SECUNIA)
27356 (SECUNIA)
27383 (SECUNIA)
27425 (SECUNIA)
27403 (SECUNIA)
27480 (SECUNIA)
27387 (SECUNIA)
27298 (SECUNIA)
27311 (SECUNIA)
27313 (SECUNIA)
27315 (SECUNIA)
27326 (SECUNIA)
27336 (SECUNIA)
27665 (SECUNIA)
27704 (SECUNIA)
27414 (SECUNIA)
FEDORA-2007-3431 (FEDORA)
27680 (SECUNIA)
28179 (SECUNIA)
27360 (SECUNIA)
28363 (SECUNIA)
28398 (SECUNIA)
SUSE-SR:2008:002 (SUSE)
28636 (SECUNIA)
MDVSA-2007:047 (MANDRIVA)
231441 (SUNALERT)
MDVSA-2008:047 (MANDRIVA)
201516 (SUNALERT)
1018977 (SUNALERT)
ADV-2007-4272 (VUPEN)
ADV-2007-3544 (VUPEN)
ADV-2008-0082 (VUPEN)
ADV-2007-3587 (VUPEN)
HPSBUX02156 (HP)
ADV-2008-0083 (VUPEN)
HPSBUX02153 (HP)
ADV-2008-0643 (VUPEN)
ADV-2007-3545 (VUPEN)
mozilla-multiple-java-code-execution(37282) (XF)
oval:org.mitre.oval:def:9622 (OVAL)
USN-535-1 (UBUNTU)
20071029 rPSA-2007-0225-2 firefox thunderbird (BUGTRAQ)
20071029 FLEA-2007-0062-1 firefox (BUGTRAQ)
20071026 rPSA-2007-0225-1 firefox (BUGTRAQ)
https://bugzilla.mozilla.org/buglist.cgi?bug_id=372309%2C387955%2C390078%2C393537 (MISC)
Content available only for registered users!
ovaldb@altx-soft.com