rhsa-2010_0500
Vulnerability from csaf_redhat
Published
2010-06-22 21:57
Modified
2024-11-22 03:33
Summary
Red Hat Security Advisory: firefox security, bug fix, and enhancement update
Notes
Topic
An updated firefox package that addresses security issues, fixes bugs, adds
numerous enhancements, and upgrades Firefox to version 3.6.4, is now
available for Red Hat Enterprise Linux 4.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Mozilla Firefox is an open source web browser.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203)
A flaw was found in the way browser plug-ins interact. It was possible for
a plug-in to reference the freed memory from a different plug-in, resulting
in the execution of arbitrary code with the privileges of the user running
Firefox. (CVE-2010-1198)
Several integer overflow flaws were found in the processing of malformed
web content. A web page containing malicious content could cause Firefox to
crash or, potentially, execute arbitrary code with the privileges of the
user running Firefox. (CVE-2010-1196, CVE-2010-1199)
A focus stealing flaw was found in the way Firefox handled focus changes. A
malicious website could use this flaw to steal sensitive data from a user,
such as usernames and passwords. (CVE-2010-1125)
A flaw was found in the way Firefox handled the "Content-Disposition:
attachment" HTTP header when the "Content-Type: multipart" HTTP header was
also present. A website that allows arbitrary uploads and relies on the
"Content-Disposition: attachment" HTTP header to prevent content from being
displayed inline, could be used by an attacker to serve malicious content
to users. (CVE-2010-1197)
A flaw was found in the Firefox Math.random() function. This function could
be used to identify a browsing session and track a user across different
websites. (CVE-2008-5913)
A flaw was found in the Firefox XML document loading security checks.
Certain security checks were not being called when an XML document was
loaded. This could possibly be leveraged later by an attacker to load
certain resources that violate the security policies of the browser or its
add-ons. Note that this issue cannot be exploited by only loading an XML
document. (CVE-2010-0182)
For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 3.6.4. You can find a link to the Mozilla advisories
in the References section of this erratum.
This erratum upgrades Firefox from version 3.0.19 to version 3.6.4, and as
such, contains multiple bug fixes and numerous enhancements. Space
precludes documenting these changes in this advisory. For details
concerning these changes, refer to the Firefox Release Notes links in the
References section of this erratum.
Important: Firefox 3.6.4 is not completely backwards-compatible with all
Mozilla Add-ons and Firefox plug-ins that worked with Firefox 3.0.19.
Firefox 3.6 checks compatibility on first-launch, and, depending on the
individual configuration and the installed Add-ons and plug-ins, may
disable said Add-ons and plug-ins, or attempt to check for updates and
upgrade them. Add-ons and plug-ins may have to be manually updated.
All Firefox users should upgrade to this updated package, which contains
Firefox version 3.6.4. After installing the update, Firefox must be
restarted for the changes to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An updated firefox package that addresses security issues, fixes bugs, adds\nnumerous enhancements, and upgrades Firefox to version 3.6.4, is now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Mozilla Firefox is an open source web browser.\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203)\n\nA flaw was found in the way browser plug-ins interact. It was possible for\na plug-in to reference the freed memory from a different plug-in, resulting\nin the execution of arbitrary code with the privileges of the user running\nFirefox. (CVE-2010-1198)\n\nSeveral integer overflow flaws were found in the processing of malformed\nweb content. A web page containing malicious content could cause Firefox to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running Firefox. (CVE-2010-1196, CVE-2010-1199)\n\nA focus stealing flaw was found in the way Firefox handled focus changes. A\nmalicious website could use this flaw to steal sensitive data from a user,\nsuch as usernames and passwords. (CVE-2010-1125)\n\nA flaw was found in the way Firefox handled the \"Content-Disposition:\nattachment\" HTTP header when the \"Content-Type: multipart\" HTTP header was\nalso present. A website that allows arbitrary uploads and relies on the\n\"Content-Disposition: attachment\" HTTP header to prevent content from being\ndisplayed inline, could be used by an attacker to serve malicious content\nto users. (CVE-2010-1197)\n\nA flaw was found in the Firefox Math.random() function. This function could\nbe used to identify a browsing session and track a user across different\nwebsites. (CVE-2008-5913)\n\nA flaw was found in the Firefox XML document loading security checks.\nCertain security checks were not being called when an XML document was\nloaded. This could possibly be leveraged later by an attacker to load\ncertain resources that violate the security policies of the browser or its\nadd-ons. Note that this issue cannot be exploited by only loading an XML\ndocument. (CVE-2010-0182)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 3.6.4. You can find a link to the Mozilla advisories\nin the References section of this erratum.\n\nThis erratum upgrades Firefox from version 3.0.19 to version 3.6.4, and as\nsuch, contains multiple bug fixes and numerous enhancements. Space\nprecludes documenting these changes in this advisory. For details\nconcerning these changes, refer to the Firefox Release Notes links in the\nReferences section of this erratum.\n\nImportant: Firefox 3.6.4 is not completely backwards-compatible with all\nMozilla Add-ons and Firefox plug-ins that worked with Firefox 3.0.19.\nFirefox 3.6 checks compatibility on first-launch, and, depending on the\nindividual configuration and the installed Add-ons and plug-ins, may\ndisable said Add-ons and plug-ins, or attempt to check for updates and\nupgrade them. Add-ons and plug-ins may have to be manually updated.\n\nAll Firefox users should upgrade to this updated package, which contains\nFirefox version 3.6.4. After installing the update, Firefox must be\nrestarted for the changes to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2010:0500", "url": "https://access.redhat.com/errata/RHSA-2010:0500" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "http://mozilla.com/en-US/firefox/3.6.4/releasenotes/", "url": "http://mozilla.com/en-US/firefox/3.6.4/releasenotes/" }, { "category": "external", "summary": "http://mozilla.com/en-US/firefox/3.6/releasenotes/", "url": "http://mozilla.com/en-US/firefox/3.6/releasenotes/" }, { "category": "external", "summary": "http://mozilla.org/security/known-vulnerabilities/firefox35.html", "url": "http://mozilla.org/security/known-vulnerabilities/firefox35.html" }, { "category": "external", "summary": "http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.4", "url": "http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.4" }, { "category": "external", "summary": "480938", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=480938" }, { "category": "external", "summary": "577029", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=577029" }, { "category": "external", "summary": "577584", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=577584" }, { "category": "external", "summary": "586580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=586580" }, { "category": "external", "summary": "590804", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590804" }, { "category": "external", "summary": "590810", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590810" }, { "category": "external", "summary": "590816", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590816" }, { "category": "external", "summary": "590828", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590828" }, { "category": "external", "summary": "590830", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590830" }, { "category": "external", "summary": "590833", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590833" }, { "category": "external", "summary": "590850", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590850" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0500.json" } ], "title": "Red Hat Security Advisory: firefox security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-11-22T03:33:38+00:00", "generator": { "date": "2024-11-22T03:33:38+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2010:0500", "initial_release_date": "2010-06-22T21:57:00+00:00", "revision_history": [ { "date": "2010-06-22T21:57:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2010-06-22T18:01:29+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T03:33:38+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AS version 4", "product": { "name": "Red Hat Enterprise Linux AS version 4", "product_id": "4AS", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:4::as" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop version 4", "product": { "name": "Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:4::desktop" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ES version 4", "product": { "name": "Red Hat Enterprise Linux ES version 4", "product_id": "4ES", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:4::es" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux WS version 4", "product": { "name": "Red Hat Enterprise Linux WS version 4", "product_id": "4WS", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:4::ws" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "firefox-debuginfo-0:3.6.4-8.el4.ia64", "product": { "name": "firefox-debuginfo-0:3.6.4-8.el4.ia64", "product_id": "firefox-debuginfo-0:3.6.4-8.el4.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/firefox-debuginfo@3.6.4-8.el4?arch=ia64" } } }, { "category": "product_version", "name": "firefox-0:3.6.4-8.el4.ia64", "product": { "name": "firefox-0:3.6.4-8.el4.ia64", "product_id": "firefox-0:3.6.4-8.el4.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/firefox@3.6.4-8.el4?arch=ia64" } } } ], "category": "architecture", "name": "ia64" }, { "branches": [ { "category": "product_version", "name": "firefox-debuginfo-0:3.6.4-8.el4.x86_64", "product": { "name": "firefox-debuginfo-0:3.6.4-8.el4.x86_64", "product_id": "firefox-debuginfo-0:3.6.4-8.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/firefox-debuginfo@3.6.4-8.el4?arch=x86_64" } } }, { "category": "product_version", "name": "firefox-0:3.6.4-8.el4.x86_64", "product": { "name": "firefox-0:3.6.4-8.el4.x86_64", "product_id": "firefox-0:3.6.4-8.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/firefox@3.6.4-8.el4?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "firefox-debuginfo-0:3.6.4-8.el4.i386", "product": { "name": "firefox-debuginfo-0:3.6.4-8.el4.i386", "product_id": "firefox-debuginfo-0:3.6.4-8.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/firefox-debuginfo@3.6.4-8.el4?arch=i386" } } }, { "category": "product_version", "name": "firefox-0:3.6.4-8.el4.i386", "product": { "name": "firefox-0:3.6.4-8.el4.i386", "product_id": "firefox-0:3.6.4-8.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/firefox@3.6.4-8.el4?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "firefox-0:3.6.4-8.el4.src", "product": { "name": "firefox-0:3.6.4-8.el4.src", "product_id": "firefox-0:3.6.4-8.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/firefox@3.6.4-8.el4?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "firefox-debuginfo-0:3.6.4-8.el4.ppc", "product": { "name": "firefox-debuginfo-0:3.6.4-8.el4.ppc", "product_id": "firefox-debuginfo-0:3.6.4-8.el4.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/firefox-debuginfo@3.6.4-8.el4?arch=ppc" } } }, { "category": "product_version", "name": "firefox-0:3.6.4-8.el4.ppc", "product": { "name": "firefox-0:3.6.4-8.el4.ppc", "product_id": "firefox-0:3.6.4-8.el4.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/firefox@3.6.4-8.el4?arch=ppc" } } } ], "category": "architecture", "name": "ppc" }, { "branches": [ { "category": "product_version", "name": "firefox-debuginfo-0:3.6.4-8.el4.s390x", "product": { "name": "firefox-debuginfo-0:3.6.4-8.el4.s390x", "product_id": "firefox-debuginfo-0:3.6.4-8.el4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/firefox-debuginfo@3.6.4-8.el4?arch=s390x" } } }, { "category": "product_version", "name": "firefox-0:3.6.4-8.el4.s390x", "product": { "name": "firefox-0:3.6.4-8.el4.s390x", "product_id": "firefox-0:3.6.4-8.el4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/firefox@3.6.4-8.el4?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "firefox-debuginfo-0:3.6.4-8.el4.s390", "product": { "name": "firefox-debuginfo-0:3.6.4-8.el4.s390", "product_id": "firefox-debuginfo-0:3.6.4-8.el4.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/firefox-debuginfo@3.6.4-8.el4?arch=s390" } } }, { "category": "product_version", "name": "firefox-0:3.6.4-8.el4.s390", "product": { "name": "firefox-0:3.6.4-8.el4.s390", "product_id": "firefox-0:3.6.4-8.el4.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/firefox@3.6.4-8.el4?arch=s390" } } } ], "category": "architecture", "name": "s390" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.i386 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:firefox-0:3.6.4-8.el4.i386" }, "product_reference": "firefox-0:3.6.4-8.el4.i386", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.ia64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:firefox-0:3.6.4-8.el4.ia64" }, "product_reference": "firefox-0:3.6.4-8.el4.ia64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.ppc as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:firefox-0:3.6.4-8.el4.ppc" }, "product_reference": "firefox-0:3.6.4-8.el4.ppc", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.s390 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:firefox-0:3.6.4-8.el4.s390" }, "product_reference": "firefox-0:3.6.4-8.el4.s390", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.s390x as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:firefox-0:3.6.4-8.el4.s390x" }, "product_reference": "firefox-0:3.6.4-8.el4.s390x", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.src as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:firefox-0:3.6.4-8.el4.src" }, "product_reference": "firefox-0:3.6.4-8.el4.src", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:firefox-0:3.6.4-8.el4.x86_64" }, "product_reference": "firefox-0:3.6.4-8.el4.x86_64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:3.6.4-8.el4.i386 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386" }, "product_reference": "firefox-debuginfo-0:3.6.4-8.el4.i386", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:3.6.4-8.el4.ia64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64" }, "product_reference": "firefox-debuginfo-0:3.6.4-8.el4.ia64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:3.6.4-8.el4.ppc as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc" }, "product_reference": "firefox-debuginfo-0:3.6.4-8.el4.ppc", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:3.6.4-8.el4.s390 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390" }, "product_reference": "firefox-debuginfo-0:3.6.4-8.el4.s390", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:3.6.4-8.el4.s390x as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x" }, "product_reference": "firefox-debuginfo-0:3.6.4-8.el4.s390x", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:3.6.4-8.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" }, "product_reference": "firefox-debuginfo-0:3.6.4-8.el4.x86_64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.i386 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:firefox-0:3.6.4-8.el4.i386" }, "product_reference": "firefox-0:3.6.4-8.el4.i386", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:firefox-0:3.6.4-8.el4.ia64" }, "product_reference": "firefox-0:3.6.4-8.el4.ia64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.ppc as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:firefox-0:3.6.4-8.el4.ppc" }, "product_reference": "firefox-0:3.6.4-8.el4.ppc", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.s390 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:firefox-0:3.6.4-8.el4.s390" }, "product_reference": "firefox-0:3.6.4-8.el4.s390", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.s390x as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:firefox-0:3.6.4-8.el4.s390x" }, "product_reference": "firefox-0:3.6.4-8.el4.s390x", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.src as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:firefox-0:3.6.4-8.el4.src" }, "product_reference": "firefox-0:3.6.4-8.el4.src", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:firefox-0:3.6.4-8.el4.x86_64" }, "product_reference": "firefox-0:3.6.4-8.el4.x86_64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:3.6.4-8.el4.i386 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386" }, "product_reference": "firefox-debuginfo-0:3.6.4-8.el4.i386", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:3.6.4-8.el4.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64" }, "product_reference": "firefox-debuginfo-0:3.6.4-8.el4.ia64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:3.6.4-8.el4.ppc as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc" }, "product_reference": "firefox-debuginfo-0:3.6.4-8.el4.ppc", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:3.6.4-8.el4.s390 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390" }, "product_reference": "firefox-debuginfo-0:3.6.4-8.el4.s390", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:3.6.4-8.el4.s390x as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x" }, "product_reference": "firefox-debuginfo-0:3.6.4-8.el4.s390x", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:3.6.4-8.el4.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64" }, "product_reference": "firefox-debuginfo-0:3.6.4-8.el4.x86_64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.i386 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:firefox-0:3.6.4-8.el4.i386" }, "product_reference": "firefox-0:3.6.4-8.el4.i386", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.ia64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:firefox-0:3.6.4-8.el4.ia64" }, "product_reference": "firefox-0:3.6.4-8.el4.ia64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.ppc as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:firefox-0:3.6.4-8.el4.ppc" }, "product_reference": "firefox-0:3.6.4-8.el4.ppc", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.s390 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:firefox-0:3.6.4-8.el4.s390" }, "product_reference": "firefox-0:3.6.4-8.el4.s390", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.s390x as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:firefox-0:3.6.4-8.el4.s390x" }, "product_reference": "firefox-0:3.6.4-8.el4.s390x", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.src as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:firefox-0:3.6.4-8.el4.src" }, "product_reference": "firefox-0:3.6.4-8.el4.src", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:firefox-0:3.6.4-8.el4.x86_64" }, "product_reference": "firefox-0:3.6.4-8.el4.x86_64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:3.6.4-8.el4.i386 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386" }, "product_reference": "firefox-debuginfo-0:3.6.4-8.el4.i386", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:3.6.4-8.el4.ia64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64" }, "product_reference": "firefox-debuginfo-0:3.6.4-8.el4.ia64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:3.6.4-8.el4.ppc as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc" }, "product_reference": "firefox-debuginfo-0:3.6.4-8.el4.ppc", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:3.6.4-8.el4.s390 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390" }, "product_reference": "firefox-debuginfo-0:3.6.4-8.el4.s390", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:3.6.4-8.el4.s390x as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x" }, "product_reference": "firefox-debuginfo-0:3.6.4-8.el4.s390x", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:3.6.4-8.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64" }, "product_reference": "firefox-debuginfo-0:3.6.4-8.el4.x86_64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.i386 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:firefox-0:3.6.4-8.el4.i386" }, "product_reference": "firefox-0:3.6.4-8.el4.i386", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.ia64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:firefox-0:3.6.4-8.el4.ia64" }, "product_reference": "firefox-0:3.6.4-8.el4.ia64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.ppc as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:firefox-0:3.6.4-8.el4.ppc" }, "product_reference": "firefox-0:3.6.4-8.el4.ppc", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.s390 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:firefox-0:3.6.4-8.el4.s390" }, "product_reference": "firefox-0:3.6.4-8.el4.s390", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.s390x as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:firefox-0:3.6.4-8.el4.s390x" }, "product_reference": "firefox-0:3.6.4-8.el4.s390x", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.src as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:firefox-0:3.6.4-8.el4.src" }, "product_reference": "firefox-0:3.6.4-8.el4.src", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-0:3.6.4-8.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:firefox-0:3.6.4-8.el4.x86_64" }, "product_reference": "firefox-0:3.6.4-8.el4.x86_64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:3.6.4-8.el4.i386 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386" }, "product_reference": "firefox-debuginfo-0:3.6.4-8.el4.i386", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:3.6.4-8.el4.ia64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64" }, "product_reference": "firefox-debuginfo-0:3.6.4-8.el4.ia64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:3.6.4-8.el4.ppc as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc" }, "product_reference": "firefox-debuginfo-0:3.6.4-8.el4.ppc", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:3.6.4-8.el4.s390 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390" }, "product_reference": "firefox-debuginfo-0:3.6.4-8.el4.s390", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:3.6.4-8.el4.s390x as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x" }, "product_reference": "firefox-debuginfo-0:3.6.4-8.el4.s390x", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "firefox-debuginfo-0:3.6.4-8.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" }, "product_reference": "firefox-debuginfo-0:3.6.4-8.el4.x86_64", "relates_to_product_reference": "4WS" } ] }, "vulnerabilities": [ { "cve": "CVE-2008-5913", "discovery_date": "2009-01-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "480938" } ], "notes": [ { "category": "description", "text": "The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a \"temporary footprint\" and an \"in-session phishing attack.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "mozilla: in-session phishing attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5913" }, { "category": "external", "summary": "RHBZ#480938", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=480938" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5913", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5913" } ], "release_date": "2009-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-22T21:57:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0500" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:N", "version": "2.0" }, "products": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mozilla: in-session phishing attack" }, { "cve": "CVE-2009-5017", "discovery_date": "2010-11-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "656287" } ], "notes": [ { "category": "description", "text": "Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210.", "title": "Vulnerability description" }, { "category": "summary", "text": "Firefox: overlong UTF-8 seqence detection problem", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-5017" }, { "category": "external", "summary": "RHBZ#656287", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=656287" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-5017", "url": "https://www.cve.org/CVERecord?id=CVE-2009-5017" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-5017", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-5017" } ], "release_date": "2009-08-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-22T21:57:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0500" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Firefox: overlong UTF-8 seqence detection problem" }, { "cve": "CVE-2010-0182", "discovery_date": "2010-03-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "586580" } ], "notes": [ { "category": "description", "text": "The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content.", "title": "Vulnerability description" }, { "category": "summary", "text": "mozilla: XMLDocument:: load() doesn\u0027t check nsIContentPolicy (MFSA 2010-24)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0182" }, { "category": "external", "summary": "RHBZ#586580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=586580" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0182", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0182" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0182", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0182" } ], "release_date": "2010-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-22T21:57:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0500" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mozilla: XMLDocument:: load() doesn\u0027t check nsIContentPolicy (MFSA 2010-24)" }, { "cve": "CVE-2010-1121", "discovery_date": "2010-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "577029" } ], "notes": [ { "category": "description", "text": "Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.", "title": "Vulnerability description" }, { "category": "summary", "text": "firefox: arbitrary code execution via memory corruption", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-1121" }, { "category": "external", "summary": "RHBZ#577029", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=577029" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-1121", "url": "https://www.cve.org/CVERecord?id=CVE-2010-1121" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1121", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1121" } ], "release_date": "2010-06-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-22T21:57:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0500" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "firefox: arbitrary code execution via memory corruption" }, { "cve": "CVE-2010-1125", "discovery_date": "2010-03-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "577584" } ], "notes": [ { "category": "description", "text": "The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method.", "title": "Vulnerability description" }, { "category": "summary", "text": "firefox: keystrokes sent to hidden frame rather than visible frame due to javascript flaw", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-1125" }, { "category": "external", "summary": "RHBZ#577584", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=577584" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-1125", "url": "https://www.cve.org/CVERecord?id=CVE-2010-1125" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1125", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1125" } ], "release_date": "2010-03-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-22T21:57:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0500" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "firefox: keystrokes sent to hidden frame rather than visible frame due to javascript flaw" }, { "cve": "CVE-2010-1196", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2010-05-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "590830" } ], "notes": [ { "category": "description", "text": "Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow.", "title": "Vulnerability description" }, { "category": "summary", "text": "nsGenericDOMDataNode:: SetTextInternal", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-1196" }, { "category": "external", "summary": "RHBZ#590830", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590830" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-1196", "url": "https://www.cve.org/CVERecord?id=CVE-2010-1196" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1196", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1196" } ], "release_date": "2010-06-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-22T21:57:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0500" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "nsGenericDOMDataNode:: SetTextInternal" }, { "cve": "CVE-2010-1197", "discovery_date": "2010-05-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "590850" } ], "notes": [ { "category": "description", "text": "Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both \"Content-Disposition: attachment\" and \"Content-Type: multipart\" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document.", "title": "Vulnerability description" }, { "category": "summary", "text": "Content-Disposition: attachment ignored if Content-Type: multipart also present", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-1197" }, { "category": "external", "summary": "RHBZ#590850", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590850" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-1197", "url": "https://www.cve.org/CVERecord?id=CVE-2010-1197" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1197", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1197" } ], "release_date": "2010-06-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-22T21:57:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0500" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Content-Disposition: attachment ignored if Content-Type: multipart also present" }, { "cve": "CVE-2010-1198", "discovery_date": "2010-05-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "590828" } ], "notes": [ { "category": "description", "text": "Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla Freed object reuse across plugin instances", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-1198" }, { "category": "external", "summary": "RHBZ#590828", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590828" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-1198", "url": "https://www.cve.org/CVERecord?id=CVE-2010-1198" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1198", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1198" } ], "release_date": "2010-06-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-22T21:57:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0500" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Mozilla Freed object reuse across plugin instances" }, { "cve": "CVE-2010-1199", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2010-05-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "590833" } ], "notes": [ { "category": "description", "text": "Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla Integer Overflow in XSLT Node Sorting", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-1199" }, { "category": "external", "summary": "RHBZ#590833", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590833" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-1199", "url": "https://www.cve.org/CVERecord?id=CVE-2010-1199" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1199", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1199" } ], "release_date": "2010-06-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-22T21:57:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0500" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Mozilla Integer Overflow in XSLT Node Sorting" }, { "cve": "CVE-2010-1200", "discovery_date": "2010-05-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "590804" } ], "notes": [ { "category": "description", "text": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla Crashes with evidence of memory corruption", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-1200" }, { "category": "external", "summary": "RHBZ#590804", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590804" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-1200", "url": "https://www.cve.org/CVERecord?id=CVE-2010-1200" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1200", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1200" } ], "release_date": "2010-06-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-22T21:57:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0500" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Mozilla Crashes with evidence of memory corruption" }, { "cve": "CVE-2010-1202", "discovery_date": "2010-05-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "590810" } ], "notes": [ { "category": "description", "text": "Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla Crashes with evidence of memory corruption", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-1202" }, { "category": "external", "summary": "RHBZ#590810", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590810" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-1202", "url": "https://www.cve.org/CVERecord?id=CVE-2010-1202" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1202", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1202" } ], "release_date": "2010-06-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-22T21:57:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0500" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Mozilla Crashes with evidence of memory corruption" }, { "cve": "CVE-2010-1203", "discovery_date": "2010-05-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "590816" } ], "notes": [ { "category": "description", "text": "The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp.", "title": "Vulnerability description" }, { "category": "summary", "text": "Mozilla Crashes with evidence of memory corruption", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-1203" }, { "category": "external", "summary": "RHBZ#590816", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=590816" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-1203", "url": "https://www.cve.org/CVERecord?id=CVE-2010-1203" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-1203", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1203" } ], "release_date": "2010-06-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-06-22T21:57:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0500" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS:firefox-0:3.6.4-8.el4.i386", "4AS:firefox-0:3.6.4-8.el4.ia64", "4AS:firefox-0:3.6.4-8.el4.ppc", "4AS:firefox-0:3.6.4-8.el4.s390", "4AS:firefox-0:3.6.4-8.el4.s390x", "4AS:firefox-0:3.6.4-8.el4.src", "4AS:firefox-0:3.6.4-8.el4.x86_64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4AS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4AS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4AS:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-0:3.6.4-8.el4.i386", "4Desktop:firefox-0:3.6.4-8.el4.ia64", "4Desktop:firefox-0:3.6.4-8.el4.ppc", "4Desktop:firefox-0:3.6.4-8.el4.s390", "4Desktop:firefox-0:3.6.4-8.el4.s390x", "4Desktop:firefox-0:3.6.4-8.el4.src", "4Desktop:firefox-0:3.6.4-8.el4.x86_64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.i386", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4Desktop:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4ES:firefox-0:3.6.4-8.el4.i386", "4ES:firefox-0:3.6.4-8.el4.ia64", "4ES:firefox-0:3.6.4-8.el4.ppc", "4ES:firefox-0:3.6.4-8.el4.s390", "4ES:firefox-0:3.6.4-8.el4.s390x", "4ES:firefox-0:3.6.4-8.el4.src", "4ES:firefox-0:3.6.4-8.el4.x86_64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.i386", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4ES:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390", "4ES:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4ES:firefox-debuginfo-0:3.6.4-8.el4.x86_64", "4WS:firefox-0:3.6.4-8.el4.i386", "4WS:firefox-0:3.6.4-8.el4.ia64", "4WS:firefox-0:3.6.4-8.el4.ppc", "4WS:firefox-0:3.6.4-8.el4.s390", "4WS:firefox-0:3.6.4-8.el4.s390x", "4WS:firefox-0:3.6.4-8.el4.src", "4WS:firefox-0:3.6.4-8.el4.x86_64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.i386", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ia64", "4WS:firefox-debuginfo-0:3.6.4-8.el4.ppc", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390", "4WS:firefox-debuginfo-0:3.6.4-8.el4.s390x", "4WS:firefox-debuginfo-0:3.6.4-8.el4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Mozilla Crashes with evidence of memory corruption" } ] }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.