Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux SE 1.5
Astra Linux SE 1.6
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:13939
[Rus]
Version
9
Class
patch
ALTXid
27914
Language
English
Severity
NotAvailable
Title
USN-779-1 -- firefox-3.0, xulrunner-1.9 vulnerabilities
Description
Several flaws were discovered in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Pavel Cvrcek discovered that Firefox would sometimes display certain invalid Unicode characters as whitespace. An attacker could exploit this to spoof the location bar, such as in a phishing attack. Gregory Fleischer, Adam Barth and Collin Jackson discovered that Firefox would allow access to local files from resources loaded via the file: protocol. If a user were tricked into downloading then opening a malicious file, an attacker could steal potentially sensitive information. Shuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang discovered that Firefox did not properly handle error responses when connecting to a proxy server. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Wladimir Palant discovered Firefox did not check content-loading policies when loading external script files into XUL documents. As a result, Firefox might load malicious content under certain circumstances. It was discovered that Firefox could be made to run scripts with elevated privileges. If a user were tricked into viewing a malicious website, an attacker could cause a chrome privileged object, such as the browser sidebar, to run arbitrary code via interactions with the attacker controlled website
Family
unix
Platform
Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.04
Product
firefox-3.0
xulrunner-1.9
Reference
VENDOR: USN-779-1
VENDOR: USN-779-1
Id:
USN-779-1
Reference:
https://usn.ubuntu.com/usn/usn-779-1
CVE: CVE-2009-1841
CVE: CVE-2009-1841
Id:
CVE-2009-1841
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1841
Comment
: js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
94 (Improper Control of Generation of Code ('Code Injection'))
References:
55159 (OSVDB)
RHSA-2009:1096 (REDHAT)
35331 (SECUNIA)
35415 (SECUNIA)
35428 (SECUNIA)
35431 (SECUNIA)
35439 (SECUNIA)
35440 (SECUNIA)
35468 (SECUNIA)
35536 (SECUNIA)
35561 (SECUNIA)
35602 (SECUNIA)
35882 (SECUNIA)
SSA:2009-167-01 (SLACKWARE)
SSA:2009-176-01 (SLACKWARE)
264308 (SUNALERT)
DSA-1820 (DEBIAN)
DSA-1830 (DEBIAN)
MDVSA-2009:141 (MANDRIVA)
http://www.mozilla.org/security/announce/2009/mfsa2009-32.html (CONFIRM)
35326 (BID)
35373 (BID)
1022397 (SECTRACK)
SSA:2009-178-01 (SLACKWARE)
USN-782-1 (UBUNTU)
ADV-2009-1572 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=479560 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=503583 (CONFIRM)
oval:org.mitre.oval:def:9815 (OVAL)
RHSA-2009:1095 (REDHAT)
FEDORA-2009-7567 (FEDORA)
FEDORA-2009-7614 (FEDORA)
FEDORA-2009-6366 (FEDORA)
FEDORA-2009-6411 (FEDORA)
CVE: CVE-2009-1840
CVE: CVE-2009-1840
Id:
CVE-2009-1840
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1840
Comment
: Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
55158 (OSVDB)
35331 (SECUNIA)
35415 (SECUNIA)
35431 (SECUNIA)
35439 (SECUNIA)
35440 (SECUNIA)
35468 (SECUNIA)
SSA:2009-167-01 (SLACKWARE)
264308 (SUNALERT)
DSA-1820 (DEBIAN)
MDVSA-2009:141 (MANDRIVA)
http://www.mozilla.org/security/announce/2009/mfsa2009-31.html (CONFIRM)
35326 (BID)
1022379 (SECTRACK)
ADV-2009-1572 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=477979 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=503582 (CONFIRM)
firefox-xul-security-bypass(51076) (XF)
oval:org.mitre.oval:def:9448 (OVAL)
RHSA-2009:1095 (REDHAT)
FEDORA-2009-6366 (FEDORA)
FEDORA-2009-6411 (FEDORA)
CVE: CVE-2009-1836
CVE: CVE-2009-1836
Id:
CVE-2009-1836
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1836
Comment
: Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
287 (Improper Authentication)
References:
55160 (OSVDB)
http://research.microsoft.com/apps/pubs/default.aspx?id=79323 (MISC)
http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf (MISC)
35331 (SECUNIA)
35415 (SECUNIA)
35431 (SECUNIA)
35439 (SECUNIA)
35440 (SECUNIA)
35468 (SECUNIA)
35536 (SECUNIA)
35561 (SECUNIA)
35602 (SECUNIA)
35882 (SECUNIA)
SSA:2009-167-01 (SLACKWARE)
SSA:2009-176-01 (SLACKWARE)
264308 (SUNALERT)
DSA-1820 (DEBIAN)
DSA-1830 (DEBIAN)
MDVSA-2009:141 (MANDRIVA)
http://www.mozilla.org/security/announce/2009/mfsa2009-27.html (CONFIRM)
RHSA-2009:1126 (REDHAT)
35326 (BID)
35380 (BID)
1022396 (SECTRACK)
SSA:2009-178-01 (SLACKWARE)
USN-782-1 (UBUNTU)
ADV-2009-1572 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=479880 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=503578 (CONFIRM)
oval:org.mitre.oval:def:11764 (OVAL)
RHSA-2009:1095 (REDHAT)
FEDORA-2009-7567 (FEDORA)
FEDORA-2009-7614 (FEDORA)
FEDORA-2009-6366 (FEDORA)
FEDORA-2009-6411 (FEDORA)
CVE: CVE-2009-1839
CVE: CVE-2009-1839
Id:
CVE-2009-1839
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1839
Comment
: Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack.
CVSSv2 Score:
5.4
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:C/I:N/A:N
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
55163 (OSVDB)
35331 (SECUNIA)
35415 (SECUNIA)
35431 (SECUNIA)
35468 (SECUNIA)
SSA:2009-167-01 (SLACKWARE)
264308 (SUNALERT)
DSA-1820 (DEBIAN)
http://www.mozilla.org/security/announce/2009/mfsa2009-30.html (CONFIRM)
35326 (BID)
35386 (BID)
ADV-2009-1572 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=479943 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=503581 (CONFIRM)
oval:org.mitre.oval:def:9256 (OVAL)
RHSA-2009:1095 (REDHAT)
FEDORA-2009-6366 (FEDORA)
FEDORA-2009-6411 (FEDORA)
CVE: CVE-2009-1835
CVE: CVE-2009-1835
Id:
CVE-2009-1835
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1835
Comment
: Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
55161 (OSVDB)
RHSA-2009:1096 (REDHAT)
35331 (SECUNIA)
35415 (SECUNIA)
35428 (SECUNIA)
35431 (SECUNIA)
35439 (SECUNIA)
35468 (SECUNIA)
35561 (SECUNIA)
35882 (SECUNIA)
SSA:2009-167-01 (SLACKWARE)
SSA:2009-176-01 (SLACKWARE)
265068 (SUNALERT)
1020800 (SUNALERT)
DSA-1820 (DEBIAN)
http://www.mozilla.org/security/announce/2009/mfsa2009-26.html (CONFIRM)
35326 (BID)
35391 (BID)
ADV-2009-1572 (VUPEN)
ADV-2009-2152 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=491801 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=503576 (CONFIRM)
oval:org.mitre.oval:def:9803 (OVAL)
RHSA-2009:1095 (REDHAT)
FEDORA-2009-7567 (FEDORA)
FEDORA-2009-7614 (FEDORA)
FEDORA-2009-6366 (FEDORA)
FEDORA-2009-6411 (FEDORA)
CVE: CVE-2009-1834
CVE: CVE-2009-1834
Id:
CVE-2009-1834
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1834
Comment
: Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115E characters.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
20 (Improper Input Validation)
References:
55162 (OSVDB)
35331 (SECUNIA)
35415 (SECUNIA)
35431 (SECUNIA)
35439 (SECUNIA)
35468 (SECUNIA)
SSA:2009-167-01 (SLACKWARE)
264308 (SUNALERT)
DSA-1820 (DEBIAN)
http://www.mozilla.org/security/announce/2009/mfsa2009-25.html (CONFIRM)
35326 (BID)
35388 (BID)
ADV-2009-1572 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=479413 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=503573 (CONFIRM)
oval:org.mitre.oval:def:10436 (OVAL)
RHSA-2009:1095 (REDHAT)
FEDORA-2009-6366 (FEDORA)
FEDORA-2009-6411 (FEDORA)
CVE: CVE-2009-1838
CVE: CVE-2009-1838
Id:
CVE-2009-1838
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1838
Comment
: The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
94 (Improper Control of Generation of Code ('Code Injection'))
References:
55157 (OSVDB)
RHSA-2009:1096 (REDHAT)
35331 (SECUNIA)
35415 (SECUNIA)
35428 (SECUNIA)
35431 (SECUNIA)
35439 (SECUNIA)
35440 (SECUNIA)
35468 (SECUNIA)
35536 (SECUNIA)
35561 (SECUNIA)
35602 (SECUNIA)
35882 (SECUNIA)
SSA:2009-167-01 (SLACKWARE)
SSA:2009-176-01 (SLACKWARE)
264308 (SUNALERT)
DSA-1820 (DEBIAN)
DSA-1830 (DEBIAN)
MDVSA-2009:141 (MANDRIVA)
http://www.mozilla.org/security/announce/2009/mfsa2009-29.html (CONFIRM)
RHSA-2009:1125 (REDHAT)
RHSA-2009:1126 (REDHAT)
35326 (BID)
35383 (BID)
1022397 (SECTRACK)
SSA:2009-178-01 (SLACKWARE)
USN-782-1 (UBUNTU)
ADV-2009-1572 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=489131 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=503580 (CONFIRM)
oval:org.mitre.oval:def:11080 (OVAL)
RHSA-2009:1095 (REDHAT)
FEDORA-2009-7567 (FEDORA)
FEDORA-2009-7614 (FEDORA)
FEDORA-2009-6366 (FEDORA)
FEDORA-2009-6411 (FEDORA)
CVE: CVE-2009-1837
CVE: CVE-2009-1837
Id:
CVE-2009-1837
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1837
Comment
: Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
362 (Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'))
References:
https://bugzilla.redhat.com/show_bug.cgi?id=503579 (CONFIRM)
35431 (SECUNIA)
ADV-2009-1572 (VUPEN)
http://secunia.com/secunia_research/2009-19/ (MISC)
34241 (SECUNIA)
RHSA-2009:1095 (REDHAT)
35326 (BID)
https://bugzilla.mozilla.org/show_bug.cgi?id=486269 (CONFIRM)
http://www.mozilla.org/security/announce/2009/mfsa2009-28.html (CONFIRM)
35331 (SECUNIA)
FEDORA-2009-6411 (FEDORA)
FEDORA-2009-6366 (FEDORA)
1022386 (SECTRACK)
35360 (BID)
35468 (SECUNIA)
DSA-1820 (DEBIAN)
SSA:2009-167-01 (SLACKWARE)
35415 (SECUNIA)
264308 (SUNALERT)
oval:org.mitre.oval:def:10628 (OVAL)
20090612 Secunia Research: Mozilla Firefox Java Applet Loading Vulnerability (BUGTRAQ)
CVE: CVE-2009-1833
CVE: CVE-2009-1833
Id:
CVE-2009-1833
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1833
Comment
: The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
94 (Improper Control of Generation of Code ('Code Injection'))
References:
55152 (OSVDB)
55153 (OSVDB)
55154 (OSVDB)
RHSA-2009:1096 (REDHAT)
35331 (SECUNIA)
35415 (SECUNIA)
35428 (SECUNIA)
35431 (SECUNIA)
35439 (SECUNIA)
35440 (SECUNIA)
35468 (SECUNIA)
35536 (SECUNIA)
35561 (SECUNIA)
35602 (SECUNIA)
1022376 (SECTRACK)
SSA:2009-167-01 (SLACKWARE)
SSA:2009-176-01 (SLACKWARE)
265068 (SUNALERT)
1020800 (SUNALERT)
DSA-1820 (DEBIAN)
MDVSA-2009:141 (MANDRIVA)
http://www.mozilla.org/security/announce/2009/mfsa2009-24.html (CONFIRM)
RHSA-2009:1125 (REDHAT)
RHSA-2009:1126 (REDHAT)
35326 (BID)
35372 (BID)
1022397 (SECTRACK)
SSA:2009-178-01 (SLACKWARE)
USN-782-1 (UBUNTU)
ADV-2009-1572 (VUPEN)
ADV-2009-2152 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=369696 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=426520 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=427196 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=487204 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=503570 (CONFIRM)
oval:org.mitre.oval:def:11487 (OVAL)
RHSA-2009:1095 (REDHAT)
FEDORA-2009-6366 (FEDORA)
FEDORA-2009-6411 (FEDORA)
CVE: CVE-2009-1832
CVE: CVE-2009-1832
Id:
CVE-2009-1832
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1832
Comment
: Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction."
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
94 (Improper Control of Generation of Code ('Code Injection'))
References:
55148 (OSVDB)
35331 (SECUNIA)
35415 (SECUNIA)
35431 (SECUNIA)
35439 (SECUNIA)
35440 (SECUNIA)
35468 (SECUNIA)
35561 (SECUNIA)
35602 (SECUNIA)
35882 (SECUNIA)
1022376 (SECTRACK)
SSA:2009-167-01 (SLACKWARE)
SSA:2009-176-01 (SLACKWARE)
265068 (SUNALERT)
1020800 (SUNALERT)
DSA-1820 (DEBIAN)
DSA-1830 (DEBIAN)
MDVSA-2009:141 (MANDRIVA)
http://www.mozilla.org/security/announce/2009/mfsa2009-24.html (CONFIRM)
35326 (BID)
35371 (BID)
1022397 (SECTRACK)
SSA:2009-178-01 (SLACKWARE)
ADV-2009-1572 (VUPEN)
ADV-2009-2152 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=484031 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=503569 (CONFIRM)
oval:org.mitre.oval:def:10237 (OVAL)
RHSA-2009:1095 (REDHAT)
FEDORA-2009-7567 (FEDORA)
FEDORA-2009-7614 (FEDORA)
FEDORA-2009-6366 (FEDORA)
FEDORA-2009-6411 (FEDORA)
CVE: CVE-2009-1392
CVE: CVE-2009-1392
Id:
CVE-2009-1392
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1392
Comment
: The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors.
CVSSv2 Score:
9.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE:
94 (Improper Control of Generation of Code ('Code Injection'))
References:
55144 (OSVDB)
55145 (OSVDB)
55146 (OSVDB)
55147 (OSVDB)
RHSA-2009:1096 (REDHAT)
35331 (SECUNIA)
35415 (SECUNIA)
35428 (SECUNIA)
35431 (SECUNIA)
35439 (SECUNIA)
35440 (SECUNIA)
35468 (SECUNIA)
35536 (SECUNIA)
35561 (SECUNIA)
35602 (SECUNIA)
1022376 (SECTRACK)
SSA:2009-167-01 (SLACKWARE)
SSA:2009-176-01 (SLACKWARE)
265068 (SUNALERT)
1020800 (SUNALERT)
DSA-1820 (DEBIAN)
DSA-1830 (DEBIAN)
MDVSA-2009:141 (MANDRIVA)
http://www.mozilla.org/security/announce/2009/mfsa2009-24.html (CONFIRM)
RHSA-2009:1125 (REDHAT)
RHSA-2009:1126 (REDHAT)
35326 (BID)
35370 (BID)
1022397 (SECTRACK)
SSA:2009-178-01 (SLACKWARE)
USN-782-1 (UBUNTU)
ADV-2009-1572 (VUPEN)
ADV-2009-2152 (VUPEN)
https://bugzilla.mozilla.org/show_bug.cgi?id=380359 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=429969 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=431086 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=432068 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=451341 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=472776 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=486398 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=489041 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=490410 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=490425 (CONFIRM)
https://bugzilla.mozilla.org/show_bug.cgi?id=490513 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=503568 (CONFIRM)
oval:org.mitre.oval:def:9501 (OVAL)
RHSA-2009:1095 (REDHAT)
FEDORA-2009-6366 (FEDORA)
FEDORA-2009-6411 (FEDORA)
Content available only for registered users!
ovaldb@altx-soft.com