cpe:/a:zaal:tgt:1.0.2 cpe:/a:zaal:tgt:1.0.0 cpe:/a:zaal:tgt:1.0.13 cpe:/a:zaal:tgt:1.0.9 cpe:/a:zaal:tgt:1.0.5 cpe:/a:zaal:tgt:1.0.6 cpe:/a:zaal:tgt:1.0.1 cpe:/a:zaal:tgt:1.0.12 cpe:/a:zaal:tgt:1.0.4 cpe:/a:zaal:tgt:1.0.7 cpe:/a:zaal:tgt:1.0.10 cpe:/a:zaal:tgt:1.0.3 cpe:/a:zaal:tgt:0.9.5 cpe:/a:zaal:tgt:1.0.11 cpe:/a:zaal:tgt:1.0.8

CVE-2011-0001

2011-03-15T13:55:02.420-04:00

2011-04-06T23:27:53.630-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2011-03-15T14:15:00.000-04:00

CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=667261 MISC https://bugzilla.redhat.com/attachment.cgi?id=473779&action=diff MLIST [stgt] 20110309 [PATCH] iscsi: fix buffer overflow before login XF lstf-iscsirxhandler-dos(66010) VUPEN ADV-2011-0636 SECTRACK 1025184 BID 46817 REDHAT RHSA-2011:0332 DEBIAN DSA-2209 SECUNIA 43713 SECUNIA 43706 Double free vulnerability in the iscsi_rx_handler function (usr/iscsi/iscsid.c) in the tgt daemon (tgtd) in Linux SCSI target framework (tgt) before 1.0.14, aka scsi-target-utils, allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown vectors related to a buffer overflow during iscsi login. NOTE: some of these details are obtained from third party information.

cpe:/a:miloslav_trmac:libuser:0.53 cpe:/a:miloslav_trmac:libuser:0.23 cpe:/a:miloslav_trmac:libuser:0.3 cpe:/a:miloslav_trmac:libuser:0.49.99 cpe:/a:miloslav_trmac:libuser:0.32 cpe:/a:miloslav_trmac:libuser:0.31 cpe:/a:miloslav_trmac:libuser:0.56.9 cpe:/a:miloslav_trmac:libuser:0.51.4 cpe:/a:miloslav_trmac:libuser:0.51.11 cpe:/a:miloslav_trmac:libuser:0.24-4 cpe:/a:miloslav_trmac:libuser:0.51.6 cpe:/a:miloslav_trmac:libuser:0.2 cpe:/a:miloslav_trmac:libuser:0.54.2 cpe:/a:miloslav_trmac:libuser:0.25.1 cpe:/a:miloslav_trmac:libuser:0.8.1 cpe:/a:miloslav_trmac:libuser:0.16.1 cpe:/a:miloslav_trmac:libuser:0.56.10 cpe:/a:miloslav_trmac:libuser:0.56.17 cpe:/a:miloslav_trmac:libuser:0.51.1-2 cpe:/a:miloslav_trmac:libuser:0.51.12 cpe:/a:miloslav_trmac:libuser:0.54.3 cpe:/a:miloslav_trmac:libuser:0.49.98 cpe:/a:miloslav_trmac:libuser:0.8 cpe:/a:miloslav_trmac:libuser:0.49.95 cpe:/a:miloslav_trmac:libuser:0.49.92 cpe:/a:miloslav_trmac:libuser:0.56 cpe:/a:miloslav_trmac:libuser:0.21 cpe:/a:miloslav_trmac:libuser:0.51.2 cpe:/a:miloslav_trmac:libuser:0.51 cpe:/a:miloslav_trmac:libuser:0.29 cpe:/a:miloslav_trmac:libuser:0.51.9 cpe:/a:miloslav_trmac:libuser:0.53.4 cpe:/a:miloslav_trmac:libuser:0.56.8 cpe:/a:miloslav_trmac:libuser:0.25 cpe:/a:miloslav_trmac:libuser:0.18 cpe:/a:miloslav_trmac:libuser:0.56.11 cpe:/a:miloslav_trmac:libuser:0.54.6 cpe:/a:miloslav_trmac:libuser:0.53.3 cpe:/a:miloslav_trmac:libuser:0.6 cpe:/a:miloslav_trmac:libuser:0.56.4 cpe:/a:miloslav_trmac:libuser:0.56.15 cpe:/a:miloslav_trmac:libuser:0.56.5 cpe:/a:miloslav_trmac:libuser:0.49.91 cpe:/a:miloslav_trmac:libuser:0.8.2 cpe:/a:miloslav_trmac:libuser:0.56.2 cpe:/a:miloslav_trmac:libuser:0.51.7-7 cpe:/a:miloslav_trmac:libuser:0.56.6 cpe:/a:miloslav_trmac:libuser:0.7 cpe:/a:miloslav_trmac:libuser:0.24-3 cpe:/a:miloslav_trmac:libuser:0.52.4 cpe:/a:miloslav_trmac:libuser:0.51.8 cpe:/a:miloslav_trmac:libuser:0.51.1-1 cpe:/a:miloslav_trmac:libuser:0.55 cpe:/a:miloslav_trmac:libuser:0.54.1 cpe:/a:miloslav_trmac:libuser:0.49.96 cpe:/a:miloslav_trmac:libuser:0.53.2 cpe:/a:miloslav_trmac:libuser:0.53.6 cpe:/a:miloslav_trmac:libuser:0.4 cpe:/a:miloslav_trmac:libuser:0.52.6 cpe:/a:miloslav_trmac:libuser:0.51.7 cpe:/a:miloslav_trmac:libuser:0.30 cpe:/a:miloslav_trmac:libuser:0.54 cpe:/a:miloslav_trmac:libuser:0.56.7 cpe:/a:miloslav_trmac:libuser:0.54.7 cpe:/a:miloslav_trmac:libuser:0.49.101-2 cpe:/a:miloslav_trmac:libuser:0.54.4 cpe:/a:miloslav_trmac:libuser:0.53.8 cpe:/a:miloslav_trmac:libuser:0.26 cpe:/a:miloslav_trmac:libuser:0.56.12 cpe:/a:miloslav_trmac:libuser:0.54.5 cpe:/a:miloslav_trmac:libuser:0.5 cpe:/a:miloslav_trmac:libuser:0.56.18 cpe:/a:miloslav_trmac:libuser:0.53.5 cpe:/a:miloslav_trmac:libuser:0.56.13 cpe:/a:miloslav_trmac:libuser:0.50.2 cpe:/a:miloslav_trmac:libuser:0.20 cpe:/a:miloslav_trmac:libuser:0.49.100 cpe:/a:miloslav_trmac:libuser:0.1 cpe:/a:miloslav_trmac:libuser:0.52.1 cpe:/a:miloslav_trmac:libuser:0.49.93 cpe:/a:miloslav_trmac:libuser:0.49.97 cpe:/a:miloslav_trmac:libuser:0.51.10 cpe:/a:miloslav_trmac:libuser:0.27 cpe:/a:miloslav_trmac:libuser:0.53.7 cpe:/a:miloslav_trmac:libuser:0.54.8 cpe:/a:miloslav_trmac:libuser:0.51.5 cpe:/a:miloslav_trmac:libuser:0.51.7-3 cpe:/a:miloslav_trmac:libuser:0.56.14 cpe:/a:miloslav_trmac:libuser:0.53.1 cpe:/a:miloslav_trmac:libuser:0.52 cpe:/a:miloslav_trmac:libuser:0.49.102 cpe:/a:miloslav_trmac:libuser:0.56.3 cpe:/a:miloslav_trmac:libuser:0.28 cpe:/a:miloslav_trmac:libuser:0.10 cpe:/a:miloslav_trmac:libuser:0.52.3 cpe:/a:miloslav_trmac:libuser:0.9 cpe:/a:miloslav_trmac:libuser:0.50 cpe:/a:miloslav_trmac:libuser:0.52.5 cpe:/a:miloslav_trmac:libuser:0.52.2 cpe:/a:miloslav_trmac:libuser:0.56.16 cpe:/a:miloslav_trmac:libuser:0.49.101-1 cpe:/a:miloslav_trmac:libuser:0.49.90 cpe:/a:miloslav_trmac:libuser:0.11 cpe:/a:miloslav_trmac:libuser:0.56.1

CVE-2011-0002

2011-01-22T17:00:06.677-05:00

2011-02-04T01:50:11.090-05:00

6.4

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-01-24T10:12:00.000-05:00

CONFIRM https://fedorahosted.org/libuser/browser/NEWS?rev=libuser-0.57 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=643227 XF libuser-password-security-bypass(64677) VUPEN ADV-2011-0226 VUPEN ADV-2011-0201 VUPEN ADV-2011-0184 BID 45791 REDHAT RHSA-2011:0170 OSVDB 70421 MANDRIVA MDVSA-2011:019 SECTRACK 1024960 SECUNIA 43047 SECUNIA 42966 SECUNIA 42891 FEDORA FEDORA-2011-0320 FEDORA FEDORA-2011-0316 libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values.

cpe:/a:mediawiki:mediawiki:1.4:beta4 cpe:/a:mediawiki:mediawiki:1.4.6 cpe:/a:mediawiki:mediawiki:1.6.8 cpe:/a:mediawiki:mediawiki:1.4.11 cpe:/a:mediawiki:mediawiki:1.4.2 cpe:/a:mediawiki:mediawiki:1.5:beta3 cpe:/a:mediawiki:mediawiki:1.7.1 cpe:/a:mediawiki:mediawiki:1.4.3 cpe:/a:mediawiki:mediawiki:1.13.2 cpe:/a:mediawiki:mediawiki:1.4:beta2 cpe:/a:mediawiki:mediawiki:1.8.0 cpe:/a:mediawiki:mediawiki:1.2.4 cpe:/a:mediawiki:mediawiki:1.4.9 cpe:/a:mediawiki:mediawiki:1.6.2 cpe:/a:mediawiki:mediawiki:1.4:beta3 cpe:/a:mediawiki:mediawiki:1.4.12 cpe:/a:mediawiki:mediawiki:1.6.10 cpe:/a:mediawiki:mediawiki:1.3.2 cpe:/a:mediawiki:mediawiki:1.5.7 cpe:/a:mediawiki:mediawiki:1.2.5 cpe:/a:mediawiki:mediawiki:1.15.0 cpe:/a:mediawiki:mediawiki:1.3.0 cpe:/a:mediawiki:mediawiki:1.6.4 cpe:/a:mediawiki:mediawiki:1.3.6 cpe:/a:mediawiki:mediawiki:1.12.2 cpe:/a:mediawiki:mediawiki:1.12.0 cpe:/a:mediawiki:mediawiki:1.9.4 cpe:/a:mediawiki:mediawiki:1.7.0 cpe:/a:mediawiki:mediawiki:1.4.7 cpe:/a:mediawiki:mediawiki:1.8.2 cpe:/a:mediawiki:mediawiki:1.11.0:rc1 cpe:/a:mediawiki:mediawiki:1.3.1 cpe:/a:mediawiki:mediawiki:1.9.0:rc2 cpe:/a:mediawiki:mediawiki:1.2.1 cpe:/a:mediawiki:mediawiki:1.2.0 cpe:/a:mediawiki:mediawiki:1.4.5 cpe:/a:mediawiki:mediawiki:stable_2003-11-17 cpe:/a:mediawiki:mediawiki:1.10.2 cpe:/a:mediawiki:mediawiki:1.14.0:rc1 cpe:/a:mediawiki:mediawiki:1.10.4 cpe:/a:mediawiki:mediawiki:1.9.3 cpe:/a:mediawiki:mediawiki:1.13.1 cpe:/a:mediawiki:mediawiki:1.3.10 cpe:/a:mediawiki:mediawiki:1.4.14 cpe:/a:mediawiki:mediawiki:1.16.0 cpe:/a:mediawiki:mediawiki:1.8.3 cpe:/a:mediawiki:mediawiki:1.7.3 cpe:/a:mediawiki:mediawiki:stable_2003-08-29 cpe:/a:mediawiki:mediawiki:1.5.2 cpe:/a:mediawiki:mediawiki:1.8.4 cpe:/a:mediawiki:mediawiki:1.6.9 cpe:/a:mediawiki:mediawiki:1.3.3 cpe:/a:mediawiki:mediawiki:1.3.7 cpe:/a:mediawiki:mediawiki:1.4.1 cpe:/a:mediawiki:mediawiki:1.13.4 cpe:/a:mediawiki:mediawiki:1.9.0 cpe:/a:mediawiki:mediawiki:1.3.8 cpe:/a:mediawiki:mediawiki:1.5:beta4 cpe:/a:mediawiki:mediawiki:1.10.0 cpe:/a:mediawiki:mediawiki:1.5.6 cpe:/a:mediawiki:mediawiki:1.6.7 cpe:/a:mediawiki:mediawiki:1.11.1 cpe:/a:mediawiki:mediawiki:1.8.5 cpe:/a:mediawiki:mediawiki:1.3.5 cpe:/a:mediawiki:mediawiki:1.15.2 cpe:/a:mediawiki:mediawiki:1.9.6 cpe:/a:mediawiki:mediawiki:1.10.0:rc2 cpe:/a:mediawiki:mediawiki:1.5:beta1 cpe:/a:mediawiki:mediawiki:1.3 cpe:/a:mediawiki:mediawiki:1.12.1 cpe:/a:mediawiki:mediawiki:1.6.5 cpe:/a:mediawiki:mediawiki:1.3.14 cpe:/a:mediawiki:mediawiki:1.13.0:rc2 cpe:/a:mediawiki:mediawiki:1.12.4 cpe:/a:mediawiki:mediawiki:1.3.11 cpe:/a:mediawiki:mediawiki:1.5:rc4 cpe:/a:mediawiki:mediawiki:1.16.0:beta2 cpe:/a:mediawiki:mediawiki:1.11.0 cpe:/a:mediawiki:mediawiki:1.4.8 cpe:/a:mediawiki:mediawiki:1.5:rc2 cpe:/a:mediawiki:mediawiki:1.1.0 cpe:/a:mediawiki:mediawiki:1.5.1 cpe:/a:mediawiki:mediawiki:1.11.2 cpe:/a:mediawiki:mediawiki:1.15.0:rc1 cpe:/a:mediawiki:mediawiki:1.6.12 cpe:/a:mediawiki:mediawiki:1.4.10 cpe:/a:mediawiki:mediawiki:1.4.13 cpe:/a:mediawiki:mediawiki:1.6.3 cpe:/a:mediawiki:mediawiki:1.2.3 cpe:/a:mediawiki:mediawiki:1.2.6 cpe:/a:mediawiki:mediawiki:1.4:beta1 cpe:/a:mediawiki:mediawiki:1.5.0 cpe:/a:mediawiki:mediawiki:1.3.9 cpe:/a:mediawiki:mediawiki:1.11:rc1 cpe:/a:mediawiki:mediawiki:1.3.4 cpe:/a:mediawiki:mediawiki:1.9.5 cpe:/a:mediawiki:mediawiki:1.9.2 cpe:/a:mediawiki:mediawiki:1.9.1 cpe:/a:mediawiki:mediawiki:1.5:alpha1 cpe:/a:mediawiki:mediawiki:1.10.3 cpe:/a:mediawiki:mediawiki:1.15.3 cpe:/a:mediawiki:mediawiki:1.2.2 cpe:/a:mediawiki:mediawiki:1.7.2 cpe:/a:mediawiki:mediawiki:1.14.0 cpe:/a:mediawiki:mediawiki:1.6.0 cpe:/a:mediawiki:mediawiki:1.4.0 cpe:/a:mediawiki:mediawiki:1.4:beta6 cpe:/a:mediawiki:mediawiki:1.8.1 cpe:/a:mediawiki:mediawiki:1.12.0:rc1 cpe:/a:mediawiki:mediawiki:1.13.3 cpe:/a:mediawiki:mediawiki:1.6.1 cpe:/a:mediawiki:mediawiki:1.10.1 cpe:/a:mediawiki:mediawiki:1.13.0:rc1 cpe:/a:mediawiki:mediawiki:1.11 cpe:/a:mediawiki:mediawiki:1.10.0:rc1 cpe:/a:mediawiki:mediawiki:1.4:beta5 cpe:/a:mediawiki:mediawiki:1.16.0:beta1 cpe:/a:mediawiki:mediawiki:1.6.5_r14348 cpe:/a:mediawiki:mediawiki:1.5:beta2 cpe:/a:mediawiki:mediawiki:1.6.6 cpe:/a:mediawiki:mediawiki:1.15.1 cpe:/a:mediawiki:mediawiki:stable_2003-11-07 cpe:/a:mediawiki:mediawiki:1.12.3 cpe:/a:mediawiki:mediawiki:1.3.15 cpe:/a:mediawiki:mediawiki:1.3.13 cpe:/a:mediawiki:mediawiki:1.5:rc3 cpe:/a:mediawiki:mediawiki:1.5.4 cpe:/a:mediawiki:mediawiki:1.13.0 cpe:/a:mediawiki:mediawiki:1.5.8 cpe:/a:mediawiki:mediawiki:1.5.5 cpe:/a:mediawiki:mediawiki:1.3.12 cpe:/a:mediawiki:mediawiki:1.14.1 cpe:/a:mediawiki:mediawiki:1.4.4 cpe:/a:mediawiki:mediawiki:1.5.3 cpe:/a:mediawiki:mediawiki:1.5:alpha2

CVE-2011-0003

2011-01-10T22:00:05.017-05:00

2011-09-06T23:13:39.817-04:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-01-11T14:22:00.000-05:00

MLIST [MediaWiki-announce] 20110104 MediaWiki security release 1.16.1 CONFIRM https://bugzilla.wikimedia.org/show_bug.cgi?id=26561 XF mediawiki-frames-clickjacking(64476) VUPEN ADV-2011-0017 OSVDB 70272 MLIST [oss-security] 20110104 (possible) CVE request: Clickjacking in Mediawiki MLIST [oss-security] 20110104 Re: (possible) CVE request: Clickjacking in Mediawiki SECUNIA 42810 FEDORA FEDORA-2011-5807 FEDORA FEDORA-2011-5812 FEDORA FEDORA-2011-5848 MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors.

cpe:/a:piwik:piwik:0.2.4 cpe:/a:piwik:piwik:0.2.31 cpe:/a:piwik:piwik:0.9 cpe:/a:piwik:piwik:0.1.9 cpe:/a:piwik:piwik:0.4.1 cpe:/a:piwik:piwik:0.1.3 cpe:/a:piwik:piwik:0.2.8 cpe:/a:piwik:piwik:0.1.5 cpe:/a:piwik:piwik:0.5.3 cpe:/a:piwik:piwik:0.6.3 cpe:/a:piwik:piwik:0.2.35 cpe:/a:piwik:piwik:0.2.37 cpe:/a:piwik:piwik:0.2.14 cpe:/a:piwik:piwik:0.8 cpe:/a:piwik:piwik:0.2.20 cpe:/a:piwik:piwik:0.2.9 cpe:/a:piwik:piwik:0.5.2 cpe:/a:piwik:piwik:0.2.29 cpe:/a:piwik:piwik:0.2.23 cpe:/a:piwik:piwik:0.2.36 cpe:/a:piwik:piwik:0.7 cpe:/a:piwik:piwik:0.2.2 cpe:/a:piwik:piwik:0.1.8 cpe:/a:piwik:piwik:0.1.4 cpe:/a:piwik:piwik:0.6.3:rc1 cpe:/a:piwik:piwik:0.6.4 cpe:/a:piwik:piwik:0.2.27 cpe:/a:piwik:piwik:0.2.25 cpe:/a:piwik:piwik:0.2.12 cpe:/a:piwik:piwik:0.4.1:rc1 cpe:/a:piwik:piwik:0.1.2 cpe:/a:piwik:piwik:0.2.24 cpe:/a:piwik:piwik:0.2.11 cpe:/a:piwik:piwik:0.4.3 cpe:/a:piwik:piwik:0.2.19 cpe:/a:piwik:piwik:0.1.10 cpe:/a:piwik:piwik:0.5.5 cpe:/a:piwik:piwik:0.2.7 cpe:/a:piwik:piwik:0.2.10 cpe:/a:piwik:piwik:0.4:rc1 cpe:/a:piwik:piwik:0.1 cpe:/a:piwik:piwik:0.6.3:rc2 cpe:/a:piwik:piwik:0.1.7 cpe:/a:piwik:piwik:0.2.30 cpe:/a:piwik:piwik:0.2.16 cpe:/a:piwik:piwik:0.1.1 cpe:/a:piwik:piwik:0.2.6 cpe:/a:piwik:piwik:0.6 cpe:/a:piwik:piwik:0.2.17 cpe:/a:piwik:piwik:0.2.3 cpe:/a:piwik:piwik:0.2.33 cpe:/a:piwik:piwik:0.4.2 cpe:/a:piwik:piwik:0.5 cpe:/a:piwik:piwik:0.2.22 cpe:/a:piwik:piwik:0.4:rc3 cpe:/a:piwik:piwik:0.1.6 cpe:/a:piwik:piwik:1.0 cpe:/a:piwik:piwik:0.5.4 cpe:/a:piwik:piwik:0.2.32 cpe:/a:piwik:piwik:0.2.18 cpe:/a:piwik:piwik:0.4 cpe:/a:piwik:piwik:0.2.34 cpe:/a:piwik:piwik:0.5.1 cpe:/a:piwik:piwik:0.6.1 cpe:/a:piwik:piwik:0.6.2 cpe:/a:piwik:piwik:0.2.1 cpe:/a:piwik:piwik:0.2.13 cpe:/a:piwik:piwik:0.4.4 cpe:/a:piwik:piwik:0.2.26 cpe:/a:piwik:piwik:0.4:rc2 cpe:/a:piwik:piwik:0.2.28 cpe:/a:piwik:piwik:0.4.5 cpe:/a:piwik:piwik:0.9.9 cpe:/a:piwik:piwik:0.2.5

CVE-2011-0004

2011-01-10T15:00:17.000-05:00

2011-02-25T01:58:20.407-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-01-11T08:25:00.000-05:00

CONFIRM http://piwik.org/blog/2011/01/professional-security-audit-in-piwik/ CONFIRM http://piwik.org/blog/2011/01/piwik-1-1-security-advisory/ CONFIRM http://piwik.org/blog/2011/01/piwik-1-1-2/ MLIST [oss-security] 20110106 Re: CVE Request: Multiple XSS Vulnerabiliies < Piwik 1.1 MLIST [oss-security] 20110105 CVE Request: Multiple XSS Vulnerabiliies < Piwik 1.1 VUPEN ADV-2011-0013 BID 45659 SECUNIA 42809 OSVDB 70310 Multiple cross-site scripting (XSS) vulnerabilities in Piwik before 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

cpe:/a:joomla:com_search

CVE-2011-0005

2011-01-10T22:00:05.297-05:00

2011-01-19T02:02:41.397-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-01-11T11:43:00.000-05:00

MISC http://yehg.net/lab/pr0js/advisories/joomla/core/[joomla_1.0.x~15]_cross_site_scripting XF joomla-ordering-xss(64539) BID 45679 BUGTRAQ 20110107 Re: Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability BUGTRAQ 20110105 Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability MISC http://packetstormsecurity.org/files/view/97273/joomla1015-xss.txt OSVDB 70369 Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.php.

cpe:/o:linux:linux_kernel:2.6.36.4 cpe:/o:linux:linux_kernel:2.6.36.3 cpe:/o:linux:linux_kernel:2.6.36.1 cpe:/o:linux:linux_kernel:2.6.36.2

CVE-2011-0006

2012-06-21T19:55:01.787-04:00

2012-06-26T00:00:00.000-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2012-06-22T11:22:00.000-04:00

CONFIRM https://github.com/torvalds/linux/commit/867c20265459d30a01b021a9c1e81fb4c5832aa9 CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=867c20265459d30a01b021a9c1e81fb4c5832aa9 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=667912 MLIST [oss-security] 20110106 Re: CVE Request: kernel [Re: Security review of 2.6.32.28] CONFIRM http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c in the Linux kernel before 2.6.37, when the Linux Security Modules (LSM) framework is disabled, allows local users to bypass Integrity Measurement Architecture (IMA) rules in opportunistic circumstances by leveraging an administrator's addition of an IMA rule for LSM.

cpe:/a:troglobit:pimd:2.1.5

CVE-2011-0007

2011-01-10T22:00:05.360-05:00

2011-01-20T01:46:47.580-05:00

3.3

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2011-01-11T14:35:00.000-05:00

MLIST [oss-security] 20110107 CVE Request - pimd - Insecure file creation in /var/tmp XF pimd-pimd-symlink(64528) VUPEN ADV-2011-0113 BID 45715 OSVDB 70305 MLIST [oss-security] 20110107 Re: CVE Request - pimd - Insecure file creation in /var/tmp DEBIAN DSA-2147 SECUNIA 42793 SECUNIA 42759 pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on (1) pimd.dump when a USR1 signal is sent, or (2) pimd.cache when USR2 is sent.

cpe:/a:todd_miller:sudo:1.6.5 cpe:/a:todd_miller:sudo:1.6.9 cpe:/a:todd_miller:sudo:1.6.9p13 cpe:/a:todd_miller:sudo:1.6.9p1 cpe:/a:todd_miller:sudo:1.6.4p1 cpe:/a:todd_miller:sudo:1.6.6 cpe:/a:todd_miller:sudo:1.6.7p5 cpe:/a:todd_miller:sudo:1.6.9_p22 cpe:/a:todd_miller:sudo:1.6.9p8 cpe:/a:todd_miller:sudo:1.5.2 cpe:/a:todd_miller:sudo:1.6.3_p3 cpe:/a:todd_miller:sudo:1.6.8p6 cpe:/a:todd_miller:sudo:1.7.0 cpe:/a:todd_miller:sudo:1.6.4_p1 cpe:/a:todd_miller:sudo:1.6.3p4 cpe:/a:todd_miller:sudo:1.5.9 cpe:/a:todd_miller:sudo:1.6.4p2 cpe:/a:todd_miller:sudo:1.6.8_p7 cpe:/a:todd_miller:sudo:1.6.9p16 cpe:/a:todd_miller:sudo:1.6.9_p18 cpe:/a:todd_miller:sudo:1.7.4p2 cpe:/a:todd_miller:sudo:1.6.9p21 cpe:/a:todd_miller:sudo:1.7.2p1 cpe:/a:todd_miller:sudo:1.6.8_p12 cpe:/a:todd_miller:sudo:1.6.4 cpe:/a:todd_miller:sudo:1.6.8_p1 cpe:/a:todd_miller:sudo:1.6.3_p4 cpe:/a:todd_miller:sudo:1.6.7p3 cpe:/a:todd_miller:sudo:1.6.7_p5 cpe:/a:todd_miller:sudo:1.6.8p10 cpe:/a:todd_miller:sudo:1.7.2p4 cpe:/a:todd_miller:sudo:1.6.3_p6 cpe:/a:todd_miller:sudo:1.6.9p15 cpe:/a:todd_miller:sudo:1.7.2p5 cpe:/a:todd_miller:sudo:1.7.2p7 cpe:/a:todd_miller:sudo:1.7.1 cpe:/a:todd_miller:sudo:1.6.8p5 cpe:/a:todd_miller:sudo:1.7.4p3 cpe:/a:todd_miller:sudo:1.7.4p1 cpe:/a:todd_miller:sudo:1.6.8p1 cpe:/a:todd_miller:sudo:1.6.9p20 cpe:/a:todd_miller:sudo:1.7.3b1 cpe:/a:todd_miller:sudo:1.6.3 cpe:/a:todd_miller:sudo:1.6.5p1 cpe:/a:todd_miller:sudo:1.6.9p11 cpe:/a:todd_miller:sudo:1.6.8_p2 cpe:/a:todd_miller:sudo:1.6.9p14 cpe:/a:todd_miller:sudo:1.6.3p2 cpe:/a:todd_miller:sudo:1.7.2p6 cpe:/a:todd_miller:sudo:1.6.8p12 cpe:/a:todd_miller:sudo:1.6.3_p1 cpe:/a:todd_miller:sudo:1.7.4p5 cpe:/a:todd_miller:sudo:1.6.2 cpe:/a:todd_miller:sudo:1.6.9p18 cpe:/a:todd_miller:sudo:1.6.7p2 cpe:/a:todd_miller:sudo:1.7.4p4 cpe:/a:todd_miller:sudo:1.6.9p6 cpe:/a:todd_miller:sudo:1.6 cpe:/a:todd_miller:sudo:1.5 cpe:/a:todd_miller:sudo:1.6.8p9 cpe:/a:todd_miller:sudo:1.6.2p2 cpe:/a:todd_miller:sudo:1.6.5_p1 cpe:/a:todd_miller:sudo:1.6.3_p2 cpe:/a:todd_miller:sudo:1.6.9p17 cpe:/a:todd_miller:sudo:1.6.9_p21 cpe:/a:todd_miller:sudo:1.6.9p3 cpe:/a:todd_miller:sudo:1.7.4 cpe:/a:todd_miller:sudo:1.6.8_p5 cpe:/a:todd_miller:sudo:1.3.1 cpe:/a:todd_miller:sudo:1.6.3_p5 cpe:/a:todd_miller:sudo:1.6.9p22 cpe:/a:todd_miller:sudo:1.6.8 cpe:/a:todd_miller:sudo:1.5.8 cpe:/a:todd_miller:sudo:1.6.8p3 cpe:/a:todd_miller:sudo:1.6.3p3 cpe:/a:todd_miller:sudo:1.7.2 cpe:/a:todd_miller:sudo:1.6.8_p8 cpe:/a:todd_miller:sudo:1.6.9p7 cpe:/a:todd_miller:sudo:1.7.2p2 cpe:/a:todd_miller:sudo:1.6.7p1 cpe:/a:todd_miller:sudo:1.6.3p7 cpe:/a:todd_miller:sudo:1.6.7p4 cpe:/a:todd_miller:sudo:1.6.3p5 cpe:/a:todd_miller:sudo:1.6.2p3 cpe:/a:todd_miller:sudo:1.6.4_p2 cpe:/a:todd_miller:sudo:1.6.3p6 cpe:/a:todd_miller:sudo:1.6.5_p2 cpe:/a:todd_miller:sudo:1.6.9p23 cpe:/a:todd_miller:sudo:1.6.9p19 cpe:/a:todd_miller:sudo:1.6.9_p17 cpe:/a:todd_miller:sudo:1.6.8p7 cpe:/a:todd_miller:sudo:1.5.7 cpe:/a:todd_miller:sudo:1.6.8p8 cpe:/a:todd_miller:sudo:1.6.3_p7 cpe:/a:todd_miller:sudo:1.6.9p2 cpe:/a:todd_miller:sudo:1.6.9p4 cpe:/a:todd_miller:sudo:1.6.8p2 cpe:/a:todd_miller:sudo:1.5.3 cpe:/a:todd_miller:sudo:1.6.9p5 cpe:/a:todd_miller:sudo:1.6.2p1 cpe:/a:todd_miller:sudo:1.6.8p4 cpe:/a:todd_miller:sudo:1.6.9p9 cpe:/a:todd_miller:sudo:1.6.9p12 cpe:/a:todd_miller:sudo:1.6.8_p9 cpe:/a:todd_miller:sudo:1.6.1 cpe:/a:todd_miller:sudo:1.5.6 cpe:/a:todd_miller:sudo:1.6.3p1 cpe:/a:todd_miller:sudo:1.6.9p10 cpe:/a:todd_miller:sudo:1.7.2p3 cpe:/a:todd_miller:sudo:1.6.9_p19 cpe:/a:todd_miller:sudo:1.6.7 cpe:/a:todd_miller:sudo:1.6.5p2 cpe:/a:todd_miller:sudo:1.6.8p11 cpe:/a:todd_miller:sudo:1.6.9_p20

CVE-2011-0008

2011-01-20T14:00:07.443-05:00

2011-02-04T01:50:11.650-05:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2011-01-21T12:54:00.000-05:00

ALLOWS_ADMIN_ACCESS

CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=668843 XF sudo-parse-privilege-escalation(64965) VUPEN ADV-2011-0199 VUPEN ADV-2011-0195 MANDRIVA MDVSA-2011:018 SECUNIA 42968 FEDORA FEDORA-2011-0455 FEDORA FEDORA-2011-0470 A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression.

cpe:/a:bestpractical:rt:3.2.3:rc1 cpe:/a:bestpractical:rt:3.4.0:rc3 cpe:/a:bestpractical:rt:3.4.6:rc2 cpe:/a:bestpractical:rt:3.5.1 cpe:/a:bestpractical:rt:3.0.10 cpe:/a:bestpractical:rt:3.8.5 cpe:/a:bestpractical:rt:3.6.3:rc2 cpe:/a:bestpractical:rt:3.6.1:pre2 cpe:/a:bestpractical:rt:3.8.2 cpe:/a:bestpractical:rt:3.4.0:rc1 cpe:/a:bestpractical:rt:3.2.1:rc1 cpe:/a:bestpractical:rt:3.6.5 cpe:/a:bestpractical:rt:3.6.1 cpe:/a:bestpractical:rt:3.6.3 cpe:/a:bestpractical:rt:3.6.9 cpe:/a:bestpractical:rt:3.4.6 cpe:/a:bestpractical:rt:3.8.1:rc1 cpe:/a:bestpractical:rt:3.8.0:rc1 cpe:/a:bestpractical:rt:3.0.12 cpe:/a:bestpractical:rt:3.2.0:rc4 cpe:/a:bestpractical:rt:3.8.6 cpe:/a:bestpractical:rt:3.2.0 cpe:/a:bestpractical:rt:3.6.4:rc1 cpe:/a:bestpractical:rt:3.7.86 cpe:/a:bestpractical:rt:3.4.3:rc2 cpe:/a:bestpractical:rt:3.7.85 cpe:/a:bestpractical:rt:3.4.2 cpe:/a:bestpractical:rt:3.8.3 cpe:/a:bestpractical:rt:3.0.1 cpe:/a:bestpractical:rt:3.1.11 cpe:/a:bestpractical:rt:3.6.3:rc3 cpe:/a:bestpractical:rt:3.6.2:rc1 cpe:/a:bestpractical:rt:3.1.14 cpe:/a:bestpractical:rt:3.8.1:rc4 cpe:/a:bestpractical:rt:3.8.8:rc4 cpe:/a:bestpractical:rt:3.2.1 cpe:/a:bestpractical:rt:3.5.3 cpe:/a:bestpractical:rt:3.0.2 cpe:/a:bestpractical:rt:3.6.0:pre0 cpe:/a:bestpractical:rt:3.8.8:rc3 cpe:/a:bestpractical:rt:3.6.4 cpe:/a:bestpractical:rt:3.7.1 cpe:/a:bestpractical:rt:3.8.2:rc1 cpe:/a:bestpractical:rt:3.0.8 cpe:/a:bestpractical:rt:3.6.0:pre1 cpe:/a:bestpractical:rt:3.6.6:rc2 cpe:/a:bestpractical:rt:3.0.11:rc4 cpe:/a:bestpractical:rt:3.8.0 cpe:/a:bestpractical:rt:4.0.0:rc3 cpe:/a:bestpractical:rt:3.6.4:rc2 cpe:/a:bestpractical:rt:3.4.5:pre1 cpe:/a:bestpractical:rt:3.6.3:rc4 cpe:/a:bestpractical:rt:3.0.6 cpe:/a:bestpractical:rt:3.0.11:rc3 cpe:/a:bestpractical:rt:3.6.1:rc1 cpe:/a:bestpractical:rt:3.0.10:pre2 cpe:/a:bestpractical:rt:3.4.5:rc2 cpe:/a:bestpractical:rt:3.2.3 cpe:/a:bestpractical:rt:3.2.1:rc3 cpe:/a:bestpractical:rt:3.0.10:rc1 cpe:/a:bestpractical:rt:3.0.10:pre1 cpe:/a:bestpractical:rt:3.8.7:rc1 cpe:/a:bestpractical:rt:3.6.0:rc3 cpe:/a:bestpractical:rt:3.4.0:rc5 cpe:/a:bestpractical:rt:3.2.1:rc4 cpe:/a:bestpractical:rt:4.0.0:rc2 cpe:/a:bestpractical:rt:3.0.11:rc2 cpe:/a:bestpractical:rt:3.8.1:rc5 cpe:/a:bestpractical:rt:3.0.5 cpe:/a:bestpractical:rt:4.0.0:rc1 cpe:/a:bestpractical:rt:3.4.2:rc1 cpe:/a:bestpractical:rt:3.6.2:rc4 cpe:/a:bestpractical:rt:3.1.4 cpe:/a:bestpractical:rt:3.2.0:rc1 cpe:/a:bestpractical:rt:3.8.6:rc1 cpe:/a:bestpractical:rt:3.6.1:rc2 cpe:/a:bestpractical:rt:3.1.3 cpe:/a:bestpractical:rt:3.4.3 cpe:/a:bestpractical:rt:3.1.15 cpe:/a:bestpractical:rt:3.6.5:rc1 cpe:/a:bestpractical:rt:3.5.2 cpe:/a:bestpractical:rt:3.2.3:rc2 cpe:/a:bestpractical:rt:3.4.7:rc1 cpe:/a:bestpractical:rt:3.6.0 cpe:/a:bestpractical:rt:3.6.6:rc1 cpe:/a:bestpractical:rt:3.4.2:rc2 cpe:/a:bestpractical:rt:3.2.1:rc2 cpe:/a:bestpractical:rt:3.8.9:rc1 cpe:/a:bestpractical:rt:3.5.5 cpe:/a:bestpractical:rt:3.0.0 cpe:/a:bestpractical:rt:3.4.4:pre1 cpe:/a:bestpractical:rt:3.0.4 cpe:/a:bestpractical:rt:3.7.80 cpe:/a:bestpractical:rt:3.5.7 cpe:/a:bestpractical:rt:3.1.17 cpe:/a:bestpractical:rt:3.0.3 cpe:/a:bestpractical:rt:3.8.0:rc2 cpe:/a:bestpractical:rt:3.6.0:rc1 cpe:/a:bestpractical:rt:3.1.5 cpe:/a:bestpractical:rt:3.6.2:rc5 cpe:/a:bestpractical:rt:3.4.4:pre3 cpe:/a:bestpractical:rt:3.5.4 cpe:/a:bestpractical:rt:3.1.10 cpe:/a:bestpractical:rt:3.2.0:rc3 cpe:/a:bestpractical:rt:3.8.3:rc2 cpe:/a:bestpractical:rt:3.6.6:rc3 cpe:/a:bestpractical:rt:3.2.2:rc1 cpe:/a:bestpractical:rt:3.6.0:rc2 cpe:/a:bestpractical:rt:3.8.3:rc1 cpe:/a:bestpractical:rt:3.4.3:rc1 cpe:/a:bestpractical:rt:3.1.13 cpe:/a:bestpractical:rt:3.1.2 cpe:/a:bestpractical:rt:3.0.9 cpe:/a:bestpractical:rt:3.4.5 cpe:/a:bestpractical:rt:3.6.7 cpe:/a:bestpractical:rt:3.4.0:rc4 cpe:/a:bestpractical:rt:3.8.4 cpe:/a:bestpractical:rt:3.6.2 cpe:/a:bestpractical:rt:3.1.12 cpe:/a:bestpractical:rt:3.1.6 cpe:/a:bestpractical:rt:3.8.2:rc2 cpe:/a:bestpractical:rt:3.8.8:rc2 cpe:/a:bestpractical:rt:3.5.6 cpe:/a:bestpractical:rt:3.0.7 cpe:/a:bestpractical:rt:3.4.0:rc6 cpe:/a:bestpractical:rt:3.4.5:rc1 cpe:/a:bestpractical:rt:3.7.5 cpe:/a:bestpractical:rt:3.6.3:rc1 cpe:/a:bestpractical:rt:3.6.2:rc3 cpe:/a:bestpractical:rt:3.8.4:rc1 cpe:/a:bestpractical:rt:3.4.1 cpe:/a:bestpractical:rt:3.4.0 cpe:/a:bestpractical:rt:3.2.0:rc2 cpe:/a:bestpractical:rt:3.1.8 cpe:/a:bestpractical:rt:3.4.4 cpe:/a:bestpractical:rt:3.4.6:rc1 cpe:/a:bestpractical:rt:3.1.7 cpe:/a:bestpractical:rt:3.2.2 cpe:/a:bestpractical:rt:3.8.1 cpe:/a:bestpractical:rt:3.0.7.1 cpe:/a:bestpractical:rt:3.8.1:rc3 cpe:/a:bestpractical:rt:3.8.1:rc2 cpe:/a:bestpractical:rt:3.4.0:rc2 cpe:/a:bestpractical:rt:3.8.0:rc3 cpe:/a:bestpractical:rt:3.6.5:rc2 cpe:/a:bestpractical:rt:3.0.11 cpe:/a:bestpractical:rt:3.1.16 cpe:/a:bestpractical:rt:3.4.4:pre2 cpe:/a:bestpractical:rt:3.6.8 cpe:/a:bestpractical:rt:3.6.6

CVE-2011-0009

2011-01-25T14:00:03.810-05:00

2011-07-20T00:00:00.000-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-01-25T15:29:00.000-05:00

CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=672250 MLIST [rt-announce] 20110119 Security vulnerability in RT 3.0 and up CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610850 VUPEN ADV-2011-0576 VUPEN ADV-2011-0475 VUPEN ADV-2011-0190 BID 45959 DEBIAN DSA-2150 SECUNIA 43438 OSVDB 70661 FEDORA FEDORA-2011-1677 Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database.

cpe:/a:todd_miller:sudo:1.7.4p4 cpe:/a:todd_miller:sudo:1.7.3b1 cpe:/a:todd_miller:sudo:1.7.4p2 cpe:/a:todd_miller:sudo:1.7.2 cpe:/a:todd_miller:sudo:1.7.2p3 cpe:/a:todd_miller:sudo:1.7.2p1 cpe:/a:todd_miller:sudo:1.7.2p4 cpe:/a:todd_miller:sudo:1.7.2p5 cpe:/a:todd_miller:sudo:1.7.2p2 cpe:/a:todd_miller:sudo:1.7.2p7 cpe:/a:todd_miller:sudo:1.7.2p6 cpe:/a:todd_miller:sudo:1.7.0 cpe:/a:todd_miller:sudo:1.7.1 cpe:/a:todd_miller:sudo:1.7.4p3 cpe:/a:todd_miller:sudo:1.7.4p1 cpe:/a:todd_miller:sudo:1.7.4

CVE-2011-0010

2011-01-18T13:03:08.267-05:00

2011-08-26T23:46:25.827-04:00

4.4

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2011-01-19T08:53:00.000-05:00

CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=668879 CONFIRM http://www.sudo.ws/repos/sudo/rev/fe8a94f96542 MISC http://www.sudo.ws/repos/sudo/rev/07d1b0ce530e MLIST [oss-security] 20110112 Re: CVE request: sudo does not ask for password on GID changes MLIST [oss-security] 20110111 CVE request: sudo does not ask for password on GID changes XF sudo-groupid-privilege-escalation(64636) VUPEN ADV-2011-0362 VUPEN ADV-2011-0212 VUPEN ADV-2011-0199 VUPEN ADV-2011-0195 VUPEN ADV-2011-0182 VUPEN ADV-2011-0089 UBUNTU USN-1046-1 CONFIRM http://www.sudo.ws/sudo/alerts/runas_group_pw.html BID 45774 REDHAT RHSA-2011:0599 OSVDB 70400 MANDRIVA MDVSA-2011:018 SLACKWARE SSA:2011-041-05 SECUNIA 43282 SECUNIA 43068 SECUNIA 42968 SECUNIA 42949 SECUNIA 42886 MLIST [oss-security] 20110112 Re: CVE request: sudo does not ask for password on GID changes SUSE SUSE-SR:2011:002 FEDORA FEDORA-2011-0455 FEDORA FEDORA-2011-0470 CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641 check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.

cpe:/a:qemu:qemu:0.1.3 cpe:/a:qemu:qemu:0.10.1 cpe:/a:qemu:qemu:0.10.0 cpe:/a:qemu:qemu:0.1.4 cpe:/a:qemu:qemu:0.1 cpe:/a:qemu:qemu:0.10.5 cpe:/a:qemu:qemu:0.11.0:rc2 cpe:/a:qemu:qemu:0.1.5 cpe:/a:qemu:qemu:0.1.2 cpe:/a:qemu:qemu:0.10.2 cpe:/a:qemu:qemu:0.11.0:rc1 cpe:/a:qemu:qemu:0.11.0:rc0 cpe:/a:qemu:qemu:0.10.6 cpe:/a:qemu:qemu:0.1.6 cpe:/a:qemu:qemu:0.1.1 cpe:/a:qemu:qemu:0.10.4 cpe:/a:qemu:qemu:0.10.3

CVE-2011-0011

2012-06-21T11:55:05.863-04:00

2012-06-21T00:00:00.000-04:00

4.3

ADJACENT_NETWORK

HIGH

NONE

PARTIAL

http://nvd.nist.gov

2012-06-21T15:23:00.000-04:00

MISC https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/697197 XF qemu-vnc-security-bypass(65215) OSVDB 70992 MLIST [oss-security] 20110112 Re: CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication MLIST [oss-security] 20110110 Re: CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication MLIST [oss-security] 20110110 CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication UBUNTU USN-1063-1 SECUNIA 44393 SECUNIA 43733 SECUNIA 43272 SECUNIA 42830 REDHAT RHSA-2011:0345 qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions.

cpe:/a:redhat:spice-xpi:2.3 cpe:/a:redhat:spice-xpi:2.2 cpe:/a:redhat:spice-xpi:2.4

CVE-2011-0012

2011-04-18T13:55:00.937-04:00

2011-04-18T00:00:00.000-04:00

3.3

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2011-04-18T14:22:00.000-04:00

CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=639869 VUPEN ADV-2011-0899 SECTRACK 1025304 BID 47269 REDHAT RHSA-2011:0426 The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name.

cpe:/a:apache:tomcat:5.5.18 cpe:/a:apache:tomcat:5.5.11 cpe:/a:apache:tomcat:6.0.2 cpe:/a:apache:tomcat:5.5.14 cpe:/a:apache:tomcat:5.5.13 cpe:/a:apache:tomcat:5.5.24 cpe:/a:apache:tomcat:6.0.15 cpe:/a:apache:tomcat:5.5.0 cpe:/a:apache:tomcat:6.0.16 cpe:/a:apache:tomcat:6.0 cpe:/a:apache:tomcat:6.0.19 cpe:/a:apache:tomcat:5.5.3 cpe:/a:apache:tomcat:6.0.9 cpe:/a:apache:tomcat:5.5.1 cpe:/a:apache:tomcat:6.0.1 cpe:/a:apache:tomcat:6.0.0 cpe:/a:apache:tomcat:6.0.10 cpe:/a:apache:tomcat:5.5.12 cpe:/a:apache:tomcat:5.5.16 cpe:/a:apache:tomcat:6.0.11 cpe:/a:apache:tomcat:5.5.25 cpe:/a:apache:tomcat:6.0.7 cpe:/a:apache:tomcat:5.5.31 cpe:/a:apache:tomcat:6.0.18 cpe:/a:apache:tomcat:5.5.22 cpe:/a:apache:tomcat:6.0.29 cpe:/a:apache:tomcat:6.0.5 cpe:/a:apache:tomcat:7.0.1 cpe:/a:apache:tomcat:5.5.2 cpe:/a:apache:tomcat:7.0.3 cpe:/a:apache:tomcat:5.5.26 cpe:/a:apache:tomcat:6.0.3 cpe:/a:apache:tomcat:5.5.7 cpe:/a:apache:tomcat:5.5.17 cpe:/a:apache:tomcat:6.0.6 cpe:/a:apache:tomcat:5.5.9 cpe:/a:apache:tomcat:7.0.4 cpe:/a:apache:tomcat:5.5.5 cpe:/a:apache:tomcat:5.5.8 cpe:/a:apache:tomcat:6.0.17 cpe:/a:apache:tomcat:7.0.5 cpe:/a:apache:tomcat:6.0.12 cpe:/a:apache:tomcat:5.5.6 cpe:/a:apache:tomcat:6.0.28 cpe:/a:apache:tomcat:7.0.0 cpe:/a:apache:tomcat:5.5.4 cpe:/a:apache:tomcat:5.5.28 cpe:/a:apache:tomcat:5.5.10 cpe:/a:apache:tomcat:5.5.21 cpe:/a:apache:tomcat:5.5.19 cpe:/a:apache:tomcat:5.5.15 cpe:/a:apache:tomcat:5.5.27 cpe:/a:apache:tomcat:6.0.13 cpe:/a:apache:tomcat:7.0.2 cpe:/a:apache:tomcat:6.0.26 cpe:/a:apache:tomcat:5.5.23 cpe:/a:apache:tomcat:6.0.24 cpe:/a:apache:tomcat:6.0.14 cpe:/a:apache:tomcat:6.0.27 cpe:/a:apache:tomcat:6.0.8 cpe:/a:apache:tomcat:5.5.29 cpe:/a:apache:tomcat:5.5.20 cpe:/a:apache:tomcat:5.5.30 cpe:/a:apache:tomcat:6.0.4 cpe:/a:apache:tomcat:6.0.20

CVE-2011-0013

2011-02-18T20:00:01.557-05:00

2012-11-05T23:52:42.017-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-02-21T13:37:00.000-05:00

MISC https://bugzilla.redhat.com/show_bug.cgi?id=675786 CONFIRM http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30 CONFIRM http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32 VUPEN ADV-2011-0376 SECTRACK 1025026 BID 46174 BUGTRAQ 20110205 [SECURITY] CVE-2011-0013 Apache Tomcat Manager XSS vulnerability REDHAT RHSA-2011:1845 REDHAT RHSA-2011:0897 REDHAT RHSA-2011:0896 REDHAT RHSA-2011:0791 MANDRIVA MDVSA-2011:030 DEBIAN DSA-2160 CONFIRM http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_(released_14_Jan_2011) CONFIRM http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html CONFIRM http://support.apple.com/kb/HT5002 SREASON 8093 SECUNIA 45022 SECUNIA 43192 HP SSRT100627 HP HPSBUX02725 APPLE APPLE-SA-2011-10-12-3 Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

cpe:/a:openssl:openssl:0.9.8m cpe:/a:openssl:openssl:0.9.8i cpe:/a:openssl:openssl:0.9.8q cpe:/a:openssl:openssl:1.0.0:beta3 cpe:/a:openssl:openssl:1.0.0:beta2 cpe:/a:openssl:openssl:1.0.0a cpe:/a:openssl:openssl:0.9.8l cpe:/a:openssl:openssl:1.0.0:beta5 cpe:/a:openssl:openssl:0.9.8p cpe:/a:openssl:openssl:1.0.0:beta4 cpe:/a:openssl:openssl:1.0.0:beta1 cpe:/a:openssl:openssl:1.0.0c cpe:/a:openssl:openssl:0.9.8h cpe:/a:openssl:openssl:0.9.8n cpe:/a:openssl:openssl:1.0.0 cpe:/a:openssl:openssl:0.9.8j cpe:/a:openssl:openssl:0.9.8o cpe:/a:openssl:openssl:1.0.0b cpe:/a:openssl:openssl:0.9.8k

CVE-2011-0014

2011-02-18T20:00:01.777-05:00

2011-08-26T23:46:26.263-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2011-02-21T14:03:00.000-05:00

CONFIRM http://www.openssl.org/news/secadv_20110208.txt VUPEN ADV-2011-0603 VUPEN ADV-2011-0399 VUPEN ADV-2011-0395 VUPEN ADV-2011-0389 VUPEN ADV-2011-0387 VUPEN ADV-2011-0361 UBUNTU USN-1064-1 SECTRACK 1025050 BID 46264 REDHAT RHSA-2011:0677 MANDRIVA MDVSA-2011:028 DEBIAN DSA-2162 CONFIRM http://support.apple.com/kb/HT4723 SLACKWARE SSA:2011-041-04 SECUNIA 44269 SECUNIA 43339 SECUNIA 43301 SECUNIA 43286 SECUNIA 43227 OSVDB 70847 HP HPSBUX02689 HP SSRT100494 FEDORA FEDORA-2011-1273 APPLE APPLE-SA-2011-06-23-1 HP HPSBMA02658 HP SSRT100413 NETBSD NetBSD-SA2011-002 ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."

cpe:/a:tor:tor:0.1.2.2 cpe:/a:tor:tor:0.2.2.14:alpha cpe:/a:tor:tor:0.2.2.2:alpha cpe:/a:tor:tor:0.2.0.32:alpha cpe:/a:tor:tor:0.0.2_pre15 cpe:/a:tor:tor:0.2.0.30:alpha cpe:/a:tor:tor:0.1.0.16 cpe:/a:tor:tor:0.2.0.5:alpha cpe:/a:tor:tor:0.0.2_pre17 cpe:/a:tor:tor:0.2.0.31:alpha cpe:/a:tor:tor:0.1.1.9:alpha cpe:/a:tor:tor:0.2.1.3:alpha cpe:/a:tor:tor:0.2.2.3:alpha cpe:/a:tor:tor:0.0.8.1 cpe:/a:tor:tor:0.0.2_pre25 cpe:/a:tor:tor:0.2.2.9:alpha cpe:/a:tor:tor:0.1.2.17 cpe:/a:tor:tor:0.1.1.6 cpe:/a:tor:tor:0.1.0.17 cpe:/a:tor:tor:0.1.0.1 cpe:/a:tor:tor:0.2.1.6:alpha cpe:/a:tor:tor:0.2.0.9:alpha cpe:/a:tor:tor:0.2.2.8:alpha cpe:/a:tor:tor:0.1.1.19 cpe:/a:tor:tor:0.2.0.20:alpha cpe:/a:tor:tor:0.0.2_pre24 cpe:/a:tor:tor:0.2.0.23:alpha cpe:/a:tor:tor:0.0.6.1 cpe:/a:tor:tor:0.1.2.1:alpha-cvs cpe:/a:tor:tor:0.2.1.2:alpha cpe:/a:tor:tor:0.2.2.11:alpha cpe:/a:tor:tor:0.2.2.12:alpha cpe:/a:tor:tor:0.1.1.3:alpha cpe:/a:tor:tor:0.1.1.2 cpe:/a:tor:tor:0.1.0.7 cpe:/a:tor:tor:0.1.0.14 cpe:/a:tor:tor:0.2.1.19 cpe:/a:tor:tor:0.2.1.18 cpe:/a:tor:tor:0.0.2_pre18 cpe:/a:tor:tor:0.2.2.4 cpe:/a:tor:tor:0.2.1.27 cpe:/a:tor:tor:0.2.1.5:alpha cpe:/a:tor:tor:0.2.0.27:alpha cpe:/a:tor:tor:0.1.2.10 cpe:/a:tor:tor:0.2.0.1:alpha cpe:/a:tor:tor:0.1.1.11 cpe:/a:tor:tor:0.2.0.25:alpha cpe:/a:tor:tor:0.1.2.12 cpe:/a:tor:tor:0.1.1.26 cpe:/a:tor:tor:0.1.1.17 cpe:/a:tor:tor:0.1.1.8:alpha cpe:/a:tor:tor:0.2.0.19:alpha cpe:/a:tor:tor:0.2.0.24:alpha cpe:/a:tor:tor:0.0.7.1 cpe:/a:tor:tor:0.2.2.4:alpha cpe:/a:tor:tor:0.2.1.15 cpe:/a:tor:tor:0.0.2_pre22 cpe:/a:tor:tor:0.1.1.8 cpe:/a:tor:tor:0.2.1.8:alpha cpe:/a:tor:tor:0.2.1.23 cpe:/a:tor:tor:0.0.9 cpe:/a:tor:tor:0.1.2.6:alpha cpe:/a:tor:tor:0.2.1.4:alpha cpe:/a:tor:tor:0.1.1.1:alpha cpe:/a:tor:tor:0.1.1.3 cpe:/a:tor:tor:0.2.0.22:alpha cpe:/a:tor:tor:0.1.0.6 cpe:/a:tor:tor:0.2.0.16:alpha cpe:/a:tor:tor:0.1.2.18 cpe:/a:tor:tor:0.2.2.1:alpha cpe:/a:tor:tor:0.0.8 cpe:/a:tor:tor:0.2.2.5 cpe:/a:tor:tor:0.0.2_pre19 cpe:/a:tor:tor:0.1.2.15 cpe:/a:tor:tor:0.2.2.16:alpha cpe:/a:tor:tor:0.0.6 cpe:/a:tor:tor:0.2.0.6:alpha cpe:/a:tor:tor:0.1.1.18 cpe:/a:tor:tor:0.2.1.9:alpha cpe:/a:tor:tor:0.1.1.14 cpe:/a:tor:tor:0.2.0.26:alpha cpe:/a:tor:tor:0.1.0.8 cpe:/a:tor:tor:0.1.1.5 cpe:/a:tor:tor:0.0.9.4 cpe:/a:tor:tor:0.1.1.4:alpha cpe:/a:tor:tor:0.1.1.10:alpha cpe:/a:tor:tor:0.2.0.29 cpe:/a:tor:tor:0.0.5 cpe:/a:tor:tor:0.0.9.10 cpe:/a:tor:tor:0.1.1.15 cpe:/a:tor:tor:0.0.9.8 cpe:/a:tor:tor:0.0.2_pre23 cpe:/a:tor:tor:0.2.0.13:alpha cpe:/a:tor:tor:0.1.1.7:alpha cpe:/a:tor:tor:0.2.2.7:alpha cpe:/a:tor:tor:0.2.2.17:alpha cpe:/a:tor:tor:0.2.0.10:alpha cpe:/a:tor:tor:0.0.9.6 cpe:/a:tor:tor:0.1.1.2:alpha cpe:/a:tor:tor:0.2.1.7:alpha cpe:/a:tor:tor:0.1.0.3 cpe:/a:tor:tor:0.2.1.11:alpha cpe:/a:tor:tor:0.1.1.13 cpe:/a:tor:tor:0.0.9.3 cpe:/a:tor:tor:0.0.2_pre13 cpe:/a:tor:tor:0.2.2.6:alpha cpe:/a:tor:tor:0.0.2_pre20 cpe:/a:tor:tor:0.2.2.3 cpe:/a:tor:tor:0.0.6.2 cpe:/a:tor:tor:0.1.1.1 cpe:/a:tor:tor:0.1.0.5 cpe:/a:tor:tor:0.1.2.9 cpe:/a:tor:tor:0.1.1.9 cpe:/a:tor:tor:0.2.0.34:alpha cpe:/a:tor:tor:0.0.2_pre21 cpe:/a:tor:tor:0.2.1.22 cpe:/a:tor:tor:0.2.2.10:alpha cpe:/a:tor:tor:0.2.2.19:alpha cpe:/a:tor:tor:0.1.2.13 cpe:/a:tor:tor:0.2.1.24 cpe:/a:tor:tor:0.2.0.28:alpha cpe:/a:tor:tor:0.2.0.4:alpha cpe:/a:tor:tor:0.2.2.18:alpha cpe:/a:tor:tor:0.1.1.22 cpe:/a:tor:tor:0.2.0.18:alpha cpe:/a:tor:tor:0.2.1.20 cpe:/a:tor:tor:0.2.0.3:alpha cpe:/a:tor:tor:0.1.0.4 cpe:/a:tor:tor:0.2.0.14:alpha cpe:/a:tor:tor:0.1.2.8:beta cpe:/a:tor:tor:0.2.2.13:alpha cpe:/a:tor:tor:0.1.2.3:alpha cpe:/a:tor:tor:0.1.1 cpe:/a:tor:tor:0.2.2.6 cpe:/a:tor:tor:0.1.1.16 cpe:/a:tor:tor:0.0.9.7 cpe:/a:tor:tor:0.2.0.7:alpha cpe:/a:tor:tor:0.1.0.13 cpe:/a:tor:tor:0.1.1.7 cpe:/a:tor:tor:0.2.0.30 cpe:/a:tor:tor:0.0.7.2 cpe:/a:tor:tor:0.1.1.5:alpha cpe:/a:tor:tor:0.1.0.12 cpe:/a:tor:tor:0.2.1.12 cpe:/a:tor:tor:0.2.0.15:alpha cpe:/a:tor:tor:0.1.0.11 cpe:/a:tor:tor:0.1.2.7:alpha cpe:/a:tor:tor:0.1.1.21 cpe:/a:tor:tor:0.0.2 cpe:/a:tor:tor:0.2.0.2:alpha cpe:/a:tor:tor:0.2.0.11:alpha cpe:/a:tor:tor:0.0.2_pre26 cpe:/a:tor:tor:0.1.2.19 cpe:/a:tor:tor:0.2.0.8:alpha cpe:/a:tor:tor:0.2.1.28 cpe:/a:tor:tor:0.1.1.12 cpe:/a:tor:tor:0.2.1.1:alpha cpe:/a:tor:tor:0.2.2.5:alpha cpe:/a:tor:tor:0.2.0.21:alpha cpe:/a:tor:tor:0.0.2_pre16 cpe:/a:tor:tor:0.1.2.31 cpe:/a:tor:tor:0.1.0.9 cpe:/a:tor:tor:0.2.0.12:alpha cpe:/a:tor:tor:0.1.1.25 cpe:/a:tor:tor:0.2.0.35 cpe:/a:tor:tor:0.1.2.30 cpe:/a:tor:tor:0.1.1.4 cpe:/a:tor:tor:0.1.2.11 cpe:/a:tor:tor:0.2.0.17:alpha cpe:/a:tor:tor:0.2.1.17 cpe:/a:tor:tor:0.1.2.16 cpe:/a:tor:tor:0.1.0.2 cpe:/a:tor:tor:0.2.1.16 cpe:/a:tor:tor:0.0.9.2 cpe:/a:tor:tor:0.2.2.2 cpe:/a:tor:tor:0.0.9.5 cpe:/a:tor:tor:0.2.0.31 cpe:/a:tor:tor:0.0.9.9 cpe:/a:tor:tor:0.2.2.20:alpha cpe:/a:tor:tor:0.2.2.15:alpha cpe:/a:tor:tor:0.0.4 cpe:/a:tor:tor:0.0.2_pre27 cpe:/a:tor:tor:0.1.0.15 cpe:/a:tor:tor:0.0.3 cpe:/a:tor:tor:0.2.1.13 cpe:/a:tor:tor:0.2.0.29:alpha cpe:/a:tor:tor:0.0.9.1 cpe:/a:tor:tor:0.0.7.3 cpe:/a:tor:tor:0.1.2.5 cpe:/a:tor:tor:0.2.1.10:alpha cpe:/a:tor:tor:0.0.2_pre14 cpe:/a:tor:tor:0.1.0.10 cpe:/a:tor:tor:0.1.2.5:alpha cpe:/a:tor:tor:0.2.1.12:alpha cpe:/a:tor:tor:0.2.1.26 cpe:/a:tor:tor:0.2.2.1 cpe:/a:tor:tor:0.1.1.23 cpe:/a:tor:tor:0.2.1.25 cpe:/a:tor:tor:0.2.1.21 cpe:/a:tor:tor:0.1.2.4 cpe:/a:tor:tor:0.1.1.20 cpe:/a:tor:tor:0.2.0.33 cpe:/a:tor:tor:0.2.1.14 cpe:/a:tor:tor:0.0.7 cpe:/a:tor:tor:0.1.1.6:alpha cpe:/a:tor:tor:0.1.2.14 cpe:/a:tor:tor:0.1.1.10

CVE-2011-0015

2011-01-19T07:00:06.623-05:00

2011-07-19T00:00:00.000-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2011-01-19T13:20:00.000-05:00

CONFIRM https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog CONFIRM http://blog.torproject.org/blog/tor-02129-released-security-patches MLIST [or-announce] 20110117 Tor 0.2.1.29 is released (security patches) CONFIRM https://trac.torproject.org/projects/tor/ticket/2324 VUPEN ADV-2011-0132 VUPEN ADV-2011-0131 SECTRACK 1024980 BID 45832 MLIST [oss-security] 20110118 Re: CVE request: tor DEBIAN DSA-2148 SECUNIA 42907 SECUNIA 42905 Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote attackers to cause a denial of service via a large compression factor.

CVE-2011-0016

2011-01-19T07:00:19.640-05:00

2011-01-22T00:00:00.000-05:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-01-19T13:22:00.000-05:00

CONFIRM http://blog.torproject.org/blog/tor-02129-released-security-patches CONFIRM https://trac.torproject.org/projects/tor/ticket/2385 CONFIRM https://trac.torproject.org/projects/tor/ticket/2384 CONFIRM https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog VUPEN ADV-2011-0132 VUPEN ADV-2011-0131 SECTRACK 1024980 BID 45832 MLIST [oss-security] 20110118 Re: CVE request: tor DEBIAN DSA-2148 SECUNIA 42907 SECUNIA 42905 MLIST [or-announce] 20110117 Tor 0.2.1.29 is released (security patches) Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly manage key data in memory, which might allow local users to obtain sensitive information by leveraging the ability to read memory that was previously used by a different process.

cpe:/a:exim:exim:4.53 cpe:/a:exim:exim:4.72 cpe:/a:exim:exim:3.31 cpe:/a:exim:exim:2.12 cpe:/a:exim:exim:2.11 cpe:/a:exim:exim:3.36 cpe:/a:exim:exim:3.03 cpe:/a:exim:exim:4.40 cpe:/a:exim:exim:4.10 cpe:/a:exim:exim:3.34 cpe:/a:exim:exim:4.44 cpe:/a:exim:exim:3.13 cpe:/a:exim:exim:4.05 cpe:/a:exim:exim:3.22 cpe:/a:exim:exim:4.41 cpe:/a:exim:exim:3.02 cpe:/a:exim:exim:4.51 cpe:/a:exim:exim:4.62 cpe:/a:exim:exim:4.61 cpe:/a:exim:exim:4.12 cpe:/a:exim:exim:3.14 cpe:/a:exim:exim:3.11 cpe:/a:exim:exim:4.68 cpe:/a:exim:exim:3.12 cpe:/a:exim:exim:4.02 cpe:/a:exim:exim:4.60 cpe:/a:exim:exim:4.66 cpe:/a:exim:exim:4.33 cpe:/a:exim:exim:3.16 cpe:/a:exim:exim:4.42 cpe:/a:exim:exim:4.50 cpe:/a:exim:exim:3.15 cpe:/a:exim:exim:4.04 cpe:/a:exim:exim:3.10 cpe:/a:exim:exim:4.34 cpe:/a:exim:exim:4.23 cpe:/a:exim:exim:4.70 cpe:/a:exim:exim:4.24 cpe:/a:exim:exim:4.11 cpe:/a:exim:exim:4.22 cpe:/a:exim:exim:4.21 cpe:/a:exim:exim:4.30 cpe:/a:exim:exim:3.01 cpe:/a:exim:exim:4.65 cpe:/a:exim:exim:4.03 cpe:/a:exim:exim:2.10 cpe:/a:exim:exim:4.64 cpe:/a:exim:exim:3.35 cpe:/a:exim:exim:4.63 cpe:/a:exim:exim:3.21 cpe:/a:exim:exim:3.00 cpe:/a:exim:exim:4.43 cpe:/a:exim:exim:3.33 cpe:/a:exim:exim:4.67 cpe:/a:exim:exim:4.32 cpe:/a:exim:exim:4.54 cpe:/a:exim:exim:4.00 cpe:/a:exim:exim:4.52 cpe:/a:exim:exim:4.20 cpe:/a:exim:exim:4.71 cpe:/a:exim:exim:4.01 cpe:/a:exim:exim:4.14 cpe:/a:exim:exim:4.31 cpe:/a:exim:exim:3.32 cpe:/a:exim:exim:3.20 cpe:/a:exim:exim:4.69 cpe:/a:exim:exim:3.30

CVE-2011-0017

2011-02-01T20:00:06.203-05:00

2011-03-01T02:08:05.960-05:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2011-02-02T13:50:00.000-05:00

MLIST [exim-announce] 20110125 Exim 4.74 Release XF exim-openlog-privilege-escalation(65028) VUPEN ADV-2011-0464 VUPEN ADV-2011-0364 VUPEN ADV-2011-0245 VUPEN ADV-2011-0224 UBUNTU USN-1060-1 BID 46065 DEBIAN DSA-2154 SECUNIA 43243 SECUNIA 43128 SECUNIA 43101 OSVDB 70696 SUSE SUSE-SR:2011:004 CONFIRM ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.74 The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.

cpe:/a:openvas:openvas_manager:1.0.1 cpe:/a:openvas:openvas_manager:1.0.3 cpe:/a:openvas:openvas_manager:1.0.2 cpe:/a:openvas:openvas_manager:1.0.0 cpe:/a:openvas:openvas_manager:1.0.0:beta4 cpe:/a:openvas:openvas_manager:2.0:beta2 cpe:/a:openvas:openvas_manager:1.0.0:beta2 cpe:/a:openvas:openvas_manager:1.0.0:beta6 cpe:/a:openvas:openvas_manager:1.0.0:beta7 cpe:/a:openvas:openvas_manager:2.0:rc2 cpe:/a:openvas:openvas_manager:1.0.0:beta1 cpe:/a:openvas:openvas_manager:2.0:rc1 cpe:/a:openvas:openvas_manager:1.0.0:rc1 cpe:/a:openvas:openvas_manager:1.0.0:beta5 cpe:/a:openvas:openvas_manager:2.0:beta1 cpe:/a:openvas:openvas_manager:1.0.0:beta3 cpe:/a:openvas:openvas_manager:2.0:beta3

CVE-2011-0018

2011-01-28T11:00:02.937-05:00

2011-02-05T02:01:22.087-05:00

9.0

NETWORK

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

2011-01-28T16:32:00.000-05:00

CONFIRM http://www.openvas.org/OVSA20110118.html XF openvas-email-command-execution(65011) VUPEN ADV-2011-0208 BID 45987 BUGTRAQ 20110125 [OVSA20110118] OpenVAS Manager Vulnerable To Command Injection EXPLOIT-DB 16086 SECUNIA 43037 OSVDB 70639 The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA).

cpe:/a:fedoraproject:389_directory_server:1.2.7.5 cpe:/a:redhat:directory_server:8.2.3 cpe:/a:redhat:directory_server:8.2

CVE-2011-0019

2011-02-23T14:00:01.670-05:00

2011-03-30T23:28:53.783-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2011-02-23T14:44:00.000-05:00

CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=670914 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=666076 SECTRACK 1025102 BID 46489 REDHAT RHSA-2011:0293 slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests.

cpe:/a:pango:pango:1.4 cpe:/a:pango:pango:1.25 cpe:/a:pango:pango:1.8 cpe:/a:pango:pango:0.20 cpe:/a:pango:pango:1.22 cpe:/a:pango:pango:1.7 cpe:/a:pango:pango:1.28.2 cpe:/a:pango:pango:1.15 cpe:/a:pango:pango:1.1 cpe:/a:pango:pango:1.23 cpe:/a:pango:pango:0.21 cpe:/a:pango:pango:1.28.3 cpe:/a:pango:pango:0.26 cpe:/a:pango:pango:1.26 cpe:/a:pango:pango:0.23 cpe:/a:pango:pango:1.24 cpe:/a:pango:pango:1.5 cpe:/a:pango:pango:1.14 cpe:/a:pango:pango:1.2 cpe:/a:pango:pango:1.21 cpe:/a:pango:pango:1.28.0 cpe:/a:pango:pango:0.22 cpe:/a:pango:pango:1.27 cpe:/a:pango:pango:1.9 cpe:/a:pango:pango:1.3 cpe:/a:pango:pango:1.28.1 cpe:/a:pango:pango:1.19 cpe:/a:pango:pango:1.12 cpe:/a:pango:pango:1.20 cpe:/a:pango:pango:0.25 cpe:/a:pango:pango:1.17 cpe:/a:pango:pango:1.16 cpe:/a:pango:pango:1.10 cpe:/a:pango:pango:0.24 cpe:/a:pango:pango:1.18 cpe:/a:pango:pango:1.0 cpe:/a:pango:pango:1.11 cpe:/a:pango:pango:1.6 cpe:/a:pango:pango:1.13

CVE-2011-0020

2011-01-24T13:00:03.783-05:00

2011-02-04T01:50:12.947-05:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2011-01-25T10:36:00.000-05:00

CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=671122 MISC https://bugzilla.gnome.org/show_bug.cgi?id=639882 CONFIRM https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616 XF pango-pango-bo(64832) VUPEN ADV-2011-0238 VUPEN ADV-2011-0186 SECTRACK 1024994 BID 45842 REDHAT RHSA-2011:0180 SECUNIA 43100 SECUNIA 42934 OSVDB 70596 MLIST [oss-security] 20110120 Re: CVE request: heap corruption in libpango MLIST [oss-security] 20110118 CVE request: heap corruption in libpango Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.

cpe:/a:videolan:vlc_media_player:1.0.2 cpe:/a:videolan:vlc_media_player:1.0.3 cpe:/a:videolan:vlc_media_player:0.1.99i cpe:/a:videolan:vlc_media_player:0.2.71 cpe:/a:videolan:vlc_media_player:0.9.2 cpe:/a:videolan:vlc_media_player:1.0.4 cpe:/a:videolan:vlc_media_player:0.3.0 cpe:/a:videolan:vlc_media_player:0.1.99f cpe:/a:videolan:vlc_media_player:0.8.0 cpe:/a:videolan:vlc_media_player:0.9.6 cpe:/a:videolan:vlc_media_player:0.1.99h cpe:/a:videolan:vlc_media_player:0.2.0 cpe:/a:videolan:vlc_media_player:0.2.63 cpe:/a:videolan:vlc_media_player:0.2.83 cpe:/a:videolan:vlc_media_player:0.4.4 cpe:/a:videolan:vlc_media_player:0.2.81 cpe:/a:videolan:vlc_media_player:0.6.1 cpe:/a:videolan:vlc_media_player:1.1.5 cpe:/a:videolan:vlc_media_player:0.2.60 cpe:/a:videolan:vlc_media_player:0.6.0 cpe:/a:videolan:vlc_media_player:1.0.5 cpe:/a:videolan:vlc_media_player:0.9.5 cpe:/a:videolan:vlc_media_player:0.8.5 cpe:/a:videolan:vlc_media_player:0.5.0 cpe:/a:videolan:vlc_media_player:0.5.2 cpe:/a:videolan:vlc_media_player:0.8.6 cpe:/a:videolan:vlc_media_player:1.0.6 cpe:/a:videolan:vlc_media_player:0.8.1 cpe:/a:videolan:vlc_media_player:0.4.1 cpe:/a:videolan:vlc_media_player:0.2.92 cpe:/a:videolan:vlc_media_player:0.9.10 cpe:/a:videolan:vlc_media_player:0.2.90 cpe:/a:videolan:vlc_media_player:0.9.3 cpe:/a:videolan:vlc_media_player:0.4.2 cpe:/a:videolan:vlc_media_player:0.2.72 cpe:/a:videolan:vlc_media_player:0.8.2 cpe:/a:videolan:vlc_media_player:1.1.1 cpe:/a:videolan:vlc_media_player:0.8.4 cpe:/a:videolan:vlc_media_player:0.2.91 cpe:/a:videolan:vlc_media_player:0.9.8a cpe:/a:videolan:vlc_media_player:0.7.2 cpe:/a:videolan:vlc_media_player:0.6.2 cpe:/a:videolan:vlc_media_player:0.1.99b cpe:/a:videolan:vlc_media_player:0.5.1 cpe:/a:videolan:vlc_media_player:1.1.2 cpe:/a:videolan:vlc_media_player:0.2.70 cpe:/a:videolan:vlc_media_player:1.1.0 cpe:/a:videolan:vlc_media_player:0.5.3 cpe:/a:videolan:vlc_media_player:0.4.5 cpe:/a:videolan:vlc_media_player:1.0.0 cpe:/a:videolan:vlc_media_player:0.4.3 cpe:/a:videolan:vlc_media_player:0.4.6 cpe:/a:videolan:vlc_media_player:0.2.61 cpe:/a:videolan:vlc_media_player:1.1.3 cpe:/a:videolan:vlc_media_player:0.7.0 cpe:/a:videolan:vlc_media_player:1.1.4 cpe:/a:videolan:vlc_media_player:0.4.0 cpe:/a:videolan:vlc_media_player:0.9.4 cpe:/a:videolan:vlc_media_player:0.2.62 cpe:/a:videolan:vlc_media_player:0.1.99g cpe:/a:videolan:vlc_media_player:0.2.82 cpe:/a:videolan:vlc_media_player:0.9.9 cpe:/a:videolan:vlc_media_player:0.2.73 cpe:/a:videolan:vlc_media_player:0.2.80 cpe:/a:videolan:vlc_media_player:1.0.1 cpe:/a:videolan:vlc_media_player:0.1.99e cpe:/a:videolan:vlc_media_player:0.3.1

CVE-2011-0021

2011-01-25T14:00:04.370-05:00

2011-07-18T22:42:39.173-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2011-01-25T16:27:00.000-05:00

MLIST [oss-security] 20110120 Re: CVE request: heap corruption in VLC media player CONFIRM http://git.videolan.org/?p=vlc.git;a=commit;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab CONFIRM http://download.videolan.org/pub/videolan/vlc/1.1.6/vlc-1.1.6.tar.bz2 XF vlcmediaplayer-cdg-code-execution(64879) VUPEN ADV-2011-0185 BID 45927 MLIST [oss-security] 20110119 CVE request: heap corruption in VLC media player Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted CDG video.

cpe:/a:fedoraproject:389_directory_server:1.2.5:rc4 cpe:/a:fedoraproject:389_directory_server:1.2.6:a4 cpe:/a:fedoraproject:389_directory_server:1.2.7.5 cpe:/a:redhat:directory_server:8.2.3 cpe:/a:fedoraproject:389_directory_server:1.2.6:a3 cpe:/a:fedoraproject:389_directory_server:1.2.6:rc6 cpe:/a:fedoraproject:389_directory_server:1.2.8:alpha1 cpe:/a:fedoraproject:389_directory_server:1.2.5:rc3 cpe:/a:fedoraproject:389_directory_server:1.2.2 cpe:/a:fedoraproject:389_directory_server:1.2.6:rc2 cpe:/a:fedoraproject:389_directory_server:1.2.5:rc2 cpe:/a:fedoraproject:389_directory_server:1.2.6:rc3 cpe:/a:fedoraproject:389_directory_server:1.2.5:rc1 cpe:/a:fedoraproject:389_directory_server:1.2.8:alpha2 cpe:/a:fedoraproject:389_directory_server:1.2.1 cpe:/a:fedoraproject:389_directory_server:1.2.7:alpha3 cpe:/a:fedoraproject:389_directory_server:1.2.3 cpe:/a:fedoraproject:389_directory_server:1.2.6.1 cpe:/a:fedoraproject:389_directory_server:1.2.5 cpe:/a:redhat:directory_server:8.2 cpe:/a:fedoraproject:389_directory_server:1.2.6:rc1 cpe:/a:fedoraproject:389_directory_server:1.2.6:rc7 cpe:/a:fedoraproject:389_directory_server:1.2.6:a2 cpe:/a:fedoraproject:389_directory_server:1.2.6

CVE-2011-0022

2011-02-23T14:00:01.813-05:00

2011-03-30T23:28:54.470-04:00

4.7

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2011-02-23T15:11:00.000-05:00

CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=671199 SECTRACK 1025102 BID 46489 REDHAT RHSA-2011:0293 The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory.

cpe:/a:wireshark:wireshark:0.99.3 cpe:/a:wireshark:wireshark:1.0.13 cpe:/a:wireshark:wireshark:1.0.16 cpe:/a:wireshark:wireshark:1.0.2 cpe:/a:wireshark:wireshark:1.0.5 cpe:/a:wireshark:wireshark:1.0.0 cpe:/a:wireshark:wireshark:0.99.4 cpe:/a:wireshark:wireshark:1.0.11 cpe:/a:wireshark:wireshark:1.0.9 cpe:/a:wireshark:wireshark:0.99.8 cpe:/a:wireshark:wireshark:1.0.6 cpe:/a:wireshark:wireshark:1.0.4 cpe:/a:wireshark:wireshark:1.0.14 cpe:/a:wireshark:wireshark:1.0.8 cpe:/a:wireshark:wireshark:1.0.1 cpe:/a:wireshark:wireshark:1.0.12 cpe:/a:wireshark:wireshark:1.0.15 cpe:/a:wireshark:wireshark:0.99.6 cpe:/a:wireshark:wireshark:0.99.2 cpe:/a:wireshark:wireshark:1.0.10 cpe:/a:wireshark:wireshark:1.0.3 cpe:/a:wireshark:wireshark:1.0.7 cpe:/a:wireshark:wireshark:0.99.5 cpe:/a:wireshark:wireshark:0.99.7

CVE-2011-0024

2011-03-28T12:55:03.780-04:00

2011-03-29T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2011-03-28T13:54:00.000-04:00

CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=671331 VUPEN ADV-2011-0719 REDHAT RHSA-2011:0370 SECUNIA 43821 Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted capture file.

cpe:/a:redhat:icedtea:1.8.2 cpe:/a:redhat:icedtea:1.9.3 cpe:/a:redhat:icedtea:1.8.3 cpe:/a:redhat:icedtea:1.9.1 cpe:/a:redhat:icedtea:1.9.2 cpe:/a:redhat:icedtea:1.7 cpe:/a:redhat:icedtea:1.7.5 cpe:/a:redhat:icedtea:1.8.4 cpe:/a:redhat:icedtea:1.7.3 cpe:/a:redhat:icedtea:1.7.2 cpe:/a:redhat:icedtea:1.9 cpe:/a:redhat:icedtea:1.7.6 cpe:/a:redhat:icedtea:1.7.7 cpe:/a:redhat:icedtea:1.7.1 cpe:/a:redhat:icedtea:1.7.4 cpe:/a:redhat:icedtea:1.8 cpe:/a:redhat:icedtea:1.8.1 cpe:/a:redhat:icedtea:1.9.4

CVE-2011-0025

2011-02-04T15:00:02.447-05:00

2011-08-26T23:46:28.357-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2011-02-07T11:58:00.000-05:00

MISC http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset;node=3bd328e4b515 CONFIRM http://blog.fuseyism.com/index.php/2011/02/01/security-icedtea6-178-185-195-released/ XF icedtea-jar-security-bypass(65151) UBUNTU USN-1055-1 BID 46110 MANDRIVA MDVSA-2011:054 DEBIAN DSA-2224 SECUNIA 43135 IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.

cpe:/a:microsoft:windows_data_access_components:6.0 cpe:/a:microsoft:data_access_components:2.8:sp1 cpe:/a:microsoft:data_access_components:2.8:sp2

CVE-2011-0026

2011-01-11T20:00:01.807-05:00

2011-07-18T22:42:39.687-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2011-01-12T11:33:00.000-05:00

CERT TA11-011A MS MS11-002 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-001/ VUPEN ADV-2011-0075 SECTRACK 1024947 BID 45695 CONFIRM http://support.avaya.com/css/P8/documents/100124846 SECUNIA 42804 OSVDB 70443 Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."

cpe:/a:microsoft:windows_data_access_components:6.0 cpe:/a:microsoft:data_access_components:2.8:sp1 cpe:/a:microsoft:data_access_components:2.8:sp2

CVE-2011-0027

2011-01-11T20:00:01.887-05:00

2013-01-21T00:00:00.000-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2011-01-12T12:11:00.000-05:00

CERT TA11-011A MS MS11-002 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-002/ VUPEN ADV-2011-0075 SECTRACK 1024947 BID 45698 MISC http://vreugdenhilresearch.nl/ms11-002-pwn2own-heap-overflow/ CONFIRM http://support.avaya.com/css/P8/documents/100124846 SECUNIA 42804 OSVDB 70444 Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.

cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_xp:-:sp2:x64

CVE-2011-0028

2011-04-13T14:55:00.923-04:00

2011-10-04T22:51:10.597-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2011-04-13T18:47:00.000-04:00

CERT TA11-102A MS MS11-033 WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."

cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/a:microsoft:remote_desktop_connection_client:7.0 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_server_2008::sp2:x32 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_xp:-:sp2:x64 cpe:/a:microsoft:remote_desktop_connection_client:6.0 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/a:microsoft:remote_desktop_connection_client:6.1 cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_server_2008:r2::x64 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_server_2008:r2::itanium cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_7:-:-:x32 cpe:/o:microsoft:windows_vista::sp2 cpe:/a:microsoft:remote_desktop_connection_client:5.2 cpe:/o:microsoft:windows_7:-:-:x64 cpe:/o:microsoft:windows_server_2008:::x32

CVE-2011-0029

2011-03-09T18:00:01.793-05:00

2011-10-04T22:51:10.737-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2011-03-10T08:51:00.000-05:00

CERT TA11-067A MS MS11-017 VUPEN ADV-2011-0616 SECTRACK 1025172 SECUNIA 43628 OSVDB 71014 Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability."

cpe:/o:microsoft:windows_2003_server::sp2:itanium cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_2003_server::sp2:x64 cpe:/o:microsoft:windows_xp:-:sp2:x64

CVE-2011-0030

2011-02-08T20:00:01.367-05:00

2013-02-14T00:00:00.000-05:00

4.7

LOCAL

MEDIUM

NONE

COMPLETE

NONE

http://nvd.nist.gov

2011-02-09T09:32:00.000-05:00

MS MS11-010 XF ms-csrss-privilege-escalation(64917) VUPEN ADV-2011-0323 SECTRACK 1025045 SECUNIA 43250 OSVDB 70826 The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.

cpe:/o:microsoft:windows_server_2008:r2::x64 cpe:/o:microsoft:windows_server_2008:r2::itanium cpe:/o:microsoft:windows_7:-:-:x32 cpe:/o:microsoft:windows_7:-:-:x64

CVE-2011-0031

2011-02-08T20:00:07.977-05:00

2011-07-18T00:00:00.000-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-02-09T09:53:00.000-05:00

MS MS11-009 XF ms-win-jscript-info-disclosure(64919) VUPEN ADV-2011-0322 SECTRACK 1025044 BID 46139 SECUNIA 43249 OSVDB 70827 The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability."

cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_server_2008:r2:sp1:x64 cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008:r2::x64 cpe:/o:microsoft:windows_7:-:-:x32 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_7:-:-:x64 cpe:/a:microsoft:windows_media_center_tv_pack cpe:/o:microsoft:windows_7:-:sp1:x64 cpe:/o:microsoft:windows_vista:::x32 cpe:/o:microsoft:windows_7:-:sp1:x32

CVE-2011-0032

2011-03-09T18:00:01.840-05:00

2011-10-04T22:51:11.097-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2011-03-10T09:23:00.000-05:00

CERT TA11-067A MS MS11-015 VUPEN ADV-2011-0615 SECTRACK 1025170 BID 46682 SECUNIA 43626 OSVDB 71015 Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."

cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_server_2008::r2:x64 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_server_2008::sp2:x32 cpe:/o:microsoft:windows_xp:-:sp2:x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_2003_server::sp2:itanium cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_vista:-:sp1 cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_7:-:-:x32 cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_server_2008::r2:itanium cpe:/o:microsoft:windows_7:-:-:x64 cpe:/o:microsoft:windows_server_2008:::x32 cpe:/o:microsoft:windows_7

CVE-2011-0033

2011-02-10T11:00:13.427-05:00

2011-07-18T22:42:40.923-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2011-02-10T13:25:00.000-05:00

MS MS11-007 XF ms-opentype-cff-code-execution(64906) VUPEN ADV-2011-0320 SECTRACK 1025034 BID 46106 CONFIRM http://support.avaya.com/css/P8/documents/100127239 SECUNIA 43252 OSVDB 70821 The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."

cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_server_2008:r2:sp1:x64 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_server_2008::sp2:x32 cpe:/o:microsoft:windows_xp:-:sp2:x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_server_2008:r2::x64 cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_server_2008:r2::itanium cpe:/o:microsoft:windows_7:-:-:x32 cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_7:-:-:x64 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_7:-:sp1:x64 cpe:/o:microsoft:windows_server_2008:::x32 cpe:/o:microsoft:windows_7:-:sp1:x32

CVE-2011-0034

2011-04-13T14:55:00.970-04:00

2011-10-04T22:51:11.347-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2011-04-13T19:01:00.000-04:00

CERT TA11-102A MS MS11-032 Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."

cpe:/a:microsoft:ie:7 cpe:/a:microsoft:ie:6 cpe:/a:microsoft:ie:8

CVE-2011-0035

2011-02-10T11:00:13.487-05:00

2011-07-18T22:42:41.220-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2011-02-10T13:40:00.000-05:00

MS MS11-003 XF ms-explorer-code-execution(64911) VUPEN ADV-2011-0318 SECTRACK 1025038 BID 46157 CONFIRM http://support.avaya.com/css/P8/documents/100127294 OSVDB 70831 Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036.

cpe:/a:microsoft:ie:7 cpe:/a:microsoft:ie:6 cpe:/a:microsoft:ie:8

CVE-2011-0036

2011-02-10T11:00:13.550-05:00

2011-07-18T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2011-02-10T13:54:00.000-05:00

MS MS11-003 XF ms-explorer-code-exec(64912) VUPEN ADV-2011-0318 SECTRACK 1025038 BID 46158 CONFIRM http://support.avaya.com/css/P8/documents/100127294 OSVDB 70832 Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, relagted to a "dangling pointer," aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0035.

cpe:/a:microsoft:windows_live_onecare cpe:/a:microsoft:forefront_client_security cpe:/a:microsoft:malicious_software_removal_tool cpe:/a:microsoft:malware_protection_engine:0.1.13.192 cpe:/a:microsoft:windows_defender cpe:/a:microsoft:forefront_endpoint_protection_2010 cpe:/a:microsoft:security_essentials cpe:/a:microsoft:malware_protection_engine:1.1.3520.0 cpe:/a:microsoft:malware_protection_engine:1.1.6502.0

CVE-2011-0037

2011-02-25T13:00:01.213-05:00

2011-04-21T00:00:00.000-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2011-02-28T09:02:00.000-05:00

XF ms-malware-engine-priv-esc(65626) VUPEN ADV-2011-0486 BID 46540 CONFIRM http://www.microsoft.com/technet/security/advisory/2491888.mspx SECTRACK 1025117 SECUNIA 43468 Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.

cpe:/a:microsoft:ie:8

CVE-2011-0038

2011-02-10T11:00:13.613-05:00

2011-07-20T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2011-02-10T13:59:00.000-05:00

MS MS11-003 XF ms-ie-dll-code-execution(64913) VUPEN ADV-2011-0318 SECTRACK 1025038 BID 46159 MISC http://www.fortiguard.com/advisory/FGA-2011-04.html CONFIRM http://support.avaya.com/css/P8/documents/100127294 OSVDB 70833 Untrusted search path vulnerability in Microsoft Internet Explorer 8 might allow local users to gain privileges via a Trojan horse IEShims.dll in the current working directory, as demonstrated by a Desktop directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."

CVE-2011-0039

2011-02-08T20:00:08.070-05:00

2011-07-18T22:42:41.767-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2011-02-09T10:04:00.000-05:00

MS MS11-014 VUPEN ADV-2011-0327 SECTRACK 1025049 BID 46152 SECUNIA 43253 The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."

cpe:/o:microsoft:windows_2003_server::sp2:itanium cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_2003_server::sp2:x64

CVE-2011-0040

2011-02-08T20:00:08.150-05:00

2011-07-18T22:42:41.923-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2011-02-09T10:16:00.000-05:00

MS MS11-005 XF ms-win-active-directory-dos(64915) VUPEN ADV-2011-0319 SECTRACK 1025042 BID 46145 SECUNIA 43215 OSVDB 70825 The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."

cpe:/a:microsoft:office:xp:sp3 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_server_2008::sp2:x32 cpe:/o:microsoft:windows_xp:-:sp2:x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_server_2008:::x32

CVE-2011-0041

2011-04-13T14:55:01.017-04:00

2011-10-04T22:51:12.143-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2011-04-13T19:13:00.000-04:00

CERT TA11-102A MS MS11-029 Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."

cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_xp::sp3 cpe:/a:microsoft:windows_xp_media_center:2005:sp3 cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_xp::sp2:x64 cpe:/o:microsoft:windows_7:-:-:x32 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_7:-:-:x64 cpe:/a:microsoft:windows_media_center_tv_pack cpe:/o:microsoft:windows_7:-:sp1:x64 cpe:/o:microsoft:windows_vista:::x32 cpe:/o:microsoft:windows_7:-:sp1:x32

CVE-2011-0042

2011-03-09T18:00:01.857-05:00

2011-10-04T22:51:12.287-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2011-03-10T10:02:00.000-05:00

CERT TA11-067A MS MS11-015 VUPEN ADV-2011-0615 SECTRACK 1025169 BID 46680 SECUNIA 43626 OSVDB 71016 SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."

cpe:/o:microsoft:windows_2003_server::sp2:itanium cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_xp:-:sp2:x64

CVE-2011-0043

2011-02-10T11:00:13.677-05:00

2011-07-18T22:42:42.390-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2011-02-10T14:06:00.000-05:00

MS MS11-013 XF ms-kerberos-checksum-privilege-escalation(64900) VUPEN ADV-2011-0326 SECTRACK 1025048 BID 46130 CONFIRM http://support.avaya.com/css/P8/documents/100127250 SECUNIA 43251 OSVDB 70834 Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."

cpe:/o:microsoft:windows_xp::sp3

CVE-2011-0045

2011-02-08T20:00:08.243-05:00

2011-09-21T00:00:00.000-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2011-02-09T10:30:00.000-05:00

MS MS11-011 XF ms-win-kernel-privilege-escalation(64926) MISC http://www.zerodayinitiative.com/advisories/ZDI-11-064 VUPEN ADV-2011-0324 SECTRACK 1025046 BID 46136 BUGTRAQ 20110208 ZDI-11-064: Microsoft Windows WmiTraceMessageVa Local Kernel Vulnerability CONFIRM http://support.avaya.com/css/P8/documents/100127248 SREASON 8110 OSVDB 70823 The Trace Events functionality in the kernel in Microsoft Windows XP SP3 does not properly perform type conversion, which causes integer truncation and insufficient memory allocation and triggers a buffer overflow, which allows local users to gain privileges via a crafted application, related to WmiTraceMessageVa, aka "Windows Kernel Integer Truncation Vulnerability."

cpe:/a:mozilla:bugzilla:2.23.1 cpe:/a:mozilla:bugzilla:2.17.3 cpe:/a:mozilla:bugzilla:2.17.4 cpe:/a:mozilla:bugzilla:2.22:rc1 cpe:/a:mozilla:bugzilla:2.21 cpe:/a:mozilla:bugzilla:2.14.1 cpe:/a:mozilla:bugzilla:2.21.2 cpe:/a:mozilla:bugzilla:2.2 cpe:/a:mozilla:bugzilla:2.22.7 cpe:/a:mozilla:bugzilla:2.18:rc3 cpe:/a:mozilla:bugzilla:2.16.7 cpe:/a:mozilla:bugzilla:3.2:rc2 cpe:/a:mozilla:bugzilla:2.20:rc1 cpe:/a:mozilla:bugzilla:2.16:rc2 cpe:/a:mozilla:bugzilla:2.20.1 cpe:/a:mozilla:bugzilla:3.2.4 cpe:/a:mozilla:bugzilla:2.23.2 cpe:/a:mozilla:bugzilla:2.18.4 cpe:/a:mozilla:bugzilla:2.17 cpe:/a:mozilla:bugzilla:2.18.5 cpe:/a:mozilla:bugzilla:3.6.3 cpe:/a:mozilla:bugzilla:2.18.2 cpe:/a:mozilla:bugzilla:2.6 cpe:/a:mozilla:bugzilla:2.16.4 cpe:/a:mozilla:bugzilla:2.20.7 cpe:/a:mozilla:bugzilla:3.2 cpe:/a:mozilla:bugzilla:2.0 cpe:/a:mozilla:bugzilla:3.4.5 cpe:/a:mozilla:bugzilla:2.18.6%2B cpe:/a:mozilla:bugzilla:2.16:rc1 cpe:/a:mozilla:bugzilla:3.4.9 cpe:/a:mozilla:bugzilla:3.2.6 cpe:/a:mozilla:bugzilla:3.2.1 cpe:/a:mozilla:bugzilla:3.4.7 cpe:/a:mozilla:bugzilla:2.14 cpe:/a:mozilla:bugzilla:3.2.3 cpe:/a:mozilla:bugzilla:2.20.3 cpe:/a:mozilla:bugzilla:3.2:rc1 cpe:/a:mozilla:bugzilla:2.18:rc2 cpe:/a:mozilla:bugzilla:4.0 cpe:/a:mozilla:bugzilla:2.16.1 cpe:/a:mozilla:bugzilla:2.12 cpe:/a:mozilla:bugzilla:3.2.2 cpe:/a:mozilla:bugzilla:2.22 cpe:/a:mozilla:bugzilla:2.17.7 cpe:/a:mozilla:bugzilla:2.17.2 cpe:/a:mozilla:bugzilla:2.22.5 cpe:/a:mozilla:bugzilla:2.20:rc2 cpe:/a:mozilla:bugzilla:2.17.6 cpe:/a:mozilla:bugzilla:2.16 cpe:/a:mozilla:bugzilla:2.18.3 cpe:/a:mozilla:bugzilla:2.22.1 cpe:/a:mozilla:bugzilla:2.21.1 cpe:/a:mozilla:bugzilla:2.22.2 cpe:/a:mozilla:bugzilla:2.17.5 cpe:/a:mozilla:bugzilla:2.23 cpe:/a:mozilla:bugzilla:3.6.0 cpe:/a:mozilla:bugzilla:3.4.4 cpe:/a:mozilla:bugzilla:2.18 cpe:/a:mozilla:bugzilla:2.16.8 cpe:/a:mozilla:bugzilla:2.14.4 cpe:/a:mozilla:bugzilla:2.19.2 cpe:/a:mozilla:bugzilla:2.16.2 cpe:/a:mozilla:bugzilla:2.18.1 cpe:/a:mozilla:bugzilla:2.20.5 cpe:/a:mozilla:bugzilla:2.18.6 cpe:/a:mozilla:bugzilla:2.16.5 cpe:/a:mozilla:bugzilla:2.14.5 cpe:/a:mozilla:bugzilla:2.18.7 cpe:/a:mozilla:bugzilla:3.2.8 cpe:/a:mozilla:bugzilla:2.4 cpe:/a:mozilla:bugzilla:3.2.7 cpe:/a:mozilla:bugzilla:2.19.3 cpe:/a:mozilla:bugzilla:3.6.1 cpe:/a:mozilla:bugzilla:3.4.1 cpe:/a:mozilla:bugzilla:2.16_rc2 cpe:/a:mozilla:bugzilla:3.2.5 cpe:/a:mozilla:bugzilla:2.20.4 cpe:/a:mozilla:bugzilla:2.20 cpe:/a:mozilla:bugzilla:2.22.4 cpe:/a:mozilla:bugzilla:2.19 cpe:/a:mozilla:bugzilla:2.17.1 cpe:/a:mozilla:bugzilla:2.19.1 cpe:/a:mozilla:bugzilla:2.10 cpe:/a:mozilla:bugzilla:2.16.10 cpe:/a:mozilla:bugzilla:2.16.11 cpe:/a:mozilla:bugzilla:2.20.6 cpe:/a:mozilla:bugzilla:2.22.6 cpe:/a:mozilla:bugzilla:3.4.2 cpe:/a:mozilla:bugzilla:4.0:rc1 cpe:/a:mozilla:bugzilla:2.14.2 cpe:/a:mozilla:bugzilla:2.18.8 cpe:/a:mozilla:bugzilla:2.16.3 cpe:/a:mozilla:bugzilla:2.16.6 cpe:/a:mozilla:bugzilla:3.4.3 cpe:/a:mozilla:bugzilla:2.18:rc1 cpe:/a:mozilla:bugzilla:2.23.3 cpe:/a:mozilla:bugzilla:3.6.2 cpe:/a:mozilla:bugzilla:2.18.9 cpe:/a:mozilla:bugzilla:2.20.2 cpe:/a:mozilla:bugzilla:2.14.3 cpe:/a:mozilla:bugzilla:2.22.3 cpe:/a:mozilla:bugzilla:2.16.9 cpe:/a:mozilla:bugzilla:3.4.8 cpe:/a:mozilla:bugzilla:2.8 cpe:/a:mozilla:bugzilla:2.23.4 cpe:/a:mozilla:bugzilla:3.2.9 cpe:/a:mozilla:bugzilla:3.4.6 cpe:/a:mozilla:bugzilla:2.9

CVE-2011-0046

2011-01-28T11:00:02.987-05:00

2011-10-25T22:56:01.123-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2011-01-31T08:50:00.000-05:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=621110 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=621109 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=621108 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=621107 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=621105 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=621090 XF bugzilla-unspec-csrf(65003) VUPEN ADV-2011-0271 VUPEN ADV-2011-0207 BID 45982 DEBIAN DSA-2322 CONFIRM http://www.bugzilla.org/security/3.2.9/ SECUNIA 43165 SECUNIA 43033 OSVDB 70710 OSVDB 70709 OSVDB 70708 OSVDB 70707 OSVDB 70706 OSVDB 70705 FEDORA FEDORA-2011-0755 FEDORA FEDORA-2011-0741 Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allow remote attackers to hijack the authentication of arbitrary users for requests related to (1) adding a saved search in buglist.cgi, (2) voting in votes.cgi, (3) sanity checking in sanitycheck.cgi, (4) creating or editing a chart in chart.cgi, (5) column changing in colchange.cgi, and (6) adding, deleting, or approving a quip in quips.cgi.

cpe:/a:mediawiki:mediawiki:1.4:beta4 cpe:/a:mediawiki:mediawiki:1.4.6 cpe:/a:mediawiki:mediawiki:1.6.8 cpe:/a:mediawiki:mediawiki:1.4.11 cpe:/a:mediawiki:mediawiki:1.4.2 cpe:/a:mediawiki:mediawiki:1.5:beta3 cpe:/a:mediawiki:mediawiki:1.7.1 cpe:/a:mediawiki:mediawiki:1.4.3 cpe:/a:mediawiki:mediawiki:1.13.2 cpe:/a:mediawiki:mediawiki:1.4:beta2 cpe:/a:mediawiki:mediawiki:1.8.0 cpe:/a:mediawiki:mediawiki:1.2.4 cpe:/a:mediawiki:mediawiki:1.4.9 cpe:/a:mediawiki:mediawiki:1.6.2 cpe:/a:mediawiki:mediawiki:1.4:beta3 cpe:/a:mediawiki:mediawiki:1.4.12 cpe:/a:mediawiki:mediawiki:1.16.1 cpe:/a:mediawiki:mediawiki:1.6.10 cpe:/a:mediawiki:mediawiki:1.3.2 cpe:/a:mediawiki:mediawiki:1.5.7 cpe:/a:mediawiki:mediawiki:1.2.5 cpe:/a:mediawiki:mediawiki:1.15.0 cpe:/a:mediawiki:mediawiki:1.3.0 cpe:/a:mediawiki:mediawiki:1.6.4 cpe:/a:mediawiki:mediawiki:1.3.6 cpe:/a:mediawiki:mediawiki:1.12.2 cpe:/a:mediawiki:mediawiki:1.12.0 cpe:/a:mediawiki:mediawiki:1.9.4 cpe:/a:mediawiki:mediawiki:1.7.0 cpe:/a:mediawiki:mediawiki:1.4.7 cpe:/a:mediawiki:mediawiki:1.8.2 cpe:/a:mediawiki:mediawiki:1.11.0:rc1 cpe:/a:mediawiki:mediawiki:1.3.1 cpe:/a:mediawiki:mediawiki:1.9.0:rc2 cpe:/a:mediawiki:mediawiki:1.2.1 cpe:/a:mediawiki:mediawiki:1.2.0 cpe:/a:mediawiki:mediawiki:1.4.5 cpe:/a:mediawiki:mediawiki:stable_2003-11-17 cpe:/a:mediawiki:mediawiki:1.10.2 cpe:/a:mediawiki:mediawiki:1.14.0:rc1 cpe:/a:mediawiki:mediawiki:1.10.4 cpe:/a:mediawiki:mediawiki:1.9.3 cpe:/a:mediawiki:mediawiki:1.13.1 cpe:/a:mediawiki:mediawiki:1.3.10 cpe:/a:mediawiki:mediawiki:1.4.14 cpe:/a:mediawiki:mediawiki:1.16.0 cpe:/a:mediawiki:mediawiki:1.8.3 cpe:/a:mediawiki:mediawiki:1.7.3 cpe:/a:mediawiki:mediawiki:stable_2003-08-29 cpe:/a:mediawiki:mediawiki:1.5.2 cpe:/a:mediawiki:mediawiki:1.8.4 cpe:/a:mediawiki:mediawiki:1.6.9 cpe:/a:mediawiki:mediawiki:1.3.3 cpe:/a:mediawiki:mediawiki:1.3.7 cpe:/a:mediawiki:mediawiki:1.4.1 cpe:/a:mediawiki:mediawiki:1.13.4 cpe:/a:mediawiki:mediawiki:1.9.0 cpe:/a:mediawiki:mediawiki:1.3.8 cpe:/a:mediawiki:mediawiki:1.5:beta4 cpe:/a:mediawiki:mediawiki:1.10.0 cpe:/a:mediawiki:mediawiki:1.5.6 cpe:/a:mediawiki:mediawiki:1.6.7 cpe:/a:mediawiki:mediawiki:1.11.1 cpe:/a:mediawiki:mediawiki:1.8.5 cpe:/a:mediawiki:mediawiki:1.3.5 cpe:/a:mediawiki:mediawiki:1.15.2 cpe:/a:mediawiki:mediawiki:1.9.6 cpe:/a:mediawiki:mediawiki:1.10.0:rc2 cpe:/a:mediawiki:mediawiki:1.5:beta1 cpe:/a:mediawiki:mediawiki:1.3 cpe:/a:mediawiki:mediawiki:1.12.1 cpe:/a:mediawiki:mediawiki:1.6.5 cpe:/a:mediawiki:mediawiki:1.3.14 cpe:/a:mediawiki:mediawiki:1.13.0:rc2 cpe:/a:mediawiki:mediawiki:1.12.4 cpe:/a:mediawiki:mediawiki:1.3.11 cpe:/a:mediawiki:mediawiki:1.5:rc4 cpe:/a:mediawiki:mediawiki:1.16.0:beta2 cpe:/a:mediawiki:mediawiki:1.11.0 cpe:/a:mediawiki:mediawiki:1.4.8 cpe:/a:mediawiki:mediawiki:1.5:rc2 cpe:/a:mediawiki:mediawiki:1.1.0 cpe:/a:mediawiki:mediawiki:1.5.1 cpe:/a:mediawiki:mediawiki:1.11.2 cpe:/a:mediawiki:mediawiki:1.15.0:rc1 cpe:/a:mediawiki:mediawiki:1.6.12 cpe:/a:mediawiki:mediawiki:1.4.10 cpe:/a:mediawiki:mediawiki:1.4.13 cpe:/a:mediawiki:mediawiki:1.6.3 cpe:/a:mediawiki:mediawiki:1.2.3 cpe:/a:mediawiki:mediawiki:1.2.6 cpe:/a:mediawiki:mediawiki:1.4:beta1 cpe:/a:mediawiki:mediawiki:1.5.0 cpe:/a:mediawiki:mediawiki:1.3.9 cpe:/a:mediawiki:mediawiki:1.11:rc1 cpe:/a:mediawiki:mediawiki:1.3.4 cpe:/a:mediawiki:mediawiki:1.9.5 cpe:/a:mediawiki:mediawiki:1.9.2 cpe:/a:mediawiki:mediawiki:1.9.1 cpe:/a:mediawiki:mediawiki:1.5:alpha1 cpe:/a:mediawiki:mediawiki:1.10.3 cpe:/a:mediawiki:mediawiki:1.15.3 cpe:/a:mediawiki:mediawiki:1.2.2 cpe:/a:mediawiki:mediawiki:1.7.2 cpe:/a:mediawiki:mediawiki:1.14.0 cpe:/a:mediawiki:mediawiki:1.6.0 cpe:/a:mediawiki:mediawiki:1.4.0 cpe:/a:mediawiki:mediawiki:1.4:beta6 cpe:/a:mediawiki:mediawiki:1.8.1 cpe:/a:mediawiki:mediawiki:1.12.0:rc1 cpe:/a:mediawiki:mediawiki:1.13.3 cpe:/a:mediawiki:mediawiki:1.6.1 cpe:/a:mediawiki:mediawiki:1.10.1 cpe:/a:mediawiki:mediawiki:1.13.0:rc1 cpe:/a:mediawiki:mediawiki:1.11 cpe:/a:mediawiki:mediawiki:1.10.0:rc1 cpe:/a:mediawiki:mediawiki:1.4:beta5 cpe:/a:mediawiki:mediawiki:1.16.0:beta1 cpe:/a:mediawiki:mediawiki:1.6.5_r14348 cpe:/a:mediawiki:mediawiki:1.5:beta2 cpe:/a:mediawiki:mediawiki:1.6.6 cpe:/a:mediawiki:mediawiki:1.15.1 cpe:/a:mediawiki:mediawiki:stable_2003-11-07 cpe:/a:mediawiki:mediawiki:1.12.3 cpe:/a:mediawiki:mediawiki:1.3.15 cpe:/a:mediawiki:mediawiki:1.3.13 cpe:/a:mediawiki:mediawiki:1.5:rc3 cpe:/a:mediawiki:mediawiki:1.5.4 cpe:/a:mediawiki:mediawiki:1.13.0 cpe:/a:mediawiki:mediawiki:1.5.8 cpe:/a:mediawiki:mediawiki:1.5.5 cpe:/a:mediawiki:mediawiki:1.3.12 cpe:/a:mediawiki:mediawiki:1.14.1 cpe:/a:mediawiki:mediawiki:1.4.4 cpe:/a:mediawiki:mediawiki:1.5.3 cpe:/a:mediawiki:mediawiki:1.5:alpha2

CVE-2011-0047

2011-02-03T20:00:05.683-05:00

2011-09-06T23:13:44.737-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-02-04T12:05:00.000-05:00

MLIST [MediaWiki-announce] 20110201 MediaWiki security release 1.16.2 CONFIRM https://bugzilla.wikimedia.org/show_bug.cgi?id=27093 XF mediawiki-css-comments-xss(65126) VUPEN ADV-2011-0273 BID 46108 SECUNIA 43142 OSVDB 70770 FEDORA FEDORA-2011-5807 FEDORA FEDORA-2011-5812 FEDORA FEDORA-2011-5848 Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) comments, aka "CSS injection vulnerability."

CVE-2011-0048

2011-01-28T11:00:03.030-05:00

2011-10-25T22:56:01.373-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-01-31T08:55:00.000-05:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=628034 XF bugzilla-url-xss(65005) VUPEN ADV-2011-0271 VUPEN ADV-2011-0207 BID 45982 DEBIAN DSA-2322 CONFIRM http://www.bugzilla.org/security/3.2.9/ SECUNIA 43165 SECUNIA 43033 OSVDB 70704 FEDORA FEDORA-2011-0755 FEDORA FEDORA-2011-0741 Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 creates a clickable link for a (1) javascript: or (2) data: URI in the URL (aka bug_file_loc) field, which allows remote attackers to conduct cross-site scripting (XSS) attacks against logged-out users via a crafted URI.

cpe:/a:mj2:majordomo_2:20110115 cpe:/a:mj2:majordomo_2:20110126 cpe:/a:mj2:majordomo_2:20110113 cpe:/a:mj2:majordomo_2:20110109 cpe:/a:mj2:majordomo_2:20110129 cpe:/a:mj2:majordomo_2:20110106 cpe:/a:mj2:majordomo_2:20110128 cpe:/a:mj2:majordomo_2:20110114 cpe:/a:mj2:majordomo_2:20110110 cpe:/a:mj2:majordomo_2:20110119 cpe:/a:mj2:majordomo_2:20110111 cpe:/a:mj2:majordomo_2:20110112 cpe:/a:mj2:majordomo_2:20110108 cpe:/a:mj2:majordomo_2:20110103 cpe:/a:mj2:majordomo_2:20110120 cpe:/a:mj2:majordomo_2:20110122 cpe:/a:mj2:majordomo_2:20110116 cpe:/a:mj2:majordomo_2:20110124 cpe:/a:mj2:majordomo_2:20110102 cpe:/a:mj2:majordomo_2:20110125 cpe:/a:mj2:majordomo_2:20110117 cpe:/a:mj2:majordomo_2:20110118 cpe:/a:mj2:majordomo_2:20110127 cpe:/a:mj2:majordomo_2:20110121 cpe:/a:mj2:majordomo_2:20110104 cpe:/a:mj2:majordomo_2:20110105 cpe:/a:mj2:majordomo_2:20110123 cpe:/a:mj2:majordomo_2:20110130 cpe:/a:mj2:majordomo_2:20110101 cpe:/a:mj2:majordomo_2:20110107

CVE-2011-0049

2011-02-03T20:00:07.400-05:00

2011-09-21T23:27:33.287-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-02-04T12:18:00.000-05:00

CERT-VN VU#363726 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=628064 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=628064 CONFIRM https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481 MISC https://sitewat.ch/en/Advisory/View/1 XF majordomo-listfile-directory-traversal(65113) VUPEN ADV-2011-0288 SECTRACK 1025024 BID 46127 BUGTRAQ 20110203 Majordomo2 - Directory Traversal (SMTP/HTTP) EXPLOIT-DB 16103 SREASON 8061 SECUNIA 43125 OSVDB 70762 Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.

cpe:/a:cgiirc:cgi%3Airc:0.5.1 cpe:/a:cgiirc:cgi%3Airc:0.3.3 cpe:/a:cgiirc:cgi%3Airc:0.3.4 cpe:/a:cgiirc:cgi%3Airc:0.3_pre1 cpe:/a:cgiirc:cgi%3Airc:0.3.6 cpe:/a:cgiirc:cgi%3Airc:0.3.1 cpe:/a:cgiirc:cgi%3Airc:0.4.2 cpe:/a:cgiirc:cgi%3Airc:0.3.3_pre1 cpe:/a:cgiirc:cgi%3Airc:0.5.5 cpe:/a:cgiirc:cgi%3Airc:0.4.3 cpe:/a:cgiirc:cgi%3Airc:0.4.1 cpe:/a:cgiirc:cgi%3Airc:0.3.5b cpe:/a:cgiirc:cgi%3Airc:0.2.1 cpe:/a:cgiirc:cgi%3Airc:0.3.5 cpe:/a:cgiirc:cgi%3Airc:0.3_pre2 cpe:/a:cgiirc:cgi%3Airc:0.5.9 cpe:/a:cgiirc:cgi%3Airc:0.5.7 cpe:/a:cgiirc:cgi%3Airc:0.2 cpe:/a:cgiirc:cgi%3Airc:0.1 cpe:/a:cgiirc:cgi%3Airc:0.5.4 cpe:/a:cgiirc:cgi%3Airc:0.4 cpe:/a:cgiirc:cgi%3Airc:0.3 cpe:/a:cgiirc:cgi%3Airc:0.5.3 cpe:/a:cgiirc:cgi%3Airc:0.5.2 cpe:/a:cgiirc:cgi%3Airc:0.5 cpe:/a:cgiirc:cgi%3Airc:0.3.7 cpe:/a:cgiirc:cgi%3Airc:0.5.8 cpe:/a:cgiirc:cgi%3Airc:0.5.6 cpe:/a:cgiirc:cgi%3Airc:0.3.2

CVE-2011-0050

2011-02-18T20:00:01.933-05:00

2011-09-21T23:27:33.443-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-02-21T14:16:00.000-05:00

VUPEN ADV-2011-0346 BUGTRAQ 20110209 CGI:IRC XSS issue (CVE-2011-0050) DEBIAN DSA-2158 MLIST [cgiirc-general] 20110207 CGI:IRC 0.5.10 released to fix XSS issue (CVE-2011-0050) SREASON 8097 SECUNIA 43217 OSVDB 70844 Cross-site scripting (XSS) vulnerability in the nonjs interface (interfaces/nonjs.pm) in CGI:IRC before 0.5.10 allows remote attackers to inject arbitrary web script or HTML via the R parameter.

cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:2.0.4 cpe:/a:mozilla:firefox:2.0.0.5 cpe:/a:mozilla:firefox:3.5.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:2.0.0.14 cpe:/a:mozilla:firefox:1.5.4 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:firefox:2.0.0.8 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:firefox:3.0.14 cpe:/a:mozilla:firefox:1.5.2 cpe:/a:mozilla:firefox:3.0.12 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:firefox:3.6.6 cpe:/a:mozilla:firefox:2.0.0.13 cpe:/a:mozilla:firefox:3.0.16 cpe:/a:mozilla:firefox:1.5.1 cpe:/a:mozilla:seamonkey:2.0.11 cpe:/a:mozilla:seamonkey:2.0.5 cpe:/a:mozilla:seamonkey:2.0.10 cpe:/a:mozilla:firefox:2.0.0.6 cpe:/a:mozilla:firefox:2.0.0.9 cpe:/a:mozilla:seamonkey:2.0:beta_2 cpe:/a:mozilla:firefox:1.5.3 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:seamonkey:2.0.6 cpe:/a:mozilla:firefox:3.6.4 cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:2.0:rc1 cpe:/a:mozilla:firefox:3.5.4 cpe:/a:mozilla:firefox:3.0.9 cpe:/a:mozilla:firefox:2.0.0.12 cpe:/a:mozilla:firefox:3.6 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:firefox:3.6.7 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:firefox:1.5.5 cpe:/a:mozilla:firefox:3.5.8 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:3.6.8 cpe:/a:mozilla:firefox:3.0.8 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:firefox:2.0.0.15 cpe:/a:mozilla:firefox:3.0.15 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:seamonkey:2.0:beta_1 cpe:/a:mozilla:firefox:2.0.0.16 cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:firefox:3.0.10 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:seamonkey:2.0.3 cpe:/a:mozilla:firefox:2.0.0.11 cpe:/a:mozilla:firefox:3.6.11 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.5.12 cpe:/a:mozilla:firefox:1.5:beta1 cpe:/a:mozilla:seamonkey:1.5.0.8 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:seamonkey:1.5.0.9 cpe:/a:mozilla:seamonkey:2.0.8 cpe:/a:mozilla:firefox:1.0:preview_release cpe:/a:mozilla:seamonkey:1.1.18 cpe:/a:mozilla:firefox:3.0.11 cpe:/a:mozilla:firefox:1.5.8 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:seamonkey:1.5.0.10 cpe:/a:mozilla:firefox:2.0.0.19 cpe:/a:mozilla:firefox:3.5.14 cpe:/a:mozilla:firefox:3.6.3 cpe:/a:mozilla:firefox:3.0.13 cpe:/a:mozilla:firefox:3.6.2 cpe:/a:mozilla:seamonkey:2.0:alpha_1 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.17 cpe:/a:mozilla:seamonkey:1.1.19 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:3.5.13 cpe:/a:mozilla:firefox:3.5.11 cpe:/a:mozilla:seamonkey:2.0:alpha_2 cpe:/a:mozilla:seamonkey:2.0.1 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:2.0:alpha_3 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:3.6.10 cpe:/a:mozilla:seamonkey:2.0:rc2 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:seamonkey:2.0.9 cpe:/a:mozilla:firefox:3.5.7 cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:2.0.0.18 cpe:/a:mozilla:firefox:3.5.10 cpe:/a:mozilla:firefox:1.5:beta2 cpe:/a:mozilla:firefox:3.5.9 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:firefox:3.5.6 cpe:/a:mozilla:firefox:2.0.0.20 cpe:/a:mozilla:firefox:3.6.9 cpe:/a:mozilla:firefox:3.6.13 cpe:/a:mozilla:firefox:3.6.12 cpe:/a:mozilla:firefox:3.5.15 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:2.0.0.3 cpe:/a:mozilla:seamonkey:2.0.2 cpe:/a:mozilla:firefox:3.5.16 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:seamonkey:2.0.7 cpe:/a:mozilla:firefox:1.5.6 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:firefox:2.0.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:3.5 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:2.0 cpe:/a:mozilla:firefox:2.0.0.10 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1.15 cpe:/a:mozilla:firefox:3.0.17 cpe:/a:mozilla:firefox:2.0.0.17 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.7 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:firefox:3.0.7

CVE-2011-0051

2011-03-02T15:00:01.380-05:00

2012-01-26T22:56:50.203-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2011-03-03T09:19:00.000-05:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=616659 REDHAT RHSA-2011:0313 REDHAT RHSA-2011:0312 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-02.html MANDRIVA MDVSA-2011:041 CONFIRM http://support.avaya.com/css/P8/documents/100128655 Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges.

cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:thunderbird:2.0.0.7 cpe:/a:mozilla:thunderbird:1.5.0.6 cpe:/a:mozilla:seamonkey:2.0.4 cpe:/a:mozilla:thunderbird:1.5.0.2 cpe:/a:mozilla:firefox:3.5.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:thunderbird:1.5.2 cpe:/a:mozilla:thunderbird:0.9 cpe:/a:mozilla:firefox:1.5.4 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:firefox:2.0.0.8 cpe:/a:mozilla:firefox:3.0.14 cpe:/a:mozilla:firefox:3.0.12 cpe:/a:mozilla:firefox:1.5.2 cpe:/a:mozilla:firefox:3.6.6 cpe:/a:mozilla:firefox:3.0.16 cpe:/a:mozilla:firefox:2.0.0.13 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:seamonkey:2.0.11 cpe:/a:mozilla:seamonkey:2.0.10 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:firefox:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.21 cpe:/a:mozilla:seamonkey:2.0:beta_2 cpe:/a:mozilla:firefox:1.5.3 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:thunderbird:3.0.1 cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:thunderbird:3.1.2 cpe:/a:mozilla:seamonkey:2.0:rc1 cpe:/a:mozilla:thunderbird:1.7.3 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:thunderbird:1.5.0.10 cpe:/a:mozilla:firefox:3.6.7 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:thunderbird:1.5.0.14 cpe:/a:mozilla:firefox:1.5.5 cpe:/a:mozilla:firefox:3.5.8 cpe:/a:mozilla:firefox:2.0.0.15 cpe:/a:mozilla:firefox:3.0.15 cpe:/a:mozilla:thunderbird:0.7 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:seamonkey:2.0:beta_1 cpe:/a:mozilla:firefox:3.0.10 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:firefox:2.0.0.16 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:thunderbird:0.7.1 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:seamonkey:2.0.3 cpe:/a:mozilla:thunderbird:3.0.10 cpe:/a:mozilla:firefox:2.0.0.11 cpe:/a:mozilla:firefox:3.5.12 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:thunderbird:1.0.7 cpe:/a:mozilla:seamonkey:2.0.8 cpe:/a:mozilla:seamonkey:1.5.0.9 cpe:/a:mozilla:seamonkey:1.1.18 cpe:/a:mozilla:firefox:1.0:preview_release cpe:/a:mozilla:thunderbird:2.0.0.1 cpe:/a:mozilla:firefox:1.5.8 cpe:/a:mozilla:seamonkey:1.5.0.10 cpe:/a:mozilla:thunderbird:1.5.0.1 cpe:/a:mozilla:firefox:2.0.0.19 cpe:/a:mozilla:thunderbird:0.3 cpe:/a:mozilla:firefox:3.0.13 cpe:/a:mozilla:firefox:3.6.3 cpe:/a:mozilla:firefox:3.5.14 cpe:/a:mozilla:firefox:3.6.2 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:thunderbird:1.0.4 cpe:/a:mozilla:seamonkey:1.1.19 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:firefox:3.5.13 cpe:/a:mozilla:seamonkey:2.0.1 cpe:/a:mozilla:seamonkey:2.0:alpha_3 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:seamonkey:2.0:rc2 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:3.5.7 cpe:/a:mozilla:firefox:2.0.0.18 cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.5:beta2 cpe:/a:mozilla:firefox:3.5.9 cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:firefox:3.5.6 cpe:/a:mozilla:thunderbird:3.0.9 cpe:/a:mozilla:firefox:3.6.9 cpe:/a:mozilla:firefox:2.0.0.20 cpe:/a:mozilla:firefox:3.6.12 cpe:/a:mozilla:thunderbird:1.5.0.5 cpe:/a:mozilla:firefox:3.5.15 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:seamonkey:2.0.7 cpe:/a:mozilla:thunderbird:3.1.5 cpe:/a:mozilla:thunderbird:3.1.6 cpe:/a:mozilla:thunderbird:1.5.0.3 cpe:/a:mozilla:firefox:2.0.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:2.0 cpe:/a:mozilla:firefox:3.0.17 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:thunderbird:1.0.3 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:thunderbird:3.0 cpe:/a:mozilla:thunderbird:1.0.8 cpe:/a:mozilla:thunderbird:3.0.7 cpe:/a:mozilla:thunderbird:2.0.0.22 cpe:/a:mozilla:firefox:2.0.0.5 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:thunderbird:3.0.2 cpe:/a:mozilla:firefox:2.0.0.14 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:firefox:1.5.1 cpe:/a:mozilla:thunderbird:1.5.0.9 cpe:/a:mozilla:thunderbird:0.7.2 cpe:/a:mozilla:thunderbird:2.0.0.2 cpe:/a:mozilla:seamonkey:2.0.5 cpe:/a:mozilla:thunderbird:1.5.0.12 cpe:/a:mozilla:firefox:2.0.0.9 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:seamonkey:2.0.6 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:thunderbird:2.0.0.8 cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:0.4 cpe:/a:mozilla:firefox:3.6.4 cpe:/a:mozilla:thunderbird:3.0.8 cpe:/a:mozilla:thunderbird:1.0.6 cpe:/a:mozilla:firefox:3.0.9 cpe:/a:mozilla:firefox:3.5.4 cpe:/a:mozilla:firefox:3.6 cpe:/a:mozilla:firefox:2.0.0.12 cpe:/a:mozilla:thunderbird:0.5 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:thunderbird:1.5:beta2 cpe:/a:mozilla:thunderbird:3.1.1 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:thunderbird:3.1.4 cpe:/a:mozilla:firefox:3.6.8 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:3.0.8 cpe:/a:mozilla:thunderbird:3.0.4 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:thunderbird:1.5.1 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:thunderbird:3.0.5 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:thunderbird:0.7.3 cpe:/a:mozilla:firefox:3.6.11 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:thunderbird:3.1.3 cpe:/a:mozilla:seamonkey:1.5.0.8 cpe:/a:mozilla:firefox:1.5:beta1 cpe:/a:mozilla:thunderbird:1.5.0.8 cpe:/a:mozilla:firefox:3.0.11 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:thunderbird:1.0 cpe:/a:mozilla:seamonkey:2.0:alpha_1 cpe:/a:mozilla:thunderbird:1.5 cpe:/a:mozilla:seamonkey:1.1.17 cpe:/a:mozilla:thunderbird:2.0.0.3 cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:seamonkey:2.0:alpha_2 cpe:/a:mozilla:firefox:3.5.11 cpe:/a:mozilla:thunderbird:1.5.0.7 cpe:/a:mozilla:thunderbird:0.1 cpe:/a:mozilla:thunderbird:0.8 cpe:/a:mozilla:thunderbird:1.0.5 cpe:/a:mozilla:thunderbird:1.0.1 cpe:/a:mozilla:firefox:3.6.10 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:seamonkey:2.0.9 cpe:/a:mozilla:firefox:3.5.10 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:thunderbird:0.2 cpe:/a:mozilla:thunderbird:3.1 cpe:/a:mozilla:firefox:3.6.13 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:thunderbird:3.0.3 cpe:/a:mozilla:thunderbird:1.5.0.13 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:seamonkey:2.0.2 cpe:/a:mozilla:firefox:2.0.0.3 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:firefox:3.5.16 cpe:/a:mozilla:firefox:1.5.6 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:thunderbird:1.5.0.4 cpe:/a:mozilla:thunderbird:2.0 cpe:/a:mozilla:thunderbird:2.0.0.23 cpe:/a:mozilla:thunderbird:3.0.6 cpe:/a:mozilla:firefox:3.5 cpe:/a:mozilla:thunderbird:3.0.11 cpe:/a:mozilla:thunderbird:3.1.7 cpe:/a:mozilla:firefox:2.0.0.10 cpe:/a:mozilla:thunderbird:1.5.0.11 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1.15 cpe:/a:mozilla:thunderbird:0.6 cpe:/a:mozilla:firefox:2.0.0.17 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:thunderbird:1.0.2 cpe:/a:mozilla:thunderbird:1.7.1 cpe:/a:mozilla:firefox:1.5.7 cpe:/a:mozilla:firefox:3.0.7

CVE-2011-0053

2011-03-02T15:00:01.410-05:00

2012-01-26T22:56:50.360-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2011-03-03T09:42:00.000-05:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=614499 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=613376 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=605672 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=602115 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=600974 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=600853 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=596232 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=576649 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=563618 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=563243 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=558633 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=558541 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=558531 BID 46645 REDHAT RHSA-2011:0313 REDHAT RHSA-2011:0312 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-01.html MANDRIVA MDVSA-2011:042 CONFIRM http://support.avaya.com/css/P8/documents/100128655 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2011-0054

2011-03-02T15:00:01.490-05:00

2012-01-26T22:56:50.517-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2011-03-03T09:52:00.000-05:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=615657 BID 46648 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-04.html MANDRIVA MDVSA-2011:041 Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvarMap" issue.

CVE-2011-0055

2011-03-02T15:00:01.507-05:00

2012-01-26T00:00:00.000-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2011-03-03T10:03:00.000-05:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=619255 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=616009 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-103/ BID 46661 BUGTRAQ 20110302 ZDI-11-103: Mozilla Firefox JSON.stringify Dangling Pointer Remote Code Execution Vulnerability CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-03.html MANDRIVA MDVSA-2011:041 Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors related to the js_HasOwnProperty function and garbage collection.

CVE-2011-0056

2011-03-02T15:00:01.537-05:00

2012-01-26T22:56:50.830-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2011-03-03T10:10:00.000-05:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=622015 BID 46650 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-05.html MANDRIVA MDVSA-2011:041 Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving exception timing and a large number of string values, aka an "atom map" issue.

CVE-2011-0057

2011-03-02T15:00:01.567-05:00

2012-01-26T22:56:51.000-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2011-03-03T10:24:00.000-05:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=626631 BID 46663 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-06.html MANDRIVA MDVSA-2011:041 Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and garbage collection.

cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:2.0.4 cpe:/a:mozilla:firefox:3.5.5 cpe:/a:mozilla:firefox:2.0.0.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:2.0.0.14 cpe:/a:mozilla:firefox:1.5.4 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:firefox:2.0.0.8 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:firefox:3.0.14 cpe:/a:mozilla:firefox:3.0.12 cpe:/a:mozilla:firefox:1.5.2 cpe:/a:mozilla:firefox:3.6.6 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:firefox:3.0.16 cpe:/a:mozilla:firefox:2.0.0.13 cpe:/a:mozilla:firefox:1.5.1 cpe:/a:mozilla:seamonkey:2.0.11 cpe:/a:mozilla:seamonkey:2.0.5 cpe:/a:mozilla:seamonkey:2.0.10 cpe:/a:mozilla:firefox:2.0.0.6 cpe:/a:mozilla:firefox:2.0.0.9 cpe:/a:mozilla:seamonkey:2.0:beta_2 cpe:/a:mozilla:firefox:1.5.3 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:seamonkey:2.0.6 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:3.6.4 cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:2.0:rc1 cpe:/a:mozilla:firefox:3.0.9 cpe:/a:mozilla:firefox:3.5.4 cpe:/a:mozilla:firefox:2.0.0.12 cpe:/a:mozilla:firefox:3.6 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:3.6.7 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:firefox:1.5.5 cpe:/a:mozilla:firefox:3.5.8 cpe:/a:mozilla:firefox:3.6.8 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:3.0.8 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:firefox:2.0.0.15 cpe:/a:mozilla:firefox:3.0.15 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:2.0:beta_1 cpe:/a:mozilla:firefox:3.0.10 cpe:/a:mozilla:firefox:2.0.0.16 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:seamonkey:2.0.3 cpe:/a:mozilla:firefox:2.0.0.11 cpe:/a:mozilla:firefox:3.6.11 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.5.12 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:seamonkey:1.5.0.8 cpe:/a:mozilla:firefox:1.5:beta1 cpe:/a:mozilla:seamonkey:2.0.8 cpe:/a:mozilla:seamonkey:1.5.0.9 cpe:/a:mozilla:firefox:3.0.11 cpe:/a:mozilla:seamonkey:1.1.18 cpe:/a:mozilla:firefox:1.0:preview_release cpe:/a:mozilla:firefox:1.5.8 cpe:/a:mozilla:seamonkey:1.5.0.10 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:firefox:2.0.0.19 cpe:/a:mozilla:firefox:3.0.13 cpe:/a:mozilla:firefox:3.5.14 cpe:/a:mozilla:firefox:3.6.3 cpe:/a:mozilla:firefox:3.6.2 cpe:/a:mozilla:seamonkey:2.0:alpha_1 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:seamonkey:1.1.17 cpe:/a:mozilla:seamonkey:1.1.19 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:3.5.11 cpe:/a:mozilla:firefox:3.5.13 cpe:/a:mozilla:seamonkey:2.0:alpha_2 cpe:/a:mozilla:seamonkey:2.0.1 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:2.0:alpha_3 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:3.6.10 cpe:/a:mozilla:seamonkey:2.0:rc2 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:firefox:3.5.7 cpe:/a:mozilla:seamonkey:2.0.9 cpe:/a:mozilla:firefox:3.5.10 cpe:/a:mozilla:firefox:2.0.0.18 cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.5:beta2 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.5.9 cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.5.6 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:firefox:2.0.0.20 cpe:/a:mozilla:firefox:3.6.9 cpe:/a:mozilla:firefox:3.6.13 cpe:/a:mozilla:firefox:3.6.12 cpe:/a:mozilla:firefox:3.5.15 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:2.0.0.3 cpe:/a:mozilla:seamonkey:2.0.2 cpe:/a:mozilla:firefox:3.5.16 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:seamonkey:2.0.7 cpe:/a:mozilla:firefox:1.5.6 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:firefox:2.0.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:3.5 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:2.0 cpe:/a:mozilla:firefox:2.0.0.10 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1.15 cpe:/a:mozilla:firefox:3.0.17 cpe:/a:mozilla:firefox:2.0.0.17 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:firefox:1.5.7 cpe:/a:mozilla:firefox:3.0.7

CVE-2011-0058

2011-03-02T15:00:01.583-05:00

2012-01-26T22:56:51.157-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2011-03-03T10:37:00.000-05:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=607160 BID 46660 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-07.html MANDRIVA MDVSA-2011:041 Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run.

CVE-2011-0059

2011-03-02T15:00:01.597-05:00

2012-01-26T22:56:51.330-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2011-03-03T11:15:00.000-05:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=573873 BID 46652 REDHAT RHSA-2011:0313 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-10.html MANDRIVA MDVSA-2011:041 CONFIRM http://support.avaya.com/css/P8/documents/100128655 Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site.

cpe:/a:mozilla:thunderbird:1.0.8 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:thunderbird:3.0.7 cpe:/a:mozilla:thunderbird:2.0.0.7 cpe:/a:mozilla:thunderbird:1.5.0.6 cpe:/a:mozilla:seamonkey:2.0.4 cpe:/a:mozilla:thunderbird:1.5.0.2 cpe:/a:mozilla:thunderbird:2.0.0.22 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:thunderbird:1.5.2 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:thunderbird:0.9 cpe:/a:mozilla:thunderbird:3.0.2 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:firefox:3.6.6 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:1.5.0.9 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:0.7.2 cpe:/a:mozilla:thunderbird:2.0.0.2 cpe:/a:mozilla:seamonkey:2.0.11 cpe:/a:mozilla:seamonkey:2.0.5 cpe:/a:mozilla:seamonkey:2.0.10 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:thunderbird:1.5.0.12 cpe:/a:mozilla:thunderbird:2.0.0.21 cpe:/a:mozilla:seamonkey:2.0:beta_2 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:seamonkey:2.0.6 cpe:/a:mozilla:thunderbird:2.0.0.8 cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:0.4 cpe:/a:mozilla:thunderbird:3.0.1 cpe:/a:mozilla:firefox:3.6.4 cpe:/a:mozilla:thunderbird:3.0.8 cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:thunderbird:3.1.2 cpe:/a:mozilla:thunderbird:1.0.6 cpe:/a:mozilla:seamonkey:2.0:rc1 cpe:/a:mozilla:firefox:3.6 cpe:/a:mozilla:thunderbird:1.7.3 cpe:/a:mozilla:thunderbird:1.5.0.10 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:firefox:3.6.7 cpe:/a:mozilla:thunderbird:0.5 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:thunderbird:1.5:beta2 cpe:/a:mozilla:thunderbird:3.1.1 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:thunderbird:3.1.4 cpe:/a:mozilla:thunderbird:1.5.0.14 cpe:/a:mozilla:firefox:3.6.8 cpe:/a:mozilla:thunderbird:3.0.4 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:thunderbird:0.7 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:2.0:beta_1 cpe:/a:mozilla:thunderbird:1.5.1 cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:thunderbird:3.0.5 cpe:/a:mozilla:thunderbird:0.7.1 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:2.0.3 cpe:/a:mozilla:thunderbird:0.7.3 cpe:/a:mozilla:thunderbird:3.0.10 cpe:/a:mozilla:firefox:3.6.11 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:thunderbird:3.1.3 cpe:/a:mozilla:seamonkey:1.5.0.8 cpe:/a:mozilla:thunderbird:1.0.7 cpe:/a:mozilla:thunderbird:1.5.0.8 cpe:/a:mozilla:seamonkey:1.5.0.9 cpe:/a:mozilla:seamonkey:2.0.8 cpe:/a:mozilla:seamonkey:1.1.18 cpe:/a:mozilla:thunderbird:2.0.0.1 cpe:/a:mozilla:seamonkey:1.5.0.10 cpe:/a:mozilla:thunderbird:1.5.0.1 cpe:/a:mozilla:thunderbird:0.3 cpe:/a:mozilla:thunderbird:1.0 cpe:/a:mozilla:firefox:3.6.3 cpe:/a:mozilla:firefox:3.6.2 cpe:/a:mozilla:seamonkey:2.0:alpha_1 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:thunderbird:1.0.4 cpe:/a:mozilla:thunderbird:1.5 cpe:/a:mozilla:seamonkey:1.1.17 cpe:/a:mozilla:thunderbird:2.0.0.3 cpe:/a:mozilla:seamonkey:1.1.19 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:2.0:alpha_2 cpe:/a:mozilla:seamonkey:2.0.1 cpe:/a:mozilla:thunderbird:1.5.0.7 cpe:/a:mozilla:thunderbird:0.1 cpe:/a:mozilla:thunderbird:0.8 cpe:/a:mozilla:thunderbird:1.0.5 cpe:/a:mozilla:thunderbird:1.0.1 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:2.0:alpha_3 cpe:/a:mozilla:firefox:3.6.10 cpe:/a:mozilla:seamonkey:2.0:rc2 cpe:/a:mozilla:seamonkey:2.0.9 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:thunderbird:0.2 cpe:/a:mozilla:thunderbird:3.0.9 cpe:/a:mozilla:firefox:3.6.9 cpe:/a:mozilla:thunderbird:3.1 cpe:/a:mozilla:firefox:3.6.13 cpe:/a:mozilla:firefox:3.6.12 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:thunderbird:1.5.0.5 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:thunderbird:3.0.3 cpe:/a:mozilla:thunderbird:1.5.0.13 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:seamonkey:2.0.2 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:seamonkey:2.0.7 cpe:/a:mozilla:thunderbird:3.1.5 cpe:/a:mozilla:thunderbird:3.1.6 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:thunderbird:1.5.0.4 cpe:/a:mozilla:thunderbird:1.5.0.3 cpe:/a:mozilla:thunderbird:2.0 cpe:/a:mozilla:thunderbird:2.0.0.23 cpe:/a:mozilla:thunderbird:3.0.6 cpe:/a:mozilla:thunderbird:3.0.11 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:2.0 cpe:/a:mozilla:thunderbird:3.1.7 cpe:/a:mozilla:thunderbird:1.5.0.11 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1.15 cpe:/a:mozilla:thunderbird:0.6 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:thunderbird:1.0.3 cpe:/a:mozilla:thunderbird:1.0.2 cpe:/a:mozilla:thunderbird:1.7.1 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:thunderbird:3.0

CVE-2011-0061

2011-03-02T15:00:01.613-05:00

2012-01-26T22:56:51.487-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2011-03-03T09:10:00.000-05:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=610601 BID 46651 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-09.html MANDRIVA MDVSA-2011:042 MANDRIVA MDVSA-2011:041 Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.

cpe:/a:mozilla:firefox:3.6 cpe:/a:mozilla:firefox:3.6.7 cpe:/a:mozilla:firefox:3.6.9 cpe:/a:mozilla:thunderbird:3.1 cpe:/a:mozilla:firefox:3.6.12 cpe:/a:mozilla:firefox:3.6.13 cpe:/a:mozilla:thunderbird:3.1.7 cpe:/a:mozilla:thunderbird:3.1.1 cpe:/a:mozilla:firefox:3.6.10 cpe:/a:mozilla:firefox:3.6.4 cpe:/a:mozilla:firefox:3.6.6 cpe:/a:mozilla:thunderbird:3.1.5 cpe:/a:mozilla:firefox:3.6.3 cpe:/a:mozilla:thunderbird:3.1.2 cpe:/a:mozilla:firefox:3.6.11 cpe:/a:mozilla:thunderbird:3.1.4 cpe:/a:mozilla:thunderbird:3.1.6 cpe:/a:mozilla:firefox:3.6.2 cpe:/a:mozilla:thunderbird:3.1.3 cpe:/a:mozilla:firefox:3.6.8

CVE-2011-0062

2011-03-02T15:00:01.630-05:00

2012-01-26T22:56:51.657-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2011-03-03T11:21:00.000-05:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=599610 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=569384 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-01.html MANDRIVA MDVSA-2011:042 MANDRIVA MDVSA-2011:041 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

cpe:/a:mj2:majordomo_2:20110115 cpe:/a:mj2:majordomo_2:20110126 cpe:/a:mj2:majordomo_2:20110113 cpe:/a:mj2:majordomo_2:20110109 cpe:/a:mj2:majordomo_2:20110203 cpe:/a:mj2:majordomo_2:20110129 cpe:/a:mj2:majordomo_2:20110106 cpe:/a:mj2:majordomo_2:20110128 cpe:/a:mj2:majordomo_2:20110110 cpe:/a:mj2:majordomo_2:20110114 cpe:/a:mj2:majordomo_2:20110119 cpe:/a:mj2:majordomo_2:20110111 cpe:/a:mj2:majordomo_2:20110112 cpe:/a:mj2:majordomo_2:20110108 cpe:/a:mj2:majordomo_2:20110131 cpe:/a:mj2:majordomo_2:20110103 cpe:/a:mj2:majordomo_2:20110120 cpe:/a:mj2:majordomo_2:20110116 cpe:/a:mj2:majordomo_2:20110122 cpe:/a:mj2:majordomo_2:20110124 cpe:/a:mj2:majordomo_2:20110125 cpe:/a:mj2:majordomo_2:20110102 cpe:/a:mj2:majordomo_2:20110117 cpe:/a:mj2:majordomo_2:20110202 cpe:/a:mj2:majordomo_2:20110118 cpe:/a:mj2:majordomo_2:20110127 cpe:/a:mj2:majordomo_2:20110121 cpe:/a:mj2:majordomo_2:20110104 cpe:/a:mj2:majordomo_2:20110201 cpe:/a:mj2:majordomo_2:20110105 cpe:/a:mj2:majordomo_2:20110130 cpe:/a:mj2:majordomo_2:20110123 cpe:/a:mj2:majordomo_2:20110101 cpe:/a:mj2:majordomo_2:20110107

CVE-2011-0063

2011-03-15T13:55:02.937-04:00

2011-09-21T23:27:34.803-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-03-15T14:51:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=631307 XF majordomo-listfileget-dir-traversal(66011) BUGTRAQ 20110308 NSOADV-2011-003: Majordomo2 'help' Command Directory Traversal (Patch Bypass) MISC http://sotiriu.de/adv/NSOADV-2011-003.txt SREASON 8133 SECUNIA 43631 The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in the "extra" parameter to the help command, which causes the regular expression to produce .. (dot dot) sequences. NOTE: this vulnerability is due to an incomplete fix for CVE-2011-0049.

cpe:/a:mozilla:firefox cpe:/a:pango:pango:1.28.3

CVE-2011-0064

2011-03-07T16:00:01.330-05:00

2011-03-30T23:29:03.017-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2011-03-08T09:25:00.000-05:00

CONFIRM https://build.opensuse.org/request/show/63070 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=678563 CONFIRM http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9 CONFIRM https://bugzilla.novell.com/show_bug.cgi?id=672502 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=606997 XF pango-hbbufferensure-bo(65770) VUPEN ADV-2011-0683 VUPEN ADV-2011-0584 VUPEN ADV-2011-0558 VUPEN ADV-2011-0555 VUPEN ADV-2011-0543 UBUNTU USN-1082-1 BID 46632 REDHAT RHSA-2011:0309 MANDRIVA MDVSA-2011:040 DEBIAN DSA-2178 SECTRACK 1025145 SECUNIA 43800 SECUNIA 43578 SECUNIA 43572 SECUNIA 43559 FEDORA FEDORA-2011-3194 The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.

cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:2.0.4 cpe:/a:mozilla:seamonkey:2.0.13 cpe:/a:mozilla:firefox:2.0.0.5 cpe:/a:mozilla:firefox:3.5.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:2.0.0.14 cpe:/a:mozilla:firefox:1.5.4 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:firefox:2.0.0.8 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:firefox:3.0.14 cpe:/a:mozilla:firefox:1.5.2 cpe:/a:mozilla:firefox:3.0.12 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:firefox:3.6.6 cpe:/a:mozilla:firefox:2.0.0.13 cpe:/a:mozilla:firefox:3.0.16 cpe:/a:mozilla:firefox:3.5.17 cpe:/a:mozilla:firefox:1.5.1 cpe:/a:mozilla:seamonkey:2.0.11 cpe:/a:mozilla:seamonkey:2.0.5 cpe:/a:mozilla:seamonkey:2.0.10 cpe:/a:mozilla:firefox:2.0.0.6 cpe:/a:mozilla:firefox:2.0.0.9 cpe:/a:mozilla:seamonkey:2.0:beta_2 cpe:/a:mozilla:firefox:1.5.3 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:seamonkey:2.0.6 cpe:/a:mozilla:seamonkey:2.0.12 cpe:/a:mozilla:firefox:3.6.4 cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:2.0:rc1 cpe:/a:mozilla:firefox:3.5.4 cpe:/a:mozilla:firefox:3.0.9 cpe:/a:mozilla:firefox:2.0.0.12 cpe:/a:mozilla:firefox:3.6 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:firefox:3.6.7 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:firefox:1.5.5 cpe:/a:mozilla:firefox:3.5.8 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:3.6.8 cpe:/a:mozilla:firefox:3.0.8 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:firefox:2.0.0.15 cpe:/a:mozilla:firefox:3.0.15 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:2.0:beta_1 cpe:/a:mozilla:firefox:2.0.0.16 cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:firefox:3.0.10 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:seamonkey:2.0.3 cpe:/a:mozilla:firefox:2.0.0.11 cpe:/a:mozilla:firefox:3.6.11 cpe:/a:mozilla:firefox:3.6.15 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.5.12 cpe:/a:mozilla:firefox:1.5:beta1 cpe:/a:mozilla:seamonkey:1.5.0.8 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:seamonkey:1.5.0.9 cpe:/a:mozilla:seamonkey:2.0.8 cpe:/a:mozilla:firefox:1.0:preview_release cpe:/a:mozilla:seamonkey:1.1.18 cpe:/a:mozilla:firefox:3.0.11 cpe:/a:mozilla:firefox:1.5.8 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:seamonkey:1.5.0.10 cpe:/a:mozilla:firefox:2.0.0.19 cpe:/a:mozilla:firefox:3.5.14 cpe:/a:mozilla:firefox:3.6.3 cpe:/a:mozilla:firefox:3.0.13 cpe:/a:mozilla:firefox:3.6.14 cpe:/a:mozilla:firefox:3.5.18 cpe:/a:mozilla:firefox:3.6.2 cpe:/a:mozilla:seamonkey:2.0:alpha_1 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.17 cpe:/a:mozilla:seamonkey:1.1.19 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:3.5.13 cpe:/a:mozilla:firefox:3.5.11 cpe:/a:mozilla:seamonkey:2.0:alpha_2 cpe:/a:mozilla:seamonkey:2.0.1 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:2.0:alpha_3 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:3.6.10 cpe:/a:mozilla:seamonkey:2.0:rc2 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:seamonkey:2.0.9 cpe:/a:mozilla:firefox:3.5.7 cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:2.0.0.18 cpe:/a:mozilla:firefox:3.5.10 cpe:/a:mozilla:firefox:1.5:beta2 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.5.9 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:firefox:3.5.6 cpe:/a:mozilla:firefox:3.6.16 cpe:/a:mozilla:firefox:2.0.0.20 cpe:/a:mozilla:firefox:3.6.9 cpe:/a:mozilla:firefox:3.6.13 cpe:/a:mozilla:firefox:3.6.12 cpe:/a:mozilla:firefox:3.5.15 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:2.0.0.3 cpe:/a:mozilla:seamonkey:2.0.2 cpe:/a:mozilla:firefox:3.5.16 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:seamonkey:2.0.7 cpe:/a:mozilla:firefox:1.5.6 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:firefox:2.0.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:3.5 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:2.0 cpe:/a:mozilla:firefox:2.0.0.10 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1.15 cpe:/a:mozilla:firefox:3.0.17 cpe:/a:mozilla:firefox:2.0.0.17 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.7 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:firefox:3.0.7

CVE-2011-0065

2011-05-07T14:55:00.997-04:00

2012-01-26T22:56:52.033-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2011-05-09T08:31:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=634986 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-13.html MANDRIVA MDVSA-2011:079 DEBIAN DSA-2235 DEBIAN DSA-2228 DEBIAN DSA-2227 SREASON 8340 SREASON 8331 SREASON 8326 Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.

CVE-2011-0066

2011-05-07T14:55:01.043-04:00

2012-01-26T22:56:52.470-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2011-05-09T08:46:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=634983 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-13.html MANDRIVA MDVSA-2011:079 DEBIAN DSA-2235 DEBIAN DSA-2228 DEBIAN DSA-2227 Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mObserverList.

CVE-2011-0067

2011-05-07T14:55:01.090-04:00

2012-01-26T22:56:56.627-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-05-09T08:53:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=527935 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-14.html MANDRIVA MDVSA-2011:079 DEBIAN DSA-2235 DEBIAN DSA-2228 DEBIAN DSA-2227 Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls.

cpe:/a:mozilla:thunderbird:1.0.8 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:thunderbird:2.0.0.7 cpe:/a:mozilla:thunderbird:1.5.0.6 cpe:/a:mozilla:seamonkey:2.0.4 cpe:/a:mozilla:seamonkey:2.0.13 cpe:/a:mozilla:thunderbird:1.5.0.2 cpe:/a:mozilla:thunderbird:2.0.0.22 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:firefox:3.5.5 cpe:/a:mozilla:thunderbird:1.5.2 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:thunderbird:0.9 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:firefox:3.6.6 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:firefox:3.5.17 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:1.5.0.9 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:0.7.2 cpe:/a:mozilla:thunderbird:2.0.0.2 cpe:/a:mozilla:firefox:4.0:beta12 cpe:/a:mozilla:seamonkey:2.0.11 cpe:/a:mozilla:seamonkey:2.0.5 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:seamonkey:2.0.10 cpe:/a:mozilla:thunderbird:1.5.0.12 cpe:/a:mozilla:thunderbird:2.0.0.21 cpe:/a:mozilla:seamonkey:2.0:beta_2 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.8 cpe:/a:mozilla:seamonkey:2.0.6 cpe:/a:mozilla:seamonkey:2.0.12 cpe:/a:mozilla:thunderbird:0.4 cpe:/a:mozilla:firefox:4.0:beta5 cpe:/a:mozilla:firefox:3.6.4 cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:thunderbird:1.0.6 cpe:/a:mozilla:thunderbird:3.1.2 cpe:/a:mozilla:seamonkey:2.0:rc1 cpe:/a:mozilla:firefox:3.5.4 cpe:/a:mozilla:firefox:3.6 cpe:/a:mozilla:thunderbird:1.7.3 cpe:/a:mozilla:thunderbird:1.5.0.10 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:firefox:3.6.7 cpe:/a:mozilla:thunderbird:0.5 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:thunderbird:1.5:beta2 cpe:/a:mozilla:thunderbird:3.1.1 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:firefox:4.0 cpe:/a:mozilla:firefox:4.0:beta11 cpe:/a:mozilla:firefox:4.0:beta3 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:thunderbird:1.5.0.14 cpe:/a:mozilla:thunderbird:3.1.4 cpe:/a:mozilla:firefox:4.0:beta10 cpe:/a:mozilla:firefox:3.5.8 cpe:/a:mozilla:firefox:3.6.8 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:firefox:4.0:beta7 cpe:/a:mozilla:thunderbird:3.1.9 cpe:/a:mozilla:thunderbird:0.7 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:2.0:beta_1 cpe:/a:mozilla:thunderbird:1.5.1 cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:thunderbird:0.7.1 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:2.0.3 cpe:/a:mozilla:firefox:4.0:beta4 cpe:/a:mozilla:thunderbird:0.7.3 cpe:/a:mozilla:firefox:3.6.11 cpe:/a:mozilla:firefox:3.6.15 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:thunderbird:3.1.3 cpe:/a:mozilla:firefox:3.5.12 cpe:/a:mozilla:seamonkey:1.5.0.8 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:thunderbird:1.0.7 cpe:/a:mozilla:thunderbird:1.5.0.8 cpe:/a:mozilla:seamonkey:1.5.0.9 cpe:/a:mozilla:seamonkey:2.0.8 cpe:/a:mozilla:thunderbird:2.0.0.1 cpe:/a:mozilla:seamonkey:1.1.18 cpe:/a:mozilla:firefox:4.0:beta2 cpe:/a:mozilla:seamonkey:1.5.0.10 cpe:/a:mozilla:firefox:4.0:beta6 cpe:/a:mozilla:thunderbird:1.5.0.1 cpe:/a:mozilla:thunderbird:0.3 cpe:/a:mozilla:thunderbird:1.0 cpe:/a:mozilla:firefox:3.6.3 cpe:/a:mozilla:firefox:3.5.14 cpe:/a:mozilla:firefox:3.6.14 cpe:/a:mozilla:firefox:3.5.18 cpe:/a:mozilla:thunderbird:3.1.8 cpe:/a:mozilla:firefox:3.6.2 cpe:/a:mozilla:seamonkey:2.0:alpha_1 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:thunderbird:1.0.4 cpe:/a:mozilla:thunderbird:1.5 cpe:/a:mozilla:thunderbird:2.0.0.3 cpe:/a:mozilla:seamonkey:1.1.17 cpe:/a:mozilla:seamonkey:1.1.19 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:2.0:alpha_2 cpe:/a:mozilla:firefox:3.5.13 cpe:/a:mozilla:firefox:3.5.11 cpe:/a:mozilla:seamonkey:2.0.1 cpe:/a:mozilla:thunderbird:1.5.0.7 cpe:/a:mozilla:firefox:4.0:beta8 cpe:/a:mozilla:thunderbird:0.1 cpe:/a:mozilla:thunderbird:0.8 cpe:/a:mozilla:thunderbird:1.0.5 cpe:/a:mozilla:thunderbird:1.0.1 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:2.0:alpha_3 cpe:/a:mozilla:firefox:3.6.10 cpe:/a:mozilla:seamonkey:2.0:rc2 cpe:/a:mozilla:seamonkey:2.0.9 cpe:/a:mozilla:firefox:3.5.7 cpe:/a:mozilla:firefox:4.0:beta1 cpe:/a:mozilla:firefox:3.5.10 cpe:/a:mozilla:firefox:3.5.9 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:firefox:3.5.6 cpe:/a:mozilla:thunderbird:0.2 cpe:/a:mozilla:firefox:3.6.16 cpe:/a:mozilla:firefox:3.6.9 cpe:/a:mozilla:thunderbird:3.1 cpe:/a:mozilla:firefox:3.6.13 cpe:/a:mozilla:firefox:3.6.12 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:thunderbird:1.5.0.5 cpe:/a:mozilla:firefox:4.0:beta9 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:firefox:3.5.15 cpe:/a:mozilla:thunderbird:1.5.0.13 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:seamonkey:2.0.2 cpe:/a:mozilla:firefox:3.5.16 cpe:/a:mozilla:seamonkey:2.0.7 cpe:/a:mozilla:thunderbird:3.1.5 cpe:/a:mozilla:thunderbird:3.1.6 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:thunderbird:1.5.0.4 cpe:/a:mozilla:thunderbird:1.5.0.3 cpe:/a:mozilla:thunderbird:2.0 cpe:/a:mozilla:thunderbird:2.0.0.23 cpe:/a:mozilla:firefox:3.5 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:2.0 cpe:/a:mozilla:thunderbird:3.1.7 cpe:/a:mozilla:thunderbird:1.5.0.11 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1.15 cpe:/a:mozilla:thunderbird:0.6 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:thunderbird:1.0.3 cpe:/a:mozilla:thunderbird:1.0.2 cpe:/a:mozilla:thunderbird:1.7.1 cpe:/a:mozilla:seamonkey:1.1.4

CVE-2011-0069

2011-05-07T14:55:01.120-04:00

2012-01-26T22:56:56.783-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2011-05-09T09:18:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=644069 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-12.html MANDRIVA MDVSA-2011:080 MANDRIVA MDVSA-2011:079 DEBIAN DSA-2235 DEBIAN DSA-2228 DEBIAN DSA-2227 Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070.

CVE-2011-0070

2011-05-07T14:55:01.167-04:00

2012-01-26T22:56:56.937-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2011-05-09T09:36:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=645565 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-12.html MANDRIVA MDVSA-2011:080 MANDRIVA MDVSA-2011:079 DEBIAN DSA-2235 DEBIAN DSA-2228 DEBIAN DSA-2227 Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0069.

cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:thunderbird:2.0.0.7 cpe:/a:mozilla:thunderbird:1.5.0.6 cpe:/a:mozilla:seamonkey:2.0.13 cpe:/a:mozilla:seamonkey:2.0.4 cpe:/a:mozilla:thunderbird:1.5.0.2 cpe:/a:mozilla:firefox:3.5.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:thunderbird:1.5.2 cpe:/a:mozilla:thunderbird:0.9 cpe:/a:mozilla:firefox:1.5.4 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:firefox:2.0.0.8 cpe:/a:mozilla:firefox:3.0.14 cpe:/a:mozilla:firefox:1.5.2 cpe:/a:mozilla:firefox:3.0.12 cpe:/a:mozilla:firefox:3.6.6 cpe:/a:mozilla:firefox:3.0.16 cpe:/a:mozilla:firefox:2.0.0.13 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:seamonkey:2.0.11 cpe:/a:mozilla:seamonkey:2.0.10 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:firefox:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.21 cpe:/a:mozilla:seamonkey:2.0:beta_2 cpe:/a:mozilla:firefox:1.5.3 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:seamonkey:2.0.12 cpe:/a:mozilla:thunderbird:3.0.1 cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:thunderbird:3.1.2 cpe:/a:mozilla:seamonkey:2.0:rc1 cpe:/a:mozilla:thunderbird:1.7.3 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:thunderbird:1.5.0.10 cpe:/a:mozilla:firefox:3.6.7 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:thunderbird:1.5.0.14 cpe:/a:mozilla:firefox:1.5.5 cpe:/a:mozilla:firefox:3.5.8 cpe:/a:mozilla:firefox:2.0.0.15 cpe:/a:mozilla:firefox:3.0.15 cpe:/a:mozilla:thunderbird:0.7 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:seamonkey:2.0:beta_1 cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:firefox:2.0.0.16 cpe:/a:mozilla:firefox:3.0.10 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:thunderbird:0.7.1 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:seamonkey:2.0.3 cpe:/a:mozilla:thunderbird:3.0.10 cpe:/a:mozilla:firefox:2.0.0.11 cpe:/a:mozilla:firefox:3.6.15 cpe:/a:mozilla:firefox:3.5.12 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:thunderbird:1.0.7 cpe:/a:mozilla:seamonkey:2.0.8 cpe:/a:mozilla:seamonkey:1.5.0.9 cpe:/a:mozilla:firefox:1.0:preview_release cpe:/a:mozilla:seamonkey:1.1.18 cpe:/a:mozilla:thunderbird:2.0.0.1 cpe:/a:mozilla:firefox:1.5.8 cpe:/a:mozilla:seamonkey:1.5.0.10 cpe:/a:mozilla:thunderbird:1.5.0.1 cpe:/a:mozilla:firefox:2.0.0.19 cpe:/a:mozilla:thunderbird:0.3 cpe:/a:mozilla:firefox:3.6.3 cpe:/a:mozilla:firefox:3.5.14 cpe:/a:mozilla:firefox:3.0.13 cpe:/a:mozilla:firefox:3.6.14 cpe:/a:mozilla:firefox:3.6.2 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:thunderbird:1.0.4 cpe:/a:mozilla:seamonkey:1.1.19 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:firefox:3.5.13 cpe:/a:mozilla:seamonkey:2.0.1 cpe:/a:mozilla:seamonkey:2.0:alpha_3 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:seamonkey:2.0:rc2 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:3.5.7 cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:2.0.0.18 cpe:/a:mozilla:firefox:1.5:beta2 cpe:/a:mozilla:firefox:3.5.9 cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:firefox:3.5.6 cpe:/a:mozilla:firefox:3.6.16 cpe:/a:mozilla:thunderbird:3.0.9 cpe:/a:mozilla:firefox:3.6.9 cpe:/a:mozilla:firefox:2.0.0.20 cpe:/a:mozilla:firefox:3.6.12 cpe:/a:mozilla:thunderbird:1.5.0.5 cpe:/a:mozilla:firefox:3.5.15 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:seamonkey:2.0.7 cpe:/a:mozilla:thunderbird:3.1.5 cpe:/a:mozilla:thunderbird:3.1.6 cpe:/a:mozilla:thunderbird:1.5.0.3 cpe:/a:mozilla:firefox:2.0.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:2.0 cpe:/a:mozilla:firefox:3.0.17 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:thunderbird:1.0.3 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:thunderbird:3.0 cpe:/a:mozilla:thunderbird:1.0.8 cpe:/a:mozilla:thunderbird:3.0.7 cpe:/a:mozilla:thunderbird:2.0.0.22 cpe:/a:mozilla:firefox:2.0.0.5 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:thunderbird:3.0.2 cpe:/a:mozilla:firefox:2.0.0.14 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:firefox:3.5.17 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:1.5.0.9 cpe:/a:mozilla:firefox:1.5.1 cpe:/a:mozilla:thunderbird:0.7.2 cpe:/a:mozilla:thunderbird:2.0.0.2 cpe:/a:mozilla:seamonkey:2.0.5 cpe:/a:mozilla:thunderbird:1.5.0.12 cpe:/a:mozilla:firefox:2.0.0.9 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:seamonkey:2.0.6 cpe:/a:mozilla:thunderbird:2.0.0.8 cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:0.4 cpe:/a:mozilla:thunderbird:3.0.8 cpe:/a:mozilla:firefox:3.6.4 cpe:/a:mozilla:thunderbird:1.0.6 cpe:/a:mozilla:firefox:3.0.9 cpe:/a:mozilla:firefox:3.5.4 cpe:/a:mozilla:firefox:3.6 cpe:/a:mozilla:firefox:2.0.0.12 cpe:/a:mozilla:thunderbird:0.5 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:thunderbird:1.5:beta2 cpe:/a:mozilla:thunderbird:3.1.1 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:thunderbird:3.1.4 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:3.6.8 cpe:/a:mozilla:firefox:3.0.8 cpe:/a:mozilla:thunderbird:3.0.4 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:thunderbird:3.1.9 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:thunderbird:1.5.1 cpe:/a:mozilla:thunderbird:3.0.5 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:thunderbird:0.7.3 cpe:/a:mozilla:firefox:3.6.11 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:thunderbird:3.1.3 cpe:/a:mozilla:seamonkey:1.5.0.8 cpe:/a:mozilla:firefox:1.5:beta1 cpe:/a:mozilla:thunderbird:1.5.0.8 cpe:/a:mozilla:firefox:3.0.11 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:thunderbird:1.0 cpe:/a:mozilla:firefox:3.5.18 cpe:/a:mozilla:thunderbird:3.1.8 cpe:/a:mozilla:seamonkey:2.0:alpha_1 cpe:/a:mozilla:thunderbird:1.5 cpe:/a:mozilla:seamonkey:1.1.17 cpe:/a:mozilla:thunderbird:2.0.0.3 cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:3.5.11 cpe:/a:mozilla:seamonkey:2.0:alpha_2 cpe:/a:mozilla:thunderbird:1.5.0.7 cpe:/a:mozilla:thunderbird:0.1 cpe:/a:mozilla:thunderbird:0.8 cpe:/a:mozilla:thunderbird:1.0.5 cpe:/a:mozilla:thunderbird:1.0.1 cpe:/a:mozilla:firefox:3.6.10 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:seamonkey:2.0.9 cpe:/a:mozilla:firefox:3.5.10 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:thunderbird:0.2 cpe:/a:mozilla:thunderbird:3.1 cpe:/a:mozilla:firefox:3.6.13 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:thunderbird:3.0.3 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:thunderbird:1.5.0.13 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:seamonkey:2.0.2 cpe:/a:mozilla:firefox:2.0.0.3 cpe:/a:mozilla:firefox:3.5.16 cpe:/a:mozilla:firefox:1.5.6 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:thunderbird:1.5.0.4 cpe:/a:mozilla:thunderbird:2.0 cpe:/a:mozilla:thunderbird:2.0.0.23 cpe:/a:mozilla:thunderbird:3.0.6 cpe:/a:mozilla:firefox:3.5 cpe:/a:mozilla:thunderbird:3.0.11 cpe:/a:mozilla:thunderbird:3.1.7 cpe:/a:mozilla:firefox:2.0.0.10 cpe:/a:mozilla:thunderbird:1.5.0.11 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1.15 cpe:/a:mozilla:thunderbird:0.6 cpe:/a:mozilla:firefox:2.0.0.17 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:thunderbird:1.0.2 cpe:/a:mozilla:thunderbird:1.7.1 cpe:/a:mozilla:firefox:1.5.7 cpe:/a:mozilla:firefox:3.0.7

CVE-2011-0071

2011-05-07T14:55:01.197-04:00

2012-01-26T22:56:57.097-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-05-09T09:46:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=624764 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-16.html MANDRIVA MDVSA-2011:080 MANDRIVA MDVSA-2011:079 DEBIAN DSA-2235 DEBIAN DSA-2228 DEBIAN DSA-2227 Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL.

cpe:/a:mozilla:thunderbird:1.0.8 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:thunderbird:2.0.0.7 cpe:/a:mozilla:thunderbird:1.5.0.6 cpe:/a:mozilla:seamonkey:2.0.4 cpe:/a:mozilla:seamonkey:2.0.13 cpe:/a:mozilla:thunderbird:1.5.0.2 cpe:/a:mozilla:thunderbird:2.0.0.22 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:firefox:3.5.5 cpe:/a:mozilla:thunderbird:1.5.2 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:thunderbird:0.9 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:firefox:3.6.6 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:firefox:3.5.17 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:1.5.0.9 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:0.7.2 cpe:/a:mozilla:thunderbird:2.0.0.2 cpe:/a:mozilla:seamonkey:2.0.11 cpe:/a:mozilla:seamonkey:2.0.5 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:seamonkey:2.0.10 cpe:/a:mozilla:thunderbird:1.5.0.12 cpe:/a:mozilla:thunderbird:2.0.0.21 cpe:/a:mozilla:seamonkey:2.0:beta_2 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.8 cpe:/a:mozilla:seamonkey:2.0.6 cpe:/a:mozilla:seamonkey:2.0.12 cpe:/a:mozilla:thunderbird:0.4 cpe:/a:mozilla:firefox:3.6.4 cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:thunderbird:1.0.6 cpe:/a:mozilla:thunderbird:3.1.2 cpe:/a:mozilla:seamonkey:2.0:rc1 cpe:/a:mozilla:firefox:3.5.4 cpe:/a:mozilla:firefox:3.6 cpe:/a:mozilla:thunderbird:1.7.3 cpe:/a:mozilla:thunderbird:1.5.0.10 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:firefox:3.6.7 cpe:/a:mozilla:thunderbird:0.5 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:thunderbird:1.5:beta2 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:thunderbird:3.1.1 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:thunderbird:1.5.0.14 cpe:/a:mozilla:thunderbird:3.1.4 cpe:/a:mozilla:firefox:3.5.8 cpe:/a:mozilla:firefox:3.6.8 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:thunderbird:3.1.9 cpe:/a:mozilla:thunderbird:0.7 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:2.0:beta_1 cpe:/a:mozilla:thunderbird:1.5.1 cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:thunderbird:0.7.1 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:2.0.3 cpe:/a:mozilla:thunderbird:0.7.3 cpe:/a:mozilla:firefox:3.6.11 cpe:/a:mozilla:firefox:3.6.15 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:thunderbird:3.1.3 cpe:/a:mozilla:firefox:3.5.12 cpe:/a:mozilla:seamonkey:1.5.0.8 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:thunderbird:1.0.7 cpe:/a:mozilla:thunderbird:1.5.0.8 cpe:/a:mozilla:seamonkey:1.5.0.9 cpe:/a:mozilla:seamonkey:2.0.8 cpe:/a:mozilla:thunderbird:2.0.0.1 cpe:/a:mozilla:seamonkey:1.1.18 cpe:/a:mozilla:seamonkey:1.5.0.10 cpe:/a:mozilla:thunderbird:1.5.0.1 cpe:/a:mozilla:thunderbird:0.3 cpe:/a:mozilla:thunderbird:1.0 cpe:/a:mozilla:firefox:3.6.3 cpe:/a:mozilla:firefox:3.5.14 cpe:/a:mozilla:firefox:3.6.14 cpe:/a:mozilla:firefox:3.5.18 cpe:/a:mozilla:thunderbird:3.1.8 cpe:/a:mozilla:firefox:3.6.2 cpe:/a:mozilla:seamonkey:2.0:alpha_1 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:thunderbird:1.0.4 cpe:/a:mozilla:thunderbird:1.5 cpe:/a:mozilla:thunderbird:2.0.0.3 cpe:/a:mozilla:seamonkey:1.1.17 cpe:/a:mozilla:seamonkey:1.1.19 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:2.0:alpha_2 cpe:/a:mozilla:firefox:3.5.13 cpe:/a:mozilla:firefox:3.5.11 cpe:/a:mozilla:seamonkey:2.0.1 cpe:/a:mozilla:thunderbird:1.5.0.7 cpe:/a:mozilla:thunderbird:0.1 cpe:/a:mozilla:thunderbird:0.8 cpe:/a:mozilla:thunderbird:1.0.5 cpe:/a:mozilla:thunderbird:1.0.1 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:2.0:alpha_3 cpe:/a:mozilla:firefox:3.6.10 cpe:/a:mozilla:seamonkey:2.0:rc2 cpe:/a:mozilla:seamonkey:2.0.9 cpe:/a:mozilla:firefox:3.5.7 cpe:/a:mozilla:firefox:3.5.10 cpe:/a:mozilla:firefox:3.5.9 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:firefox:3.5.6 cpe:/a:mozilla:thunderbird:0.2 cpe:/a:mozilla:firefox:3.6.16 cpe:/a:mozilla:firefox:3.6.9 cpe:/a:mozilla:thunderbird:3.1 cpe:/a:mozilla:firefox:3.6.13 cpe:/a:mozilla:firefox:3.6.12 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:thunderbird:1.5.0.5 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:firefox:3.5.15 cpe:/a:mozilla:thunderbird:1.5.0.13 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:seamonkey:2.0.2 cpe:/a:mozilla:firefox:3.5.16 cpe:/a:mozilla:seamonkey:2.0.7 cpe:/a:mozilla:thunderbird:3.1.5 cpe:/a:mozilla:thunderbird:3.1.6 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:thunderbird:1.5.0.4 cpe:/a:mozilla:thunderbird:1.5.0.3 cpe:/a:mozilla:thunderbird:2.0 cpe:/a:mozilla:thunderbird:2.0.0.23 cpe:/a:mozilla:firefox:3.5 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:2.0 cpe:/a:mozilla:thunderbird:3.1.7 cpe:/a:mozilla:thunderbird:1.5.0.11 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1.15 cpe:/a:mozilla:thunderbird:0.6 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:thunderbird:1.0.3 cpe:/a:mozilla:thunderbird:1.0.2 cpe:/a:mozilla:thunderbird:1.7.1 cpe:/a:mozilla:seamonkey:1.1.4

CVE-2011-0072

2011-05-07T14:55:01.247-04:00

2012-01-26T22:56:57.250-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2011-05-09T10:13:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=624187 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-12.html MANDRIVA MDVSA-2011:080 MANDRIVA MDVSA-2011:079 DEBIAN DSA-2235 DEBIAN DSA-2228 DEBIAN DSA-2227 Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078.

CVE-2011-0073

2011-05-07T14:55:01.293-04:00

2012-01-26T22:56:57.407-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2011-05-09T10:26:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=630919 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-13.html MANDRIVA MDVSA-2011:079 DEBIAN DSA-2235 DEBIAN DSA-2228 DEBIAN DSA-2227 SREASON 8310 Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."

cpe:/a:mozilla:thunderbird:1.0.8 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:thunderbird:2.0.0.7 cpe:/a:mozilla:thunderbird:1.5.0.6 cpe:/a:mozilla:seamonkey:2.0.4 cpe:/a:mozilla:seamonkey:2.0.13 cpe:/a:mozilla:thunderbird:1.5.0.2 cpe:/a:mozilla:thunderbird:2.0.0.22 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:firefox:3.5.5 cpe:/a:mozilla:thunderbird:1.5.2 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:thunderbird:0.9 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:firefox:3.6.6 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:firefox:3.5.17 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:1.5.0.9 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:0.7.2 cpe:/a:mozilla:thunderbird:2.0.0.2 cpe:/a:mozilla:seamonkey:2.0.11 cpe:/a:mozilla:seamonkey:2.0.5 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:seamonkey:2.0.10 cpe:/a:mozilla:thunderbird:1.5.0.12 cpe:/a:mozilla:thunderbird:2.0.0.21 cpe:/a:mozilla:seamonkey:2.0:beta_2 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.8 cpe:/a:mozilla:seamonkey:2.0.6 cpe:/a:mozilla:seamonkey:2.0.12 cpe:/a:mozilla:thunderbird:0.4 cpe:/a:mozilla:firefox:3.6.4 cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:thunderbird:1.0.6 cpe:/a:mozilla:thunderbird:3.1.2 cpe:/a:mozilla:seamonkey:2.0:rc1 cpe:/a:mozilla:firefox:3.5.4 cpe:/a:mozilla:firefox:3.6 cpe:/a:mozilla:thunderbird:1.7.3 cpe:/a:mozilla:thunderbird:1.5.0.10 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:firefox:3.6.7 cpe:/a:mozilla:thunderbird:0.5 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:thunderbird:1.5:beta2 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:thunderbird:3.1.1 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:thunderbird:1.5.0.14 cpe:/a:mozilla:thunderbird:3.1.4 cpe:/a:mozilla:firefox:3.5.8 cpe:/a:mozilla:firefox:3.6.8 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:thunderbird:3.1.9 cpe:/a:mozilla:thunderbird:0.7 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:2.0:beta_1 cpe:/a:mozilla:thunderbird:1.5.1 cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:thunderbird:0.7.1 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:2.0.3 cpe:/a:mozilla:thunderbird:0.7.3 cpe:/a:mozilla:firefox:3.6.11 cpe:/a:mozilla:firefox:3.6.15 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:thunderbird:3.1.3 cpe:/a:mozilla:firefox:3.5.12 cpe:/a:mozilla:seamonkey:1.5.0.8 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:thunderbird:1.0.7 cpe:/a:mozilla:thunderbird:1.5.0.8 cpe:/a:mozilla:seamonkey:1.5.0.9 cpe:/a:mozilla:seamonkey:2.0.8 cpe:/a:mozilla:thunderbird:2.0.0.1 cpe:/a:mozilla:seamonkey:1.1.18 cpe:/a:mozilla:seamonkey:1.5.0.10 cpe:/a:mozilla:thunderbird:1.5.0.1 cpe:/a:mozilla:thunderbird:0.3 cpe:/a:mozilla:thunderbird:1.0 cpe:/a:mozilla:firefox:3.6.3 cpe:/a:mozilla:firefox:3.5.14 cpe:/a:mozilla:firefox:3.6.14 cpe:/a:mozilla:firefox:3.5.18 cpe:/a:mozilla:thunderbird:3.1.8 cpe:/a:mozilla:firefox:3.6.2 cpe:/a:mozilla:seamonkey:2.0:alpha_1 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:thunderbird:1.0.4 cpe:/a:mozilla:thunderbird:1.5 cpe:/a:mozilla:thunderbird:2.0.0.3 cpe:/a:mozilla:seamonkey:1.1.17 cpe:/a:mozilla:seamonkey:1.1.19 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:2.0:alpha_2 cpe:/a:mozilla:firefox:3.5.13 cpe:/a:mozilla:firefox:3.5.11 cpe:/a:mozilla:seamonkey:2.0.1 cpe:/a:mozilla:thunderbird:1.5.0.7 cpe:/a:mozilla:thunderbird:0.1 cpe:/a:mozilla:thunderbird:0.8 cpe:/a:mozilla:thunderbird:1.0.5 cpe:/a:mozilla:thunderbird:1.0.1 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:2.0:alpha_3 cpe:/a:mozilla:firefox:3.6.10 cpe:/a:mozilla:seamonkey:2.0:rc2 cpe:/a:mozilla:seamonkey:2.0.9 cpe:/a:mozilla:firefox:3.5.7 cpe:/a:mozilla:firefox:3.5.10 cpe:/a:mozilla:firefox:3.5.9 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:firefox:3.5.6 cpe:/a:mozilla:thunderbird:0.2 cpe:/a:mozilla:firefox:3.6.16 cpe:/a:mozilla:firefox:3.6.9 cpe:/a:mozilla:thunderbird:3.1 cpe:/a:mozilla:firefox:3.6.13 cpe:/a:mozilla:firefox:3.6.12 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:thunderbird:1.5.0.5 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:firefox:3.5.15 cpe:/a:mozilla:thunderbird:1.5.0.13 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:seamonkey:2.0.2 cpe:/a:mozilla:firefox:3.5.16 cpe:/a:mozilla:seamonkey:2.0.7 cpe:/a:mozilla:thunderbird:3.1.5 cpe:/a:mozilla:thunderbird:3.1.6 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:thunderbird:1.5.0.4 cpe:/a:mozilla:thunderbird:1.5.0.3 cpe:/a:mozilla:thunderbird:2.0 cpe:/a:mozilla:thunderbird:2.0.0.23 cpe:/a:mozilla:firefox:3.5 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:2.0 cpe:/a:mozilla:thunderbird:3.1.7 cpe:/a:mozilla:thunderbird:1.5.0.11 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1.15 cpe:/a:mozilla:thunderbird:0.6 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:thunderbird:1.0.3 cpe:/a:mozilla:thunderbird:1.0.2 cpe:/a:mozilla:thunderbird:1.7.1 cpe:/a:mozilla:seamonkey:1.1.4

CVE-2011-0074

2011-05-07T14:55:01.323-04:00

2012-01-26T22:56:57.580-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2011-05-09T10:27:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=619021 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-12.html MANDRIVA MDVSA-2011:080 MANDRIVA MDVSA-2011:079 DEBIAN DSA-2235 DEBIAN DSA-2228 DEBIAN DSA-2227 Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078.

cpe:/a:mozilla:thunderbird:1.0.8 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:thunderbird:2.0.0.7 cpe:/a:mozilla:thunderbird:1.5.0.6 cpe:/a:mozilla:seamonkey:2.0.4 cpe:/a:mozilla:seamonkey:2.0.13 cpe:/a:mozilla:thunderbird:1.5.0.2 cpe:/a:mozilla:thunderbird:2.0.0.22 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:firefox:3.5.5 cpe:/a:mozilla:thunderbird:1.5.2 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:thunderbird:0.9 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:firefox:3.6.6 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:firefox:3.5.17 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:1.5.0.9 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:0.7.2 cpe:/a:mozilla:thunderbird:2.0.0.2 cpe:/a:mozilla:seamonkey:2.0.11 cpe:/a:mozilla:seamonkey:2.0.5 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:seamonkey:2.0.10 cpe:/a:mozilla:thunderbird:1.5.0.12 cpe:/a:mozilla:thunderbird:2.0.0.21 cpe:/a:mozilla:seamonkey:2.0:beta_2 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.8 cpe:/a:mozilla:seamonkey:2.0.6 cpe:/a:mozilla:seamonkey:2.0.12 cpe:/a:mozilla:thunderbird:0.4 cpe:/a:mozilla:firefox:3.6.4 cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:thunderbird:1.0.6 cpe:/a:mozilla:thunderbird:3.1.2 cpe:/a:mozilla:seamonkey:2.0:rc1 cpe:/a:mozilla:firefox:3.5.4 cpe:/a:mozilla:firefox:3.6 cpe:/a:mozilla:thunderbird:1.7.3 cpe:/a:mozilla:thunderbird:1.5.0.10 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:firefox:3.6.7 cpe:/a:mozilla:thunderbird:0.5 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:thunderbird:1.5:beta2 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:thunderbird:3.1.1 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:thunderbird:1.5.0.14 cpe:/a:mozilla:thunderbird:3.1.4 cpe:/a:mozilla:firefox:3.5.8 cpe:/a:mozilla:firefox:3.6.8 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:thunderbird:3.1.9 cpe:/a:mozilla:thunderbird:0.7 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:2.0:beta_1 cpe:/a:mozilla:thunderbird:1.5.1 cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:thunderbird:0.7.1 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:2.0.3 cpe:/a:mozilla:thunderbird:0.7.3 cpe:/a:mozilla:firefox:3.6.11 cpe:/a:mozilla:firefox:3.6.15 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:thunderbird:3.1.3 cpe:/a:mozilla:firefox:3.5.12 cpe:/a:mozilla:seamonkey:1.5.0.8 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:thunderbird:1.0.7 cpe:/a:mozilla:thunderbird:1.5.0.8 cpe:/a:mozilla:seamonkey:1.5.0.9 cpe:/a:mozilla:seamonkey:2.0.8 cpe:/a:mozilla:thunderbird:2.0.0.1 cpe:/a:mozilla:seamonkey:1.1.18 cpe:/a:mozilla:seamonkey:1.5.0.10 cpe:/a:mozilla:thunderbird:1.5.0.1 cpe:/a:mozilla:thunderbird:0.3 cpe:/a:mozilla:thunderbird:1.0 cpe:/a:mozilla:firefox:3.6.3 cpe:/a:mozilla:firefox:3.5.14 cpe:/a:mozilla:firefox:3.6.14 cpe:/a:mozilla:firefox:3.5.18 cpe:/a:mozilla:thunderbird:3.1.8 cpe:/a:mozilla:firefox:3.6.2 cpe:/a:mozilla:seamonkey:2.0:alpha_1 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:thunderbird:1.0.4 cpe:/a:mozilla:thunderbird:1.5 cpe:/a:mozilla:thunderbird:2.0.0.3 cpe:/a:mozilla:seamonkey:1.1.17 cpe:/a:mozilla:seamonkey:1.1.19 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:2.0:alpha_2 cpe:/a:mozilla:firefox:3.5.13 cpe:/a:mozilla:firefox:3.5.11 cpe:/a:mozilla:seamonkey:2.0.1 cpe:/a:mozilla:thunderbird:1.5.0.7 cpe:/a:mozilla:thunderbird:0.1 cpe:/a:mozilla:thunderbird:0.8 cpe:/a:mozilla:thunderbird:1.0.5 cpe:/a:mozilla:thunderbird:1.0.1 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:2.0:alpha_3 cpe:/a:mozilla:firefox:3.6.10 cpe:/a:mozilla:seamonkey:2.0:rc2 cpe:/a:mozilla:seamonkey:2.0.9 cpe:/a:mozilla:firefox:3.5.7 cpe:/a:mozilla:firefox:3.5.10 cpe:/a:mozilla:firefox:3.5.9 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:firefox:3.5.6 cpe:/a:mozilla:thunderbird:0.2 cpe:/a:mozilla:firefox:3.6.16 cpe:/a:mozilla:firefox:3.6.9 cpe:/a:mozilla:thunderbird:3.1 cpe:/a:mozilla:firefox:3.6.13 cpe:/a:mozilla:firefox:3.6.12 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:thunderbird:1.5.0.5 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:firefox:3.5.15 cpe:/a:mozilla:thunderbird:1.5.0.13 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:seamonkey:2.0.2 cpe:/a:mozilla:firefox:3.5.16 cpe:/a:mozilla:seamonkey:2.0.7 cpe:/a:mozilla:thunderbird:3.1.5 cpe:/a:mozilla:thunderbird:3.1.6 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:thunderbird:1.5.0.4 cpe:/a:mozilla:thunderbird:1.5.0.3 cpe:/a:mozilla:thunderbird:2.0 cpe:/a:mozilla:thunderbird:2.0.0.23 cpe:/a:mozilla:firefox:3.5 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:2.0 cpe:/a:mozilla:thunderbird:3.1.7 cpe:/a:mozilla:thunderbird:1.5.0.11 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1.15 cpe:/a:mozilla:thunderbird:0.6 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:thunderbird:1.0.3 cpe:/a:mozilla:thunderbird:1.0.2 cpe:/a:mozilla:thunderbird:1.7.1 cpe:/a:mozilla:seamonkey:1.1.4

CVE-2011-0075

2011-05-07T14:55:01.357-04:00

2012-01-26T22:56:57.737-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2011-05-09T10:30:00.000-04:00

CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=635977 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-12.html MANDRIVA MDVSA-2011:080 MANDRIVA MDVSA-2011:079 DEBIAN DSA-2235 DEBIAN DSA-2228 DEBIAN DSA-2227 Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0077, and CVE-2011-0078.

cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:2.0.4 cpe:/a:mozilla:seamonkey:2.0.13 cpe:/a:mozilla:firefox:3.5.5 cpe:/a:mozilla:firefox:2.0.0.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:2.0.0.14 cpe:/a:mozilla:firefox:1.5.4 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:firefox:2.0.0.8 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:firefox:3.0.14 cpe:/a:mozilla:firefox:3.0.12 cpe:/a:mozilla:firefox:1.5.2 cpe:/a:mozilla:firefox:3.6.6 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:firefox:2.0.0.13 cpe:/a:mozilla:firefox:3.0.16 cpe:/a:mozilla:firefox:3.5.17 cpe:/a:mozilla:firefox:1.5.1 cpe:/a:mozilla:seamonkey:2.0.11 cpe:/a:mozilla:seamonkey:2.0.5 cpe:/a:mozilla:seamonkey:2.0.10 cpe:/a:mozilla:firefox:2.0.0.6 cpe:/a:mozilla:firefox:2.0.0.9 cpe:/a:mozilla:seamonkey:2.0:beta_2 cpe:/a:mozilla:firefox:1.5.3 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:seamonkey:2.0.6 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:seamonkey:2.0.12 cpe:/a:mozilla:firefox:3.6.4 cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:2.0:rc1 cpe:/a:mozilla:firefox:3.5.4 cpe:/a:mozilla:firefox:3.0.9 cpe:/a:mozilla:firefox:2.0.0.12 cpe:/a:mozilla:firefox:3.6 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:firefox:3.6.7 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:firefox:1.5.5 cpe:/a:mozilla:firefox:3.5.8 cpe:/a:mozilla:firefox:3.6.8 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:3.0.8 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:firefox:2.0.0.15 cpe:/a:mozilla:firefox:3.0.15 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:2.0:beta_1 cpe:/a:mozilla:firefox:3.0.10 cpe:/a:mozilla:firefox:2.0.0.16 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:seamonkey:2.0.3 cpe:/a:mozilla:firefox:2.0.0.11 cpe:/a:mozilla:firefox:3.6.11 cpe:/a:mozilla:firefox:3.6.15 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.5.12 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:firefox:1.5:beta1 cpe:/a:mozilla:seamonkey:1.5.0.8 cpe:/a:mozilla:seamonkey:1.5.0.9 cpe:/a:mozilla:seamonkey:2.0.8 cpe:/a:mozilla:firefox:3.0.11 cpe:/a:mozilla:seamonkey:1.1.18 cpe:/a:mozilla:firefox:1.0:preview_release cpe:/a:mozilla:firefox:1.5.8 cpe:/a:mozilla:seamonkey:1.5.0.10 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:firefox:2.0.0.19 cpe:/a:mozilla:firefox:3.0.13 cpe:/a:mozilla:firefox:3.5.14 cpe:/a:mozilla:firefox:3.6.3 cpe:/a:mozilla:firefox:3.6.14 cpe:/a:mozilla:firefox:3.5.18 cpe:/a:mozilla:firefox:3.6.2 cpe:/a:mozilla:seamonkey:2.0:alpha_1 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:seamonkey:1.1.17 cpe:/a:mozilla:seamonkey:1.1.19 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:seamonkey:2.0:alpha_2 cpe:/a:mozilla:firefox:3.5.11 cpe:/a:mozilla:firefox:3.5.13 cpe:/a:mozilla:seamonkey:2.0.1 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:2.0:alpha_3 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:3.6.10 cpe:/a:mozilla:seamonkey:2.0:rc2 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:firefox:3.5.7 cpe:/a:mozilla:seamonkey:2.0.9 cpe:/a:mozilla:firefox:3.5.10 cpe:/a:mozilla:firefox:2.0.0.18 cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.5:beta2 cpe:/a:mozilla:firefox:3.5.9 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.5.6 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:firefox:3.6.16 cpe:/a:mozilla:firefox:2.0.0.20 cpe:/a:mozilla:firefox:3.6.9 cpe:/a:mozilla:firefox:3.6.12 cpe:/a:mozilla:firefox:3.6.13 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:firefox:3.5.15 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:2.0.0.1