Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1924 vulnerabilities found for Firefox ESR by Mozilla
CERTFR-2026-AVI-0480
Vulnerability from certfr_avis - Published: 2026-04-22 - Updated: 2026-04-22
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 140.10 | ||
| Mozilla | Firefox | Firefox versions antérieures à 150 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.35 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 150 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 140.10 |
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 140.10",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 150",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.35",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 150",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 140.10",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-6772",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6772"
},
{
"name": "CVE-2026-6747",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6747"
},
{
"name": "CVE-2026-6782",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6782"
},
{
"name": "CVE-2026-6786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6786"
},
{
"name": "CVE-2026-6750",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6750"
},
{
"name": "CVE-2026-6757",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6757"
},
{
"name": "CVE-2026-6768",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6768"
},
{
"name": "CVE-2026-6746",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6746"
},
{
"name": "CVE-2026-6761",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6761"
},
{
"name": "CVE-2026-6762",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6762"
},
{
"name": "CVE-2026-6769",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6769"
},
{
"name": "CVE-2026-6751",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6751"
},
{
"name": "CVE-2026-6780",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6780"
},
{
"name": "CVE-2026-6765",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6765"
},
{
"name": "CVE-2026-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2781"
},
{
"name": "CVE-2026-6773",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6773"
},
{
"name": "CVE-2026-6754",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6754"
},
{
"name": "CVE-2026-6781",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6781"
},
{
"name": "CVE-2026-6756",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6756"
},
{
"name": "CVE-2026-6758",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6758"
},
{
"name": "CVE-2026-6785",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6785"
},
{
"name": "CVE-2026-6783",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6783"
},
{
"name": "CVE-2026-6760",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6760"
},
{
"name": "CVE-2026-6759",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6759"
},
{
"name": "CVE-2026-6774",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6774"
},
{
"name": "CVE-2026-6779",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6779"
},
{
"name": "CVE-2026-6777",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6777"
},
{
"name": "CVE-2026-6748",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6748"
},
{
"name": "CVE-2026-6778",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6778"
},
{
"name": "CVE-2026-6752",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6752"
},
{
"name": "CVE-2026-6767",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6767"
},
{
"name": "CVE-2026-6775",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6775"
},
{
"name": "CVE-2026-6749",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6749"
},
{
"name": "CVE-2026-6771",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6771"
},
{
"name": "CVE-2026-6753",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6753"
},
{
"name": "CVE-2026-6764",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6764"
},
{
"name": "CVE-2026-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6763"
},
{
"name": "CVE-2026-6776",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6776"
},
{
"name": "CVE-2026-6766",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6766"
},
{
"name": "CVE-2026-6770",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6770"
},
{
"name": "CVE-2026-6784",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6784"
},
{
"name": "CVE-2026-6755",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6755"
}
],
"initial_release_date": "2026-04-22T00:00:00",
"last_revision_date": "2026-04-22T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0480",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-32",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-34",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-33",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33/"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-31",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-31/"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-30",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/"
}
]
}
CERTFR-2026-AVI-0404
Vulnerability from certfr_avis - Published: 2026-04-08 - Updated: 2026-04-08
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 140.9.1 | ||
| Mozilla | Thunderbird ESR | Thunderbird ESR versions antérieures à 140.9.1 | ||
| Mozilla | Firefox | Firefox versions antérieures à 149.0.2 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 149.0.2 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.34.1 |
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 140.9.1",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird ESR versions ant\u00e9rieures \u00e0 140.9.1",
"product": {
"name": "Thunderbird ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 149.0.2",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 149.0.2",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.34.1",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-5731",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5731"
},
{
"name": "CVE-2026-5733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5733"
},
{
"name": "CVE-2026-5732",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5732"
},
{
"name": "CVE-2026-5734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5734"
},
{
"name": "CVE-2026-5735",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5735"
}
],
"initial_release_date": "2026-04-08T00:00:00",
"last_revision_date": "2026-04-08T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0404",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2026-04-07",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-26",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-26/"
},
{
"published_at": "2026-04-07",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-28",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-28/"
},
{
"published_at": "2026-04-07",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-25",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-25/"
},
{
"published_at": "2026-04-07",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-29",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-29/"
},
{
"published_at": "2026-04-07",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-27",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-27/"
}
]
}
CERTFR-2026-AVI-0354
Vulnerability from certfr_avis - Published: 2026-03-25 - Updated: 2026-03-25
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox | Firefox versions antérieures à 149 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 140.9 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 149 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 140.9 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.34 |
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox versions ant\u00e9rieures \u00e0 149",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 140.9",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 149",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 140.9",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.34",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-4684",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4684"
},
{
"name": "CVE-2026-4721",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4721"
},
{
"name": "CVE-2026-4725",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4725"
},
{
"name": "CVE-2026-4728",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4728"
},
{
"name": "CVE-2026-4720",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4720"
},
{
"name": "CVE-2026-4710",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4710"
},
{
"name": "CVE-2026-4694",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4694"
},
{
"name": "CVE-2026-4698",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4698"
},
{
"name": "CVE-2026-4690",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4690"
},
{
"name": "CVE-2026-4697",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4697"
},
{
"name": "CVE-2026-4689",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4689"
},
{
"name": "CVE-2026-4711",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4711"
},
{
"name": "CVE-2026-4706",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4706"
},
{
"name": "CVE-2026-4715",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4715"
},
{
"name": "CVE-2026-4729",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4729"
},
{
"name": "CVE-2026-4696",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4696"
},
{
"name": "CVE-2026-4726",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4726"
},
{
"name": "CVE-2026-4687",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4687"
},
{
"name": "CVE-2026-4709",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4709"
},
{
"name": "CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"name": "CVE-2026-4714",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4714"
},
{
"name": "CVE-2026-4699",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4699"
},
{
"name": "CVE-2026-4695",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4695"
},
{
"name": "CVE-2026-4693",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4693"
},
{
"name": "CVE-2026-3889",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3889"
},
{
"name": "CVE-2026-4692",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4692"
},
{
"name": "CVE-2026-4701",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4701"
},
{
"name": "CVE-2026-4724",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4724"
},
{
"name": "CVE-2026-4705",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4705"
},
{
"name": "CVE-2026-4717",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4717"
},
{
"name": "CVE-2026-4700",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4700"
},
{
"name": "CVE-2026-4723",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4723"
},
{
"name": "CVE-2026-4688",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4688"
},
{
"name": "CVE-2026-4712",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4712"
},
{
"name": "CVE-2026-4707",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4707"
},
{
"name": "CVE-2026-4716",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4716"
},
{
"name": "CVE-2026-4704",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4704"
},
{
"name": "CVE-2026-4727",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4727"
},
{
"name": "CVE-2026-4722",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4722"
},
{
"name": "CVE-2026-4713",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4713"
},
{
"name": "CVE-2026-4718",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4718"
},
{
"name": "CVE-2026-4685",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4685"
},
{
"name": "CVE-2026-4702",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4702"
},
{
"name": "CVE-2026-4719",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4719"
},
{
"name": "CVE-2026-4708",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4708"
},
{
"name": "CVE-2026-4371",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4371"
},
{
"name": "CVE-2026-4691",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4691"
},
{
"name": "CVE-2026-4686",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4686"
}
],
"initial_release_date": "2026-03-25T00:00:00",
"last_revision_date": "2026-03-25T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0354",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-20",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-24",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-23",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-22",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-21",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21/"
}
]
}
VAR-201603-0244
Vulnerability from variot - Updated: 2026-04-10 23:29Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. Both Mozilla Firefox and Firefox ESR are developed by the Mozilla Foundation in the United States. The following products and versions are affected: Mozilla Firefox prior to 45.0, Firefox ESR prior to 38.7 38.x, Mozilla NSS prior to 3.19.2.3, 3.20.x, 3.21.1 prior to 3.21.x.
CVE-2015-4000
David Adrian et al. reported that it may be feasible to attack
Diffie-Hellman-based cipher suites in certain circumstances,
compromising the confidentiality and integrity of data encrypted
with Transport Layer Security (TLS).
CVE-2015-7181 CVE-2015-7182 CVE-2016-1950
Tyson Smith, David Keeler, and Francis Gabriel discovered
heap-based buffer overflows in the ASN.1 DER parser, potentially
leading to arbitrary code execution.
CVE-2015-7575
Karthikeyan Bhargavan discovered that TLS client implementation
accepted MD5-based signatures for TLS 1.2 connections with forward
secrecy, weakening the intended security strength of TLS
connections.
CVE-2016-1938
Hanno Boeck discovered that NSS miscomputed the result of integer
division for certain inputs. This could weaken the cryptographic
protections provided by NSS. However, NSS implements RSA-CRT leak
hardening, so RSA private keys are not directly disclosed by this
issue.
CVE-2016-1978
Eric Rescorla discovered a user-after-free vulnerability in the
implementation of ECDH-based TLS handshakes, with unknown
consequences.
CVE-2016-1979
Tim Taubert discovered a use-after-free vulnerability in ASN.1 DER
processing, with application-specific impact.
CVE-2016-2834
Tyson Smith and Jed Davis discovered unspecified memory-safety
bugs in NSS.
In addition, the NSS library did not ignore environment variables in processes which underwent a SUID/SGID/AT_SECURE transition at process start. In certain system configurations, this allowed local users to escalate their privileges.
For the stable distribution (jessie), these problems have been fixed in version 2:3.26-1+debu8u1.
For the unstable distribution (sid), these problems have been fixed in version 2:3.23-1.
We recommend that you upgrade your nss packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-03-21-3 tvOS 9.2
tvOS 9.2 is now available and addresses the following:
FontParser Available for: Apple TV (4th generation) Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol Available for: Apple TV (4th generation) Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2015-8659
IOHIDFamily Available for: Apple TV (4th generation) Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad
Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG
Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
Kernel Available for: Apple TV (4th generation) Impact: An application may be able to bypass code signing Description: A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed through improved permission validation. CVE-ID CVE-2016-1751 : Eric Monti of Square Mobile Security
Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero
Kernel Available for: Apple TV (4th generation) Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG
libxml2 Available for: Apple TV (4th generation) Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1762
Security Available for: Apple TV (4th generation) Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab
TrueTypeScaler Available for: Apple TV (4th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI)
WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1783 : Mihai Parparita of Google
WebKit History Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A resource exhaustion issue was addressed through improved input validation. CVE-ID CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of 无声信息技术PKAV Team (PKAV.net)
Wi-Fi Available for: Apple TV (4th generation) Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher
Installation note:
Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software.".
To check the current version of software, select "Settings -> General -> About". ============================================================================ Ubuntu Security Notice USN-2917-2 April 07, 2016
firefox regressions
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
USN-2917-1 introduced several regressions in Firefox.
Software Description: - firefox: Mozilla Open Source web browser
Details:
USN-2917-1 fixed vulnerabilities in Firefox. This update caused several regressions that could result in search engine settings being lost, the list of search providers appearing empty or the location bar breaking after typing an invalid URL. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1950)
Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto, Tyson Smith, Andrea Marchesini, and Jukka Jyl=C3=A4nki discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1952, CVE-2016-1953)
Nicolas Golubovic discovered that CSP violation reports can be used to overwrite local files. If a user were tricked in to opening a specially crafted website with addon signing disabled and unpacked addons installed, an attacker could potentially exploit this to gain additional privileges. (CVE-2016-1954)
Muneaki Nishimura discovered that CSP violation reports contained full paths for cross-origin iframe navigations. An attacker could potentially exploit this to steal confidential data. (CVE-2016-1955)
Ucha Gobejishvili discovered that performing certain WebGL operations resulted in memory resource exhaustion with some Intel GPUs, requiring a reboot. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2016-1956)
Jose Martinez and Romina Santillan discovered a memory leak in libstagefright during MPEG4 video file processing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via memory exhaustion. (CVE-2016-1957)
Abdulrahman Alqabandi discovered that the addressbar could be blank or filled with page defined content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958)
Looben Yang discovered an out-of-bounds read in Service Worker Manager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1959)
A use-after-free was discovered in the HTML5 string parser. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1960)
A use-after-free was discovered in the SetBody function of HTMLDocument. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1961)
Dominique Haza=C3=ABl-Massieux discovered a use-after-free when using multiple WebRTC data channels. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1962)
It was discovered that Firefox crashes when local files are modified whilst being read by the FileReader API. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1963)
Nicolas Gr=C3=A9goire discovered a use-after-free during XML transformations. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1964)
Tsubasa Iinuma discovered a mechanism to cause the addressbar to display an incorrect URL, using history navigations and the Location protocol property. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1965)
A memory corruption issues was discovered in the NPAPI subsystem. If a user were tricked in to opening a specially crafted website with a malicious plugin installed, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1966)
Jordi Chancel discovered a same-origin-policy bypass when using performance.getEntries and history navigation with session restore. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to steal confidential data. (CVE-2016-1967)
Luke Li discovered a buffer overflow during Brotli decompression in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1968)
Ronald Crane discovered a use-after-free in GetStaticInstance in WebRTC. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1973)
Ronald Crane discovered an out-of-bounds read following a failed allocation in the HTML parser in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1974)
Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple memory safety issues in the Graphite 2 library. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: firefox 45.0.1+build1-0ubuntu0.15.10.2
Ubuntu 14.04 LTS: firefox 45.0.1+build1-0ubuntu0.14.04.2
Ubuntu 12.04 LTS: firefox 45.0.1+build1-0ubuntu0.12.04.2
After a standard system update you need to restart Firefox to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2917-2 http://www.ubuntu.com/usn/usn-2917-1 https://launchpad.net/bugs/1567671
Package Information: https://launchpad.net/ubuntu/+source/firefox/45.0.1+build1-0ubuntu0.15.10.2 https://launchpad.net/ubuntu/+source/firefox/45.0.1+build1-0ubuntu0.14.04.2 https://launchpad.net/ubuntu/+source/firefox/45.0.1+build1-0ubuntu0.12.04.2 . The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as 'Mozilla Application Suite'.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/nspr < 4.12 >= 4.12 2 dev-libs/nss < 3.22.2 >= 3.22.2 3 mail-client/thunderbird < 38.7.0 >= 38.7.0 4 mail-client/thunderbird-bin < 38.7.0 >= 38.7.0 5 www-client/firefox < 38.7.0 >= 38.7.0 6 www-client/firefox-bin < 38.7.0 >= 38.7.0 ------------------------------------------------------------------- 6 affected packages
Description
Multiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and Thunderbird. Please review the CVE identifiers referenced below for details. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impacts.
Workaround
There is no known workaround at this time.
Resolution
All NSS users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.22.2"
All Thunderbird users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-38.7.0"=
All users of the Thunderbird binary package should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-38.7.0"
All Firefox 38.7.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-38.7.0"
All users of the Firefox 38.7.x binary package should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-38.7.0"
References
[ 1 ] CVE-2015-2708 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2708 [ 2 ] CVE-2015-2708 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2708 [ 3 ] CVE-2015-2709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2709 [ 4 ] CVE-2015-2709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2709 [ 5 ] CVE-2015-2710 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2710 [ 6 ] CVE-2015-2710 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2710 [ 7 ] CVE-2015-2711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2711 [ 8 ] CVE-2015-2711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2711 [ 9 ] CVE-2015-2712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2712 [ 10 ] CVE-2015-2712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2712 [ 11 ] CVE-2015-2713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2713 [ 12 ] CVE-2015-2713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2713 [ 13 ] CVE-2015-2714 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2714 [ 14 ] CVE-2015-2714 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2714 [ 15 ] CVE-2015-2715 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2715 [ 16 ] CVE-2015-2715 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2715 [ 17 ] CVE-2015-2716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2716 [ 18 ] CVE-2015-2716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2716 [ 19 ] CVE-2015-2717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2717 [ 20 ] CVE-2015-2717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2717 [ 21 ] CVE-2015-2718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2718 [ 22 ] CVE-2015-2718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2718 [ 23 ] CVE-2015-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4473 [ 24 ] CVE-2015-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4473 [ 25 ] CVE-2015-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4474 [ 26 ] CVE-2015-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4474 [ 27 ] CVE-2015-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4475 [ 28 ] CVE-2015-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4475 [ 29 ] CVE-2015-4477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4477 [ 30 ] CVE-2015-4477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4477 [ 31 ] CVE-2015-4478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4478 [ 32 ] CVE-2015-4478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4478 [ 33 ] CVE-2015-4479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4479 [ 34 ] CVE-2015-4479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4479 [ 35 ] CVE-2015-4480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4480 [ 36 ] CVE-2015-4480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4480 [ 37 ] CVE-2015-4481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4481 [ 38 ] CVE-2015-4481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4481 [ 39 ] CVE-2015-4482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4482 [ 40 ] CVE-2015-4482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4482 [ 41 ] CVE-2015-4483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4483 [ 42 ] CVE-2015-4483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4483 [ 43 ] CVE-2015-4484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4484 [ 44 ] CVE-2015-4484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4484 [ 45 ] CVE-2015-4485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4485 [ 46 ] CVE-2015-4485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4485 [ 47 ] CVE-2015-4486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4486 [ 48 ] CVE-2015-4486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4486 [ 49 ] CVE-2015-4487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4487 [ 50 ] CVE-2015-4487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4487 [ 51 ] CVE-2015-4488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4488 [ 52 ] CVE-2015-4488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4488 [ 53 ] CVE-2015-4489 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4489 [ 54 ] CVE-2015-4489 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4489 [ 55 ] CVE-2015-4490 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4490 [ 56 ] CVE-2015-4490 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4490 [ 57 ] CVE-2015-4491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4491 [ 58 ] CVE-2015-4491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4491 [ 59 ] CVE-2015-4492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4492 [ 60 ] CVE-2015-4492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4492 [ 61 ] CVE-2015-4493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4493 [ 62 ] CVE-2015-4493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4493 [ 63 ] CVE-2015-7181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7181 [ 64 ] CVE-2015-7182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7182 [ 65 ] CVE-2015-7183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7183 [ 66 ] CVE-2016-1523 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523 [ 67 ] CVE-2016-1523 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523 [ 68 ] CVE-2016-1930 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1930 [ 69 ] CVE-2016-1930 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1930 [ 70 ] CVE-2016-1931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1931 [ 71 ] CVE-2016-1931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1931 [ 72 ] CVE-2016-1933 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1933 [ 73 ] CVE-2016-1933 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1933 [ 74 ] CVE-2016-1935 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1935 [ 75 ] CVE-2016-1935 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1935 [ 76 ] CVE-2016-1937 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1937 [ 77 ] CVE-2016-1937 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1937 [ 78 ] CVE-2016-1938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938 [ 79 ] CVE-2016-1938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938 [ 80 ] CVE-2016-1939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1939 [ 81 ] CVE-2016-1939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1939 [ 82 ] CVE-2016-1940 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1940 [ 83 ] CVE-2016-1940 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1940 [ 84 ] CVE-2016-1941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1941 [ 85 ] CVE-2016-1941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1941 [ 86 ] CVE-2016-1942 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1942 [ 87 ] CVE-2016-1942 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1942 [ 88 ] CVE-2016-1943 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1943 [ 89 ] CVE-2016-1943 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1943 [ 90 ] CVE-2016-1944 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1944 [ 91 ] CVE-2016-1944 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1944 [ 92 ] CVE-2016-1945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1945 [ 93 ] CVE-2016-1945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1945 [ 94 ] CVE-2016-1946 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1946 [ 95 ] CVE-2016-1946 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1946 [ 96 ] CVE-2016-1947 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1947 [ 97 ] CVE-2016-1947 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1947 [ 98 ] CVE-2016-1948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1948 [ 99 ] CVE-2016-1948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1948 [ 100 ] CVE-2016-1949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1949 [ 101 ] CVE-2016-1949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1949 [ 102 ] CVE-2016-1950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1950 [ 103 ] CVE-2016-1950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1950 [ 104 ] CVE-2016-1952 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1952 [ 105 ] CVE-2016-1952 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1952 [ 106 ] CVE-2016-1953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1953 [ 107 ] CVE-2016-1953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1953 [ 108 ] CVE-2016-1954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1954 [ 109 ] CVE-2016-1954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1954 [ 110 ] CVE-2016-1955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1955 [ 111 ] CVE-2016-1955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1955 [ 112 ] CVE-2016-1956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1956 [ 113 ] CVE-2016-1956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1956 [ 114 ] CVE-2016-1957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1957 [ 115 ] CVE-2016-1957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1957 [ 116 ] CVE-2016-1958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1958 [ 117 ] CVE-2016-1958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1958 [ 118 ] CVE-2016-1959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1959 [ 119 ] CVE-2016-1959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1959 [ 120 ] CVE-2016-1960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1960 [ 121 ] CVE-2016-1960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1960 [ 122 ] CVE-2016-1961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1961 [ 123 ] CVE-2016-1961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1961 [ 124 ] CVE-2016-1962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1962 [ 125 ] CVE-2016-1962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1962 [ 126 ] CVE-2016-1963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1963 [ 127 ] CVE-2016-1963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1963 [ 128 ] CVE-2016-1964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1964 [ 129 ] CVE-2016-1964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1964 [ 130 ] CVE-2016-1965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1965 [ 131 ] CVE-2016-1965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1965 [ 132 ] CVE-2016-1966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1966 [ 133 ] CVE-2016-1966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1966 [ 134 ] CVE-2016-1967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1967 [ 135 ] CVE-2016-1967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1967 [ 136 ] CVE-2016-1968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1968 [ 137 ] CVE-2016-1968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1968 [ 138 ] CVE-2016-1969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1969 [ 139 ] CVE-2016-1969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1969 [ 140 ] CVE-2016-1970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1970 [ 141 ] CVE-2016-1970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1970 [ 142 ] CVE-2016-1971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1971 [ 143 ] CVE-2016-1971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1971 [ 144 ] CVE-2016-1972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1972 [ 145 ] CVE-2016-1972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1972 [ 146 ] CVE-2016-1973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1973 [ 147 ] CVE-2016-1973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1973 [ 148 ] CVE-2016-1974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1974 [ 149 ] CVE-2016-1974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1974 [ 150 ] CVE-2016-1975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1975 [ 151 ] CVE-2016-1975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1975 [ 152 ] CVE-2016-1976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1976 [ 153 ] CVE-2016-1976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1976 [ 154 ] CVE-2016-1977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1977 [ 155 ] CVE-2016-1977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1977 [ 156 ] CVE-2016-1978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1978 [ 157 ] CVE-2016-1978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1978 [ 158 ] CVE-2016-1979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1979 [ 159 ] CVE-2016-1979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1979 [ 160 ] CVE-2016-2790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2790 [ 161 ] CVE-2016-2790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2790 [ 162 ] CVE-2016-2791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2791 [ 163 ] CVE-2016-2791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2791 [ 164 ] CVE-2016-2792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2792 [ 165 ] CVE-2016-2792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2792 [ 166 ] CVE-2016-2793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2793 [ 167 ] CVE-2016-2793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2793 [ 168 ] CVE-2016-2794 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2794 [ 169 ] CVE-2016-2794 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2794 [ 170 ] CVE-2016-2795 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2795 [ 171 ] CVE-2016-2795 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2795 [ 172 ] CVE-2016-2796 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2796 [ 173 ] CVE-2016-2796 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2796 [ 174 ] CVE-2016-2797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2797 [ 175 ] CVE-2016-2797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2797 [ 176 ] CVE-2016-2798 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2798 [ 177 ] CVE-2016-2798 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2798 [ 178 ] CVE-2016-2799 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2799 [ 179 ] CVE-2016-2799 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2799 [ 180 ] CVE-2016-2800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2800 [ 181 ] CVE-2016-2800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2800 [ 182 ] CVE-2016-2801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2801 [ 183 ] CVE-2016-2801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2801 [ 184 ] CVE-2016-2802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802 [ 185 ] CVE-2016-2802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201605-06
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--Bs4bwglUWSbluQjJQQ051Q7fVoU1XxLw6 . 5 client) - i386, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: nss-util security update Advisory ID: RHSA-2016:0495-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0495.html Issue date: 2016-03-23 CVE Names: CVE-2016-1950 =====================================================================
- Summary:
Updated nss-util packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2, 6.4, and 6.5 Advanced Update Support, and Red Hat Enterprise Linux 6.6 and 7.1 Extended Update Support.
Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64
- Description:
Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util package provides a set of utilities for NSS and the Softoken module.
A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. (CVE-2016-1950)
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Francis Gabriel as the original reporter.
All nss-util users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the nss and nss-util libraries must be restarted, or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1310509 - CVE-2016-1950 nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35)
- Package List:
Red Hat Enterprise Linux HPC Node EUS (v. 6.6):
Source: nss-util-3.19.1-3.el6_6.src.rpm
x86_64: nss-util-3.19.1-3.el6_6.i686.rpm nss-util-3.19.1-3.el6_6.x86_64.rpm nss-util-debuginfo-3.19.1-3.el6_6.i686.rpm nss-util-debuginfo-3.19.1-3.el6_6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6):
x86_64: nss-util-debuginfo-3.19.1-3.el6_6.i686.rpm nss-util-debuginfo-3.19.1-3.el6_6.x86_64.rpm nss-util-devel-3.19.1-3.el6_6.i686.rpm nss-util-devel-3.19.1-3.el6_6.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 6.2):
Source: nss-util-3.13.1-10.el6_2.src.rpm
x86_64: nss-util-3.13.1-10.el6_2.i686.rpm nss-util-3.13.1-10.el6_2.x86_64.rpm nss-util-debuginfo-3.13.1-10.el6_2.i686.rpm nss-util-debuginfo-3.13.1-10.el6_2.x86_64.rpm nss-util-devel-3.13.1-10.el6_2.i686.rpm nss-util-devel-3.13.1-10.el6_2.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 6.4):
Source: nss-util-3.14.3-8.el6_4.src.rpm
x86_64: nss-util-3.14.3-8.el6_4.i686.rpm nss-util-3.14.3-8.el6_4.x86_64.rpm nss-util-debuginfo-3.14.3-8.el6_4.i686.rpm nss-util-debuginfo-3.14.3-8.el6_4.x86_64.rpm nss-util-devel-3.14.3-8.el6_4.i686.rpm nss-util-devel-3.14.3-8.el6_4.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 6.5):
Source: nss-util-3.16.1-4.el6_5.src.rpm
x86_64: nss-util-3.16.1-4.el6_5.i686.rpm nss-util-3.16.1-4.el6_5.x86_64.rpm nss-util-debuginfo-3.16.1-4.el6_5.i686.rpm nss-util-debuginfo-3.16.1-4.el6_5.x86_64.rpm nss-util-devel-3.16.1-4.el6_5.i686.rpm nss-util-devel-3.16.1-4.el6_5.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: nss-util-3.19.1-3.el6_6.src.rpm
i386: nss-util-3.19.1-3.el6_6.i686.rpm nss-util-debuginfo-3.19.1-3.el6_6.i686.rpm nss-util-devel-3.19.1-3.el6_6.i686.rpm
ppc64: nss-util-3.19.1-3.el6_6.ppc.rpm nss-util-3.19.1-3.el6_6.ppc64.rpm nss-util-debuginfo-3.19.1-3.el6_6.ppc.rpm nss-util-debuginfo-3.19.1-3.el6_6.ppc64.rpm nss-util-devel-3.19.1-3.el6_6.ppc.rpm nss-util-devel-3.19.1-3.el6_6.ppc64.rpm
s390x: nss-util-3.19.1-3.el6_6.s390.rpm nss-util-3.19.1-3.el6_6.s390x.rpm nss-util-debuginfo-3.19.1-3.el6_6.s390.rpm nss-util-debuginfo-3.19.1-3.el6_6.s390x.rpm nss-util-devel-3.19.1-3.el6_6.s390.rpm nss-util-devel-3.19.1-3.el6_6.s390x.rpm
x86_64: nss-util-3.19.1-3.el6_6.i686.rpm nss-util-3.19.1-3.el6_6.x86_64.rpm nss-util-debuginfo-3.19.1-3.el6_6.i686.rpm nss-util-debuginfo-3.19.1-3.el6_6.x86_64.rpm nss-util-devel-3.19.1-3.el6_6.i686.rpm nss-util-devel-3.19.1-3.el6_6.x86_64.rpm
Red Hat Enterprise Linux ComputeNode EUS (v. 7.1):
Source: nss-util-3.19.1-5.el7_1.src.rpm
x86_64: nss-util-3.19.1-5.el7_1.i686.rpm nss-util-3.19.1-5.el7_1.x86_64.rpm nss-util-debuginfo-3.19.1-5.el7_1.i686.rpm nss-util-debuginfo-3.19.1-5.el7_1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1):
x86_64: nss-util-debuginfo-3.19.1-5.el7_1.i686.rpm nss-util-debuginfo-3.19.1-5.el7_1.x86_64.rpm nss-util-devel-3.19.1-5.el7_1.i686.rpm nss-util-devel-3.19.1-5.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: nss-util-3.19.1-5.el7_1.src.rpm
ppc64: nss-util-3.19.1-5.el7_1.ppc.rpm nss-util-3.19.1-5.el7_1.ppc64.rpm nss-util-debuginfo-3.19.1-5.el7_1.ppc.rpm nss-util-debuginfo-3.19.1-5.el7_1.ppc64.rpm nss-util-devel-3.19.1-5.el7_1.ppc.rpm nss-util-devel-3.19.1-5.el7_1.ppc64.rpm
s390x: nss-util-3.19.1-5.el7_1.s390.rpm nss-util-3.19.1-5.el7_1.s390x.rpm nss-util-debuginfo-3.19.1-5.el7_1.s390.rpm nss-util-debuginfo-3.19.1-5.el7_1.s390x.rpm nss-util-devel-3.19.1-5.el7_1.s390.rpm nss-util-devel-3.19.1-5.el7_1.s390x.rpm
x86_64: nss-util-3.19.1-5.el7_1.i686.rpm nss-util-3.19.1-5.el7_1.x86_64.rpm nss-util-debuginfo-3.19.1-5.el7_1.i686.rpm nss-util-debuginfo-3.19.1-5.el7_1.x86_64.rpm nss-util-devel-3.19.1-5.el7_1.i686.rpm nss-util-devel-3.19.1-5.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: nss-util-3.19.1-5.ael7b_1.src.rpm
ppc64le: nss-util-3.19.1-5.ael7b_1.ppc64le.rpm nss-util-debuginfo-3.19.1-5.ael7b_1.ppc64le.rpm nss-util-devel-3.19.1-5.ael7b_1.ppc64le.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFW8mrxXlSAg2UNWIIRApd+AKC89tmaT/sw/qZV56m0D+wS0ksruwCgoZdA LWDm7Ow/XWG3HaU1ic1EWh4= =RGkL -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.6,
"vendor": "mozilla",
"version": "3.20.1"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.6,
"vendor": "mozilla",
"version": "3.20"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.6,
"vendor": "mozilla",
"version": "3.21"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 1.6,
"vendor": "mozilla",
"version": "3.19.2"
},
{
"_id": null,
"model": "glassfish server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.1.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.3.0"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.5.0"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.0.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.2.0"
},
{
"_id": null,
"model": "iplanet web proxy server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6"
},
{
"_id": null,
"model": "tvos",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "9.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.6.0"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.4.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7"
},
{
"_id": null,
"model": "iplanet web server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.2.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.1.0"
},
{
"_id": null,
"model": "firefox",
"scope": "lte",
"trust": 1.0,
"vendor": "mozilla",
"version": "44.0.2"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.0.5"
},
{
"_id": null,
"model": "watchos",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "2.1"
},
{
"_id": null,
"model": "vm server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.6.1"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.5.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.0"
},
{
"_id": null,
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "9.2.1"
},
{
"_id": null,
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.11.3"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.1.1"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-136"
},
{
"db": "NVD",
"id": "CVE-2016-1950"
}
]
},
"credits": {
"_id": null,
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "136826"
},
{
"db": "PACKETSTORM",
"id": "136614"
},
{
"db": "PACKETSTORM",
"id": "136148"
},
{
"db": "PACKETSTORM",
"id": "136146"
}
],
"trust": 0.4
},
"cve": "CVE-2016-1950",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-1950",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-90769",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-1950",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1950",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-136",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-90769",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90769"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-136"
},
{
"db": "NVD",
"id": "CVE-2016-1950"
}
]
},
"description": {
"_id": null,
"data": "Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. Both Mozilla Firefox and Firefox ESR are developed by the Mozilla Foundation in the United States. The following products and versions are affected: Mozilla Firefox prior to 45.0, Firefox ESR prior to 38.7 38.x, Mozilla NSS prior to 3.19.2.3, 3.20.x, 3.21.1 prior to 3.21.x. \n\nCVE-2015-4000\n\n David Adrian et al. reported that it may be feasible to attack\n Diffie-Hellman-based cipher suites in certain circumstances,\n compromising the confidentiality and integrity of data encrypted\n with Transport Layer Security (TLS). \n\nCVE-2015-7181\nCVE-2015-7182\nCVE-2016-1950\n\n Tyson Smith, David Keeler, and Francis Gabriel discovered\n heap-based buffer overflows in the ASN.1 DER parser, potentially\n leading to arbitrary code execution. \n\nCVE-2015-7575\n\n Karthikeyan Bhargavan discovered that TLS client implementation\n accepted MD5-based signatures for TLS 1.2 connections with forward\n secrecy, weakening the intended security strength of TLS\n connections. \n\nCVE-2016-1938\n\n Hanno Boeck discovered that NSS miscomputed the result of integer\n division for certain inputs. This could weaken the cryptographic\n protections provided by NSS. However, NSS implements RSA-CRT leak\n hardening, so RSA private keys are not directly disclosed by this\n issue. \n\nCVE-2016-1978\n\n Eric Rescorla discovered a user-after-free vulnerability in the\n implementation of ECDH-based TLS handshakes, with unknown\n consequences. \n\nCVE-2016-1979\n\n Tim Taubert discovered a use-after-free vulnerability in ASN.1 DER\n processing, with application-specific impact. \n\nCVE-2016-2834\n\n Tyson Smith and Jed Davis discovered unspecified memory-safety\n bugs in NSS. \n\nIn addition, the NSS library did not ignore environment variables in\nprocesses which underwent a SUID/SGID/AT_SECURE transition at process\nstart. In certain system configurations, this allowed local users to\nescalate their privileges. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2:3.26-1+debu8u1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:3.23-1. \n\nWe recommend that you upgrade your nss packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-03-21-3 tvOS 9.2\n\ntvOS 9.2 is now available and addresses the following:\n\nFontParser\nAvailable for: Apple TV (4th generation)\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with\nTrend Micro\u0027s Zero Day Initiative (ZDI)\n\nHTTPProtocol\nAvailable for: Apple TV (4th generation)\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple vulnerabilities existed in nghttp2 versions\nprior to 1.6.0, the most serious of which may have led to remote code\nexecution. These were addressed by updating nghttp2 to version 1.6.0. \nCVE-ID\nCVE-2015-8659\n\nIOHIDFamily\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to determine kernel memory layout\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1748 : Brandon Azad\n\nKernel\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2016-1750 : CESG\n\nKernel\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple integer overflows were addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro\u0027s Zero\nDay Initiative (ZDI)\n\nKernel\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to bypass code signing\nDescription: A permissions issue existed in which execute permission\nwas incorrectly granted. This issue was addressed through improved\npermission validation. \nCVE-ID\nCVE-2016-1751 : Eric Monti of Square Mobile Security\n\nKernel\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2016-1755 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to cause a denial of service\nDescription: A denial of service issue was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1752 : CESG\n\nlibxml2\nAvailable for: Apple TV (4th generation)\nImpact: Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-1819\nCVE-2015-5312 : David Drysdale of Google\nCVE-2015-7499\nCVE-2015-7500 : Kostya Serebryany of Google\nCVE-2015-7942 : Kostya Serebryany of Google\nCVE-2015-8035 : gustavo.grieco\nCVE-2015-8242 : Hugh Davenport\nCVE-2016-1762\n\nSecurity\nAvailable for: Apple TV (4th generation)\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the ASN.1 decoder. \nThis issue was addressed through improved input validation. \nCVE-ID\nCVE-2016-1950 : Francis Gabriel of Quarkslab\n\nTrueTypeScaler\nAvailable for: Apple TV (4th generation)\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2016-1775 : 0x1byte working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\n\nWebKit\nAvailable for: Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1783 : Mihai Parparita of Google\n\nWebKit History\nAvailable for: Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to an\nunexpected Safari crash\nDescription: A resource exhaustion issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and \u674e\u666e\u541b of\n\u65e0\u58f0\u4fe1\u606f\u6280\u672fPKAV Team (PKAV.net)\n\nWi-Fi\nAvailable for: Apple TV (4th generation)\nImpact: An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription: A frame validation and memory corruption issue existed\nfor a given ethertype. This issue was addressed through additional\nethertype validation and improved memory handling. \nCVE-ID\nCVE-2016-0801 : an anonymous researcher\nCVE-2016-0802 : an anonymous researcher\n\nInstallation note:\n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e System -\u003e Software Update -\u003e Update Software.\". \n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About\". ============================================================================\nUbuntu Security Notice USN-2917-2\nApril 07, 2016\n\nfirefox regressions\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nUSN-2917-1 introduced several regressions in Firefox. \n\nSoftware Description:\n- firefox: Mozilla Open Source web browser\n\nDetails:\n\nUSN-2917-1 fixed vulnerabilities in Firefox. This update caused several\nregressions that could result in search engine settings being lost, the\nlist of search providers appearing empty or the location bar breaking\nafter typing an invalid URL. This update fixes the problem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. \n If a user were tricked in to opening a specially crafted website, an\n attacker could potentially exploit this to cause a denial of service via\n application crash, or execute arbitrary code with the privileges of the\n user invoking Firefox. (CVE-2016-1950)\n \n Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel\n Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto,\n Tyson Smith, Andrea Marchesini, and Jukka Jyl=C3=A4nki discovered multiple\n memory safety issues in Firefox. If a user were tricked in to opening a\n specially crafted website, an attacker could potentially exploit these to\n cause a denial of service via application crash, or execute arbitrary code\n with the privileges of the user invoking Firefox. (CVE-2016-1952,\n CVE-2016-1953)\n \n Nicolas Golubovic discovered that CSP violation reports can be used to\n overwrite local files. If a user were tricked in to opening a specially\n crafted website with addon signing disabled and unpacked addons installed,\n an attacker could potentially exploit this to gain additional privileges. \n (CVE-2016-1954)\n \n Muneaki Nishimura discovered that CSP violation reports contained full\n paths for cross-origin iframe navigations. An attacker could potentially\n exploit this to steal confidential data. (CVE-2016-1955)\n \n Ucha Gobejishvili discovered that performing certain WebGL operations\n resulted in memory resource exhaustion with some Intel GPUs, requiring\n a reboot. If a user were tricked in to opening a specially crafted\n website, an attacker could potentially exploit this to cause a denial\n of service. (CVE-2016-1956)\n \n Jose Martinez and Romina Santillan discovered a memory leak in\n libstagefright during MPEG4 video file processing in some circumstances. \n If a user were tricked in to opening a specially crafted website, an\n attacker could potentially exploit this to cause a denial of service via\n memory exhaustion. (CVE-2016-1957)\n \n Abdulrahman Alqabandi discovered that the addressbar could be blank or\n filled with page defined content in some circumstances. If a user were\n tricked in to opening a specially crafted website, an attacker could\n potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958)\n \n Looben Yang discovered an out-of-bounds read in Service Worker Manager. If\n a user were tricked in to opening a specially crafted website, an attacker\n could potentially exploit this to cause a denial of service via\n application crash, or execute arbitrary code with the privileges of the\n user invoking Firefox. (CVE-2016-1959)\n \n A use-after-free was discovered in the HTML5 string parser. If a user were\n tricked in to opening a specially crafted website, an attacker could\n potentially exploit this to cause a denial of service via application\n crash, or execute arbitrary code with the privileges of the user invoking\n Firefox. (CVE-2016-1960)\n \n A use-after-free was discovered in the SetBody function of HTMLDocument. \n If a user were tricked in to opening a specially crafted website, an\n attacker could potentially exploit this to cause a denial of service via\n application crash, or execute arbitrary code with the privileges of the\n user invoking Firefox. (CVE-2016-1961)\n \n Dominique Haza=C3=ABl-Massieux discovered a use-after-free when using multiple\n WebRTC data channels. If a user were tricked in to opening a specially\n crafted website, an attacker could potentially exploit this to cause a\n denial of service via application crash, or execute arbitrary code with\n the privileges of the user invoking Firefox. (CVE-2016-1962)\n \n It was discovered that Firefox crashes when local files are modified\n whilst being read by the FileReader API. If a user were tricked in to\n opening a specially crafted website, an attacker could potentially exploit\n this to execute arbitrary code with the privileges of the user invoking\n Firefox. (CVE-2016-1963)\n \n Nicolas Gr=C3=A9goire discovered a use-after-free during XML transformations. \n If a user were tricked in to opening a specially crafted website, an\n attacker could potentially exploit this to cause a denial of service via\n application crash, or execute arbitrary code with the privileges of the\n user invoking Firefox. (CVE-2016-1964)\n \n Tsubasa Iinuma discovered a mechanism to cause the addressbar to display\n an incorrect URL, using history navigations and the Location protocol\n property. If a user were tricked in to opening a specially crafted\n website, an attacker could potentially exploit this to conduct URL\n spoofing attacks. (CVE-2016-1965)\n \n A memory corruption issues was discovered in the NPAPI subsystem. If\n a user were tricked in to opening a specially crafted website with a\n malicious plugin installed, an attacker could potentially exploit this\n to cause a denial of service via application crash, or execute arbitrary\n code with the privileges of the user invoking Firefox. (CVE-2016-1966)\n \n Jordi Chancel discovered a same-origin-policy bypass when using\n performance.getEntries and history navigation with session restore. If\n a user were tricked in to opening a specially crafted website, an attacker\n could potentially exploit this to steal confidential data. (CVE-2016-1967)\n \n Luke Li discovered a buffer overflow during Brotli decompression in some\n circumstances. If a user were tricked in to opening a specially crafted\n website, an attacker could potentially exploit this to cause a denial of\n service via application crash, or execute arbitrary code with the\n privileges of the user invoking Firefox. (CVE-2016-1968)\n \n Ronald Crane discovered a use-after-free in GetStaticInstance in WebRTC. \n If a user were tricked in to opening a specially crafted website, an\n attacker could potentially exploit this to cause a denial of service via\n application crash, or execute arbitrary code with the privileges of the\n user invoking Firefox. (CVE-2016-1973)\n \n Ronald Crane discovered an out-of-bounds read following a failed\n allocation in the HTML parser in some circumstances. If a user were\n tricked in to opening a specially crafted website, an attacker could\n potentially exploit this to cause a denial of service via application\n crash, or execute arbitrary code with the privileges of the user invoking\n Firefox. (CVE-2016-1974)\n \n Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple\n memory safety issues in the Graphite 2 library. If a user were tricked in\n to opening a specially crafted website, an attacker could potentially\n exploit these to cause a denial of service via application crash, or\n execute arbitrary code with the privileges of the user invoking Firefox. \n (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,\n CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797,\n CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n firefox 45.0.1+build1-0ubuntu0.15.10.2\n\nUbuntu 14.04 LTS:\n firefox 45.0.1+build1-0ubuntu0.14.04.2\n\nUbuntu 12.04 LTS:\n firefox 45.0.1+build1-0ubuntu0.12.04.2\n\nAfter a standard system update you need to restart Firefox to make\nall the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2917-2\n http://www.ubuntu.com/usn/usn-2917-1\n https://launchpad.net/bugs/1567671\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/firefox/45.0.1+build1-0ubuntu0.15.10.2\n https://launchpad.net/ubuntu/+source/firefox/45.0.1+build1-0ubuntu0.14.04.2\n https://launchpad.net/ubuntu/+source/firefox/45.0.1+build1-0ubuntu0.12.04.2\n. The\nSeaMonkey project is a community effort to deliver production-quality\nreleases of code derived from the application formerly known as\n\u0027Mozilla Application Suite\u0027. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/nspr \u003c 4.12 \u003e= 4.12\n 2 dev-libs/nss \u003c 3.22.2 \u003e= 3.22.2\n 3 mail-client/thunderbird \u003c 38.7.0 \u003e= 38.7.0\n 4 mail-client/thunderbird-bin\n \u003c 38.7.0 \u003e= 38.7.0\n 5 www-client/firefox \u003c 38.7.0 \u003e= 38.7.0\n 6 www-client/firefox-bin \u003c 38.7.0 \u003e= 38.7.0\n -------------------------------------------------------------------\n 6 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Firefox, NSS, NSPR,\nand Thunderbird. Please review the CVE identifiers referenced below for\ndetails. Furthermore, a remote attacker may be able\nto perform Man-in-the-Middle attacks, obtain sensitive information,\nspoof the address bar, conduct clickjacking attacks, bypass security\nrestrictions and protection mechanisms, or have other unspecified\nimpacts. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll NSS users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/nss-3.22.2\"\n\nAll Thunderbird users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=mail-client/thunderbird-38.7.0\"=\n\n\nAll users of the Thunderbird binary package should upgrade to the\nlatest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-bin-38.7.0\"\n\nAll Firefox 38.7.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-38.7.0\"\n\nAll users of the Firefox 38.7.x binary package should upgrade to the\nlatest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-bin-38.7.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-2708\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2708\n[ 2 ] CVE-2015-2708\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2708\n[ 3 ] CVE-2015-2709\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2709\n[ 4 ] CVE-2015-2709\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2709\n[ 5 ] CVE-2015-2710\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2710\n[ 6 ] CVE-2015-2710\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2710\n[ 7 ] CVE-2015-2711\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2711\n[ 8 ] CVE-2015-2711\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2711\n[ 9 ] CVE-2015-2712\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2712\n[ 10 ] CVE-2015-2712\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2712\n[ 11 ] CVE-2015-2713\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2713\n[ 12 ] CVE-2015-2713\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2713\n[ 13 ] CVE-2015-2714\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2714\n[ 14 ] CVE-2015-2714\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2714\n[ 15 ] CVE-2015-2715\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2715\n[ 16 ] CVE-2015-2715\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2715\n[ 17 ] CVE-2015-2716\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2716\n[ 18 ] CVE-2015-2716\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2716\n[ 19 ] CVE-2015-2717\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2717\n[ 20 ] CVE-2015-2717\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2717\n[ 21 ] CVE-2015-2718\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2718\n[ 22 ] CVE-2015-2718\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2718\n[ 23 ] CVE-2015-4473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4473\n[ 24 ] CVE-2015-4473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4473\n[ 25 ] CVE-2015-4474\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4474\n[ 26 ] CVE-2015-4474\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4474\n[ 27 ] CVE-2015-4475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4475\n[ 28 ] CVE-2015-4475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4475\n[ 29 ] CVE-2015-4477\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4477\n[ 30 ] CVE-2015-4477\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4477\n[ 31 ] CVE-2015-4478\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4478\n[ 32 ] CVE-2015-4478\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4478\n[ 33 ] CVE-2015-4479\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4479\n[ 34 ] CVE-2015-4479\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4479\n[ 35 ] CVE-2015-4480\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4480\n[ 36 ] CVE-2015-4480\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4480\n[ 37 ] CVE-2015-4481\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4481\n[ 38 ] CVE-2015-4481\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4481\n[ 39 ] CVE-2015-4482\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4482\n[ 40 ] CVE-2015-4482\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4482\n[ 41 ] CVE-2015-4483\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4483\n[ 42 ] CVE-2015-4483\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4483\n[ 43 ] CVE-2015-4484\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4484\n[ 44 ] CVE-2015-4484\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4484\n[ 45 ] CVE-2015-4485\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4485\n[ 46 ] CVE-2015-4485\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4485\n[ 47 ] CVE-2015-4486\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4486\n[ 48 ] CVE-2015-4486\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4486\n[ 49 ] CVE-2015-4487\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4487\n[ 50 ] CVE-2015-4487\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4487\n[ 51 ] CVE-2015-4488\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4488\n[ 52 ] CVE-2015-4488\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4488\n[ 53 ] CVE-2015-4489\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4489\n[ 54 ] CVE-2015-4489\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4489\n[ 55 ] CVE-2015-4490\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4490\n[ 56 ] CVE-2015-4490\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4490\n[ 57 ] CVE-2015-4491\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4491\n[ 58 ] CVE-2015-4491\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4491\n[ 59 ] CVE-2015-4492\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4492\n[ 60 ] CVE-2015-4492\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4492\n[ 61 ] CVE-2015-4493\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4493\n[ 62 ] CVE-2015-4493\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4493\n[ 63 ] CVE-2015-7181\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7181\n[ 64 ] CVE-2015-7182\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7182\n[ 65 ] CVE-2015-7183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7183\n[ 66 ] CVE-2016-1523\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523\n[ 67 ] CVE-2016-1523\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523\n[ 68 ] CVE-2016-1930\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1930\n[ 69 ] CVE-2016-1930\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1930\n[ 70 ] CVE-2016-1931\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1931\n[ 71 ] CVE-2016-1931\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1931\n[ 72 ] CVE-2016-1933\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1933\n[ 73 ] CVE-2016-1933\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1933\n[ 74 ] CVE-2016-1935\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1935\n[ 75 ] CVE-2016-1935\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1935\n[ 76 ] CVE-2016-1937\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1937\n[ 77 ] CVE-2016-1937\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1937\n[ 78 ] CVE-2016-1938\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938\n[ 79 ] CVE-2016-1938\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938\n[ 80 ] CVE-2016-1939\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1939\n[ 81 ] CVE-2016-1939\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1939\n[ 82 ] CVE-2016-1940\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1940\n[ 83 ] CVE-2016-1940\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1940\n[ 84 ] CVE-2016-1941\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1941\n[ 85 ] CVE-2016-1941\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1941\n[ 86 ] CVE-2016-1942\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1942\n[ 87 ] CVE-2016-1942\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1942\n[ 88 ] CVE-2016-1943\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1943\n[ 89 ] CVE-2016-1943\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1943\n[ 90 ] CVE-2016-1944\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1944\n[ 91 ] CVE-2016-1944\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1944\n[ 92 ] CVE-2016-1945\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1945\n[ 93 ] CVE-2016-1945\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1945\n[ 94 ] CVE-2016-1946\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1946\n[ 95 ] CVE-2016-1946\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1946\n[ 96 ] CVE-2016-1947\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1947\n[ 97 ] CVE-2016-1947\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1947\n[ 98 ] CVE-2016-1948\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1948\n[ 99 ] CVE-2016-1948\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1948\n[ 100 ] CVE-2016-1949\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1949\n[ 101 ] CVE-2016-1949\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1949\n[ 102 ] CVE-2016-1950\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1950\n[ 103 ] CVE-2016-1950\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1950\n[ 104 ] CVE-2016-1952\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1952\n[ 105 ] CVE-2016-1952\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1952\n[ 106 ] CVE-2016-1953\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1953\n[ 107 ] CVE-2016-1953\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1953\n[ 108 ] CVE-2016-1954\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1954\n[ 109 ] CVE-2016-1954\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1954\n[ 110 ] CVE-2016-1955\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1955\n[ 111 ] CVE-2016-1955\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1955\n[ 112 ] CVE-2016-1956\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1956\n[ 113 ] CVE-2016-1956\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1956\n[ 114 ] CVE-2016-1957\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1957\n[ 115 ] CVE-2016-1957\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1957\n[ 116 ] CVE-2016-1958\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1958\n[ 117 ] CVE-2016-1958\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1958\n[ 118 ] CVE-2016-1959\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1959\n[ 119 ] CVE-2016-1959\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1959\n[ 120 ] CVE-2016-1960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1960\n[ 121 ] CVE-2016-1960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1960\n[ 122 ] CVE-2016-1961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1961\n[ 123 ] CVE-2016-1961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1961\n[ 124 ] CVE-2016-1962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1962\n[ 125 ] CVE-2016-1962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1962\n[ 126 ] CVE-2016-1963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1963\n[ 127 ] CVE-2016-1963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1963\n[ 128 ] CVE-2016-1964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1964\n[ 129 ] CVE-2016-1964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1964\n[ 130 ] CVE-2016-1965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1965\n[ 131 ] CVE-2016-1965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1965\n[ 132 ] CVE-2016-1966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1966\n[ 133 ] CVE-2016-1966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1966\n[ 134 ] CVE-2016-1967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1967\n[ 135 ] CVE-2016-1967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1967\n[ 136 ] CVE-2016-1968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1968\n[ 137 ] CVE-2016-1968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1968\n[ 138 ] CVE-2016-1969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1969\n[ 139 ] CVE-2016-1969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1969\n[ 140 ] CVE-2016-1970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1970\n[ 141 ] CVE-2016-1970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1970\n[ 142 ] CVE-2016-1971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1971\n[ 143 ] CVE-2016-1971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1971\n[ 144 ] CVE-2016-1972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1972\n[ 145 ] CVE-2016-1972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1972\n[ 146 ] CVE-2016-1973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1973\n[ 147 ] CVE-2016-1973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1973\n[ 148 ] CVE-2016-1974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1974\n[ 149 ] CVE-2016-1974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1974\n[ 150 ] CVE-2016-1975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1975\n[ 151 ] CVE-2016-1975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1975\n[ 152 ] CVE-2016-1976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1976\n[ 153 ] CVE-2016-1976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1976\n[ 154 ] CVE-2016-1977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1977\n[ 155 ] CVE-2016-1977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1977\n[ 156 ] CVE-2016-1978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1978\n[ 157 ] CVE-2016-1978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1978\n[ 158 ] CVE-2016-1979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1979\n[ 159 ] CVE-2016-1979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1979\n[ 160 ] CVE-2016-2790\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2790\n[ 161 ] CVE-2016-2790\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2790\n[ 162 ] CVE-2016-2791\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2791\n[ 163 ] CVE-2016-2791\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2791\n[ 164 ] CVE-2016-2792\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2792\n[ 165 ] CVE-2016-2792\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2792\n[ 166 ] CVE-2016-2793\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2793\n[ 167 ] CVE-2016-2793\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2793\n[ 168 ] CVE-2016-2794\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2794\n[ 169 ] CVE-2016-2794\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2794\n[ 170 ] CVE-2016-2795\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2795\n[ 171 ] CVE-2016-2795\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2795\n[ 172 ] CVE-2016-2796\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2796\n[ 173 ] CVE-2016-2796\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2796\n[ 174 ] CVE-2016-2797\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2797\n[ 175 ] CVE-2016-2797\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2797\n[ 176 ] CVE-2016-2798\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2798\n[ 177 ] CVE-2016-2798\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2798\n[ 178 ] CVE-2016-2799\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2799\n[ 179 ] CVE-2016-2799\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2799\n[ 180 ] CVE-2016-2800\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2800\n[ 181 ] CVE-2016-2800\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2800\n[ 182 ] CVE-2016-2801\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2801\n[ 183 ] CVE-2016-2801\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2801\n[ 184 ] CVE-2016-2802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802\n[ 185 ] CVE-2016-2802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201605-06\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n\n--Bs4bwglUWSbluQjJQQ051Q7fVoU1XxLw6\n. 5 client) - i386, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: nss-util security update\nAdvisory ID: RHSA-2016:0495-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0495.html\nIssue date: 2016-03-23\nCVE Names: CVE-2016-1950 \n=====================================================================\n\n1. Summary:\n\nUpdated nss-util packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6.2, 6.4, and 6.5 Advanced Update Support, and Red\nHat Enterprise Linux 6.6 and 7.1 Extended Update Support. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.1) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1) - x86_64\nRed Hat Enterprise Linux HPC Node EUS (v. 6.6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional EUS (v. 6.6) - x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.2) - x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.4) - x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.5) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 6.6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64\n\n3. Description:\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. The nss-util package provides a set of utilities for NSS and\nthe Softoken module. \n\nA heap-based buffer overflow flaw was found in the way NSS parsed certain\nASN.1 structures. (CVE-2016-1950)\n\nRed Hat would like to thank the Mozilla project for reporting this issue. \nUpstream acknowledges Francis Gabriel as the original reporter. \n\nAll nss-util users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all applications linked to the nss and nss-util libraries must be\nrestarted, or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1310509 - CVE-2016-1950 nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35)\n\n6. Package List:\n\nRed Hat Enterprise Linux HPC Node EUS (v. 6.6):\n\nSource:\nnss-util-3.19.1-3.el6_6.src.rpm\n\nx86_64:\nnss-util-3.19.1-3.el6_6.i686.rpm\nnss-util-3.19.1-3.el6_6.x86_64.rpm\nnss-util-debuginfo-3.19.1-3.el6_6.i686.rpm\nnss-util-debuginfo-3.19.1-3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional EUS (v. 6.6):\n\nx86_64:\nnss-util-debuginfo-3.19.1-3.el6_6.i686.rpm\nnss-util-debuginfo-3.19.1-3.el6_6.x86_64.rpm\nnss-util-devel-3.19.1-3.el6_6.i686.rpm\nnss-util-devel-3.19.1-3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.2):\n\nSource:\nnss-util-3.13.1-10.el6_2.src.rpm\n\nx86_64:\nnss-util-3.13.1-10.el6_2.i686.rpm\nnss-util-3.13.1-10.el6_2.x86_64.rpm\nnss-util-debuginfo-3.13.1-10.el6_2.i686.rpm\nnss-util-debuginfo-3.13.1-10.el6_2.x86_64.rpm\nnss-util-devel-3.13.1-10.el6_2.i686.rpm\nnss-util-devel-3.13.1-10.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.4):\n\nSource:\nnss-util-3.14.3-8.el6_4.src.rpm\n\nx86_64:\nnss-util-3.14.3-8.el6_4.i686.rpm\nnss-util-3.14.3-8.el6_4.x86_64.rpm\nnss-util-debuginfo-3.14.3-8.el6_4.i686.rpm\nnss-util-debuginfo-3.14.3-8.el6_4.x86_64.rpm\nnss-util-devel-3.14.3-8.el6_4.i686.rpm\nnss-util-devel-3.14.3-8.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.5):\n\nSource:\nnss-util-3.16.1-4.el6_5.src.rpm\n\nx86_64:\nnss-util-3.16.1-4.el6_5.i686.rpm\nnss-util-3.16.1-4.el6_5.x86_64.rpm\nnss-util-debuginfo-3.16.1-4.el6_5.i686.rpm\nnss-util-debuginfo-3.16.1-4.el6_5.x86_64.rpm\nnss-util-devel-3.16.1-4.el6_5.i686.rpm\nnss-util-devel-3.16.1-4.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nnss-util-3.19.1-3.el6_6.src.rpm\n\ni386:\nnss-util-3.19.1-3.el6_6.i686.rpm\nnss-util-debuginfo-3.19.1-3.el6_6.i686.rpm\nnss-util-devel-3.19.1-3.el6_6.i686.rpm\n\nppc64:\nnss-util-3.19.1-3.el6_6.ppc.rpm\nnss-util-3.19.1-3.el6_6.ppc64.rpm\nnss-util-debuginfo-3.19.1-3.el6_6.ppc.rpm\nnss-util-debuginfo-3.19.1-3.el6_6.ppc64.rpm\nnss-util-devel-3.19.1-3.el6_6.ppc.rpm\nnss-util-devel-3.19.1-3.el6_6.ppc64.rpm\n\ns390x:\nnss-util-3.19.1-3.el6_6.s390.rpm\nnss-util-3.19.1-3.el6_6.s390x.rpm\nnss-util-debuginfo-3.19.1-3.el6_6.s390.rpm\nnss-util-debuginfo-3.19.1-3.el6_6.s390x.rpm\nnss-util-devel-3.19.1-3.el6_6.s390.rpm\nnss-util-devel-3.19.1-3.el6_6.s390x.rpm\n\nx86_64:\nnss-util-3.19.1-3.el6_6.i686.rpm\nnss-util-3.19.1-3.el6_6.x86_64.rpm\nnss-util-debuginfo-3.19.1-3.el6_6.i686.rpm\nnss-util-debuginfo-3.19.1-3.el6_6.x86_64.rpm\nnss-util-devel-3.19.1-3.el6_6.i686.rpm\nnss-util-devel-3.19.1-3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.1):\n\nSource:\nnss-util-3.19.1-5.el7_1.src.rpm\n\nx86_64:\nnss-util-3.19.1-5.el7_1.i686.rpm\nnss-util-3.19.1-5.el7_1.x86_64.rpm\nnss-util-debuginfo-3.19.1-5.el7_1.i686.rpm\nnss-util-debuginfo-3.19.1-5.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1):\n\nx86_64:\nnss-util-debuginfo-3.19.1-5.el7_1.i686.rpm\nnss-util-debuginfo-3.19.1-5.el7_1.x86_64.rpm\nnss-util-devel-3.19.1-5.el7_1.i686.rpm\nnss-util-devel-3.19.1-5.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nnss-util-3.19.1-5.el7_1.src.rpm\n\nppc64:\nnss-util-3.19.1-5.el7_1.ppc.rpm\nnss-util-3.19.1-5.el7_1.ppc64.rpm\nnss-util-debuginfo-3.19.1-5.el7_1.ppc.rpm\nnss-util-debuginfo-3.19.1-5.el7_1.ppc64.rpm\nnss-util-devel-3.19.1-5.el7_1.ppc.rpm\nnss-util-devel-3.19.1-5.el7_1.ppc64.rpm\n\ns390x:\nnss-util-3.19.1-5.el7_1.s390.rpm\nnss-util-3.19.1-5.el7_1.s390x.rpm\nnss-util-debuginfo-3.19.1-5.el7_1.s390.rpm\nnss-util-debuginfo-3.19.1-5.el7_1.s390x.rpm\nnss-util-devel-3.19.1-5.el7_1.s390.rpm\nnss-util-devel-3.19.1-5.el7_1.s390x.rpm\n\nx86_64:\nnss-util-3.19.1-5.el7_1.i686.rpm\nnss-util-3.19.1-5.el7_1.x86_64.rpm\nnss-util-debuginfo-3.19.1-5.el7_1.i686.rpm\nnss-util-debuginfo-3.19.1-5.el7_1.x86_64.rpm\nnss-util-devel-3.19.1-5.el7_1.i686.rpm\nnss-util-devel-3.19.1-5.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nnss-util-3.19.1-5.ael7b_1.src.rpm\n\nppc64le:\nnss-util-3.19.1-5.ael7b_1.ppc64le.rpm\nnss-util-debuginfo-3.19.1-5.ael7b_1.ppc64le.rpm\nnss-util-devel-3.19.1-5.ael7b_1.ppc64le.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFW8mrxXlSAg2UNWIIRApd+AKC89tmaT/sw/qZV56m0D+wS0ksruwCgoZdA\nLWDm7Ow/XWG3HaU1ic1EWh4=\n=RGkL\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1950"
},
{
"db": "VULHUB",
"id": "VHN-90769"
},
{
"db": "PACKETSTORM",
"id": "139002"
},
{
"db": "PACKETSTORM",
"id": "136344"
},
{
"db": "PACKETSTORM",
"id": "136826"
},
{
"db": "PACKETSTORM",
"id": "136614"
},
{
"db": "PACKETSTORM",
"id": "136148"
},
{
"db": "PACKETSTORM",
"id": "137239"
},
{
"db": "PACKETSTORM",
"id": "136133"
},
{
"db": "PACKETSTORM",
"id": "136394"
},
{
"db": "PACKETSTORM",
"id": "136146"
}
],
"trust": 1.8
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-90769",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90769"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2016-1950",
"trust": 2.6
},
{
"db": "BID",
"id": "84223",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1035215",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201603-136",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "136148",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136146",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136826",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136614",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136133",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136394",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136131",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136304",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136152",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136723",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-90769",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139002",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136344",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137239",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90769"
},
{
"db": "PACKETSTORM",
"id": "139002"
},
{
"db": "PACKETSTORM",
"id": "136344"
},
{
"db": "PACKETSTORM",
"id": "136826"
},
{
"db": "PACKETSTORM",
"id": "136614"
},
{
"db": "PACKETSTORM",
"id": "136148"
},
{
"db": "PACKETSTORM",
"id": "137239"
},
{
"db": "PACKETSTORM",
"id": "136133"
},
{
"db": "PACKETSTORM",
"id": "136394"
},
{
"db": "PACKETSTORM",
"id": "136146"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-136"
},
{
"db": "NVD",
"id": "CVE-2016-1950"
}
]
},
"id": "VAR-201603-0244",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90769"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T23:29:40.940000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Mozilla Firefox and Firefox ESR Network Security Services Fixes for heap-based buffer overflow vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60496"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-136"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90769"
},
{
"db": "NVD",
"id": "CVE-2016-1950"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/84223"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"trust": 1.9,
"url": "http://www.ubuntu.com/usn/usn-2917-1"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0495.html"
},
{
"trust": 1.8,
"url": "http://www.ubuntu.com/usn/usn-2917-2"
},
{
"trust": 1.8,
"url": "http://www.ubuntu.com/usn/usn-2924-1"
},
{
"trust": 1.8,
"url": "http://www.ubuntu.com/usn/usn-2934-1"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00000.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00001.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00002.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html"
},
{
"trust": 1.7,
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-35.html"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"trust": 1.7,
"url": "https://bto.bluecoat.com/security-advisory/sa119"
},
{
"trust": 1.7,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245528"
},
{
"trust": 1.7,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.19.2.3_release_notes"
},
{
"trust": 1.7,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.21.1_release_notes"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht206166"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht206167"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht206168"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht206169"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1035215"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-2917-3"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1950"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1957"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2795"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1974"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2794"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2796"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1961"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2793"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1954"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1964"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1960"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1966"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2791"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1977"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2798"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2797"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2792"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2790"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2799"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2800"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1952"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2801"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1955"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1965"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1953"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1958"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1956"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1967"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1973"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1962"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1963"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1959"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-1950"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.2,
"url": "https://www.mozilla.org/en-us/security/advisories/mfsa2016-36"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2834"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1979"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1938"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7182"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7181"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7575"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1755"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8659"
},
{
"trust": 0.1,
"url": "https://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1753"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7499"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0801"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8242"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5312"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1784"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7500"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1740"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1752"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1754"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1783"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0802"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1748"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.12.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.14.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2802"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.15.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1567671"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/45.0.1+build1-0ubuntu0.12.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/45.0.1+build1-0ubuntu0.14.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/45.0.1+build1-0ubuntu0.15.10.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nss/2:3.21-0ubuntu0.14.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nss/2:3.21-0ubuntu0.15.10.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nss/2:3.21-0ubuntu0.12.04.3"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4485"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2802"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1950"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4488"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4492"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1935"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7182"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1931"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1933"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4483"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4479"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1963"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1960"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4485"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1940"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1939"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2713"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7181"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2711"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2718"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4489"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4481"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2709"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4477"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1946"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2710"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2714"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1523"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4477"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4483"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4473"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1959"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1948"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4480"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4475"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2712"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4479"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2792"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4478"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4486"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2800"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1930"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2715"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4487"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2708"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2713"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1938"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1957"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4493"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4488"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1956"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2717"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4478"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4489"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4473"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1962"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2710"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1941"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2709"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2793"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1945"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4486"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4482"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1953"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2711"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4474"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4490"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1958"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4482"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4484"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2799"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1947"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4475"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2791"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1964"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4484"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1937"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2716"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1943"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1965"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4487"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4490"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1954"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1955"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1976"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2794"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2795"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4480"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1952"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4491"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1971"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2708"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4474"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1974"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2797"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2798"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1944"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4481"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2715"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1949"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2801"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2717"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0371.html"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/45.0+build2-0ubuntu0.12.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/45.0+build2-0ubuntu0.15.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/45.0+build2-0ubuntu0.14.04.1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90769"
},
{
"db": "PACKETSTORM",
"id": "139002"
},
{
"db": "PACKETSTORM",
"id": "136344"
},
{
"db": "PACKETSTORM",
"id": "136826"
},
{
"db": "PACKETSTORM",
"id": "136614"
},
{
"db": "PACKETSTORM",
"id": "136148"
},
{
"db": "PACKETSTORM",
"id": "137239"
},
{
"db": "PACKETSTORM",
"id": "136133"
},
{
"db": "PACKETSTORM",
"id": "136394"
},
{
"db": "PACKETSTORM",
"id": "136146"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-136"
},
{
"db": "NVD",
"id": "CVE-2016-1950"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-90769",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "139002",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "136344",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "136826",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "136614",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "136148",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "137239",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "136133",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "136394",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "136146",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201603-136",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2016-1950",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2016-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-90769",
"ident": null
},
{
"date": "2016-10-06T20:59:47",
"db": "PACKETSTORM",
"id": "139002",
"ident": null
},
{
"date": "2016-03-22T15:12:44",
"db": "PACKETSTORM",
"id": "136344",
"ident": null
},
{
"date": "2016-04-28T00:01:48",
"db": "PACKETSTORM",
"id": "136826",
"ident": null
},
{
"date": "2016-04-08T22:04:38",
"db": "PACKETSTORM",
"id": "136614",
"ident": null
},
{
"date": "2016-03-10T14:56:40",
"db": "PACKETSTORM",
"id": "136148",
"ident": null
},
{
"date": "2016-05-31T13:33:03",
"db": "PACKETSTORM",
"id": "137239",
"ident": null
},
{
"date": "2016-03-09T15:26:06",
"db": "PACKETSTORM",
"id": "136133",
"ident": null
},
{
"date": "2016-03-23T23:16:10",
"db": "PACKETSTORM",
"id": "136394",
"ident": null
},
{
"date": "2016-03-09T17:08:32",
"db": "PACKETSTORM",
"id": "136146",
"ident": null
},
{
"date": "2016-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-136",
"ident": null
},
{
"date": "2016-03-13T18:59:00.193000",
"db": "NVD",
"id": "CVE-2016-1950",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-12-27T00:00:00",
"db": "VULHUB",
"id": "VHN-90769",
"ident": null
},
{
"date": "2019-12-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-136",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-1950",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "136148"
},
{
"db": "PACKETSTORM",
"id": "137239"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-136"
}
],
"trust": 0.8
},
"title": {
"_id": null,
"data": "Mozilla Firefox and Firefox ESR Network Security Services Heap-based buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-136"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-136"
}
],
"trust": 0.6
}
}
VAR-201304-0062
Vulnerability from variot - Updated: 2026-04-10 23:21Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote attackers to conduct cross-site scripting (XSS) attacks or phishing attacks by leveraging control over navigation timing. Mozilla Firefox, SeaMonkey, and Thunderbird are prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Note: This issue was previously discussed in BID 58818 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2013-30 through -40 Multiple Vulnerabilities), but has been moved to its own record to better document it. The issue is fixed in: Firefox 20.0 Firefox ESR 17.0.5 Thunderbird 17.0.5 Thunderbird ESR 17.0.5 SeaMonkey 2.17. ============================================================================ Ubuntu Security Notice USN-1786-2 April 04, 2013
unity-firefox-extension update
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
Summary:
This update provides a compatible version of Unity Firefox Extension for Firefox 20.
Software Description: - unity-firefox-extension: Unity Integration for Firefox
Details:
USN-1786-1 fixed vulnerabilities in Firefox. (CVE-2013-0788, CVE-2013-0789)
Ambroz Bizjak discovered an out-of-bounds array read in the CERT_DecodeCertPackage function of the Network Security Services (NSS) libary when decoding certain certificates. An attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2013-0791)
Tobias Schula discovered an information leak in Firefox when the gfx.color_management.enablev4 preference is enabled. If the user were tricked into opening a specially crafted image, an attacker could potentially exploit this to steal confidential data. By default, the gfx.color_management.enablev4 preference is not enabled in Ubuntu. (CVE-2013-0792)
Mariusz Mlynski discovered that timed history navigations could be used to load arbitrary websites with the wrong URL displayed in the addressbar. (CVE-2013-0793)
It was discovered that the origin indication on tab-modal dialog boxes could be removed, which could allow an attacker's dialog to be displayed over another sites content. An attacker could exploit this to conduct phishing attacks. (CVE-2013-0794)
Cody Crews discovered that the cloneNode method could be used to bypass System Only Wrappers (SOW) to clone a protected node and bypass same-origin policy checks. (CVE-2013-0795)
A crash in WebGL rendering was discovered in Firefox. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201309-23
http://security.gentoo.org/
Severity: High Title: Mozilla Products: Multiple vulnerabilities Date: September 27, 2013 Bugs: #450940, #458390, #460818, #464226, #469868, #474758, #479968, #485258 ID: 201309-23
Synopsis
Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, some of which may allow a remote user to execute arbitrary code. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'. Please review the CVE identifiers referenced below for details. Further, a remote attacker could conduct XSS attacks, spoof URLs, bypass address space layout randomization, conduct clickjacking attacks, obtain potentially sensitive information, bypass access restrictions, modify the local filesystem, or conduct other unspecified attacks.
Workaround
There is no known workaround at this time.
Resolution
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-17.0.9"
All users of the Mozilla Firefox binary package should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-17.0.9"
All Mozilla Thunderbird users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-17.0.9"=
All users of the Mozilla Thunderbird binary package should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-17.0.9"
All SeaMonkey users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.21"
All users of the Mozilla SeaMonkey binary package should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.21"
References
[ 1 ] CVE-2013-0744 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0744 [ 2 ] CVE-2013-0745 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0745 [ 3 ] CVE-2013-0746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0746 [ 4 ] CVE-2013-0747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0747 [ 5 ] CVE-2013-0748 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0748 [ 6 ] CVE-2013-0749 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0749 [ 7 ] CVE-2013-0750 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0750 [ 8 ] CVE-2013-0751 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0751 [ 9 ] CVE-2013-0752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0752 [ 10 ] CVE-2013-0753 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0753 [ 11 ] CVE-2013-0754 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0754 [ 12 ] CVE-2013-0755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0755 [ 13 ] CVE-2013-0756 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0756 [ 14 ] CVE-2013-0757 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0757 [ 15 ] CVE-2013-0758 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0758 [ 16 ] CVE-2013-0759 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0759 [ 17 ] CVE-2013-0760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0760 [ 18 ] CVE-2013-0761 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0761 [ 19 ] CVE-2013-0762 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0762 [ 20 ] CVE-2013-0763 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0763 [ 21 ] CVE-2013-0764 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0764 [ 22 ] CVE-2013-0765 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0765 [ 23 ] CVE-2013-0766 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0766 [ 24 ] CVE-2013-0767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0767 [ 25 ] CVE-2013-0768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0768 [ 26 ] CVE-2013-0769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0769 [ 27 ] CVE-2013-0770 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0770 [ 28 ] CVE-2013-0771 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0771 [ 29 ] CVE-2013-0772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0772 [ 30 ] CVE-2013-0773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0773 [ 31 ] CVE-2013-0774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0774 [ 32 ] CVE-2013-0775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0775 [ 33 ] CVE-2013-0776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0776 [ 34 ] CVE-2013-0777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0777 [ 35 ] CVE-2013-0778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0778 [ 36 ] CVE-2013-0779 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0779 [ 37 ] CVE-2013-0780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0780 [ 38 ] CVE-2013-0781 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0781 [ 39 ] CVE-2013-0782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0782 [ 40 ] CVE-2013-0783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0783 [ 41 ] CVE-2013-0784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0784 [ 42 ] CVE-2013-0787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0787 [ 43 ] CVE-2013-0788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0788 [ 44 ] CVE-2013-0789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0789 [ 45 ] CVE-2013-0791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0791 [ 46 ] CVE-2013-0792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0792 [ 47 ] CVE-2013-0793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0793 [ 48 ] CVE-2013-0794 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0794 [ 49 ] CVE-2013-0795 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0795 [ 50 ] CVE-2013-0796 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0796 [ 51 ] CVE-2013-0797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0797 [ 52 ] CVE-2013-0799 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0799 [ 53 ] CVE-2013-0800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0800 [ 54 ] CVE-2013-0801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0801 [ 55 ] CVE-2013-1670 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1670 [ 56 ] CVE-2013-1671 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1671 [ 57 ] CVE-2013-1674 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1674 [ 58 ] CVE-2013-1675 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1675 [ 59 ] CVE-2013-1676 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1676 [ 60 ] CVE-2013-1677 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1677 [ 61 ] CVE-2013-1678 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1678 [ 62 ] CVE-2013-1679 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1679 [ 63 ] CVE-2013-1680 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1680 [ 64 ] CVE-2013-1681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1681 [ 65 ] CVE-2013-1682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1682 [ 66 ] CVE-2013-1684 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1684 [ 67 ] CVE-2013-1687 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1687 [ 68 ] CVE-2013-1690 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1690 [ 69 ] CVE-2013-1692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1692 [ 70 ] CVE-2013-1693 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1693 [ 71 ] CVE-2013-1694 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1694 [ 72 ] CVE-2013-1697 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1697 [ 73 ] CVE-2013-1701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1701 [ 74 ] CVE-2013-1702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1702 [ 75 ] CVE-2013-1704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1704 [ 76 ] CVE-2013-1705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1705 [ 77 ] CVE-2013-1707 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1707 [ 78 ] CVE-2013-1708 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1708 [ 79 ] CVE-2013-1709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1709 [ 80 ] CVE-2013-1710 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1710 [ 81 ] CVE-2013-1711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1711 [ 82 ] CVE-2013-1712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1712 [ 83 ] CVE-2013-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1713 [ 84 ] CVE-2013-1714 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1714 [ 85 ] CVE-2013-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1717 [ 86 ] CVE-2013-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1718 [ 87 ] CVE-2013-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1719 [ 88 ] CVE-2013-1720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1720 [ 89 ] CVE-2013-1722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1722 [ 90 ] CVE-2013-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1723 [ 91 ] CVE-2013-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1724 [ 92 ] CVE-2013-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1725 [ 93 ] CVE-2013-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1726 [ 94 ] CVE-2013-1728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1728 [ 95 ] CVE-2013-1730 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1730 [ 96 ] CVE-2013-1732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1732 [ 97 ] CVE-2013-1735 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1735 [ 98 ] CVE-2013-1736 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1736 [ 99 ] CVE-2013-1737 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1737 [ 100 ] CVE-2013-1738 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1738
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201309-23.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: firefox security update Advisory ID: RHSA-2013:0696-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0696.html Issue date: 2013-04-02 CVE Names: CVE-2013-0788 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 =====================================================================
- Summary:
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0788)
A flaw was found in the way Same Origin Wrappers were implemented in Firefox. (CVE-2013-0795)
A flaw was found in the embedded WebGL library in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Note: This issue only affected systems using the Intel Mesa graphics drivers. (CVE-2013-0796)
An out-of-bounds write flaw was found in the embedded Cairo library in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0800)
A flaw was found in the way Firefox handled the JavaScript history functions. A malicious site could cause a web page to be displayed that has a baseURI pointing to a different site, allowing cross-site scripting (XSS) and phishing attacks. (CVE-2013-0793)
Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic, Joe Drew, Cody Crews, miaubiz, Abhishek Arya, and Mariusz Mlynski as the original reporters of these issues.
For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 17.0.5 ESR. You can find a link to the Mozilla advisories in the References section of this erratum.
All Firefox users should upgrade to these updated packages, which contain Firefox version 17.0.5 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Bugs fixed (http://bugzilla.redhat.com/):
946927 - CVE-2013-0788 Mozilla: Miscellaneous memory safety hazards (rv:17.0.5) (MFSA 2013-30) 946929 - CVE-2013-0800 Mozilla: Out-of-bounds write in Cairo library (MFSA 2013-31) 946931 - CVE-2013-0796 Mozilla: WebGL crash with Mesa graphics driver on Linux (MFSA 2013-35) 946932 - CVE-2013-0795 Mozilla: Bypass of SOW protections allows cloning of protected nodes (MFSA 2013-36) 946935 - CVE-2013-0793 Mozilla: Cross-site scripting (XSS) using timed history navigations (MFSA 2013-38)
- Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-17.0.5-1.el5_9.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-17.0.5-1.el5_9.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-17.0.5-1.el5_9.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-17.0.5-1.el5_9.src.rpm
i386: firefox-17.0.5-1.el5_9.i386.rpm firefox-17.0.5-1.el5_9.i386.rpm firefox-debuginfo-17.0.5-1.el5_9.i386.rpm firefox-debuginfo-17.0.5-1.el5_9.i386.rpm xulrunner-17.0.5-1.el5_9.i386.rpm xulrunner-17.0.5-1.el5_9.i386.rpm xulrunner-debuginfo-17.0.5-1.el5_9.i386.rpm xulrunner-debuginfo-17.0.5-1.el5_9.i386.rpm
x86_64: firefox-17.0.5-1.el5_9.i386.rpm firefox-17.0.5-1.el5_9.i386.rpm firefox-17.0.5-1.el5_9.x86_64.rpm firefox-17.0.5-1.el5_9.x86_64.rpm firefox-debuginfo-17.0.5-1.el5_9.i386.rpm firefox-debuginfo-17.0.5-1.el5_9.i386.rpm firefox-debuginfo-17.0.5-1.el5_9.x86_64.rpm firefox-debuginfo-17.0.5-1.el5_9.x86_64.rpm xulrunner-17.0.5-1.el5_9.i386.rpm xulrunner-17.0.5-1.el5_9.i386.rpm xulrunner-17.0.5-1.el5_9.x86_64.rpm xulrunner-17.0.5-1.el5_9.x86_64.rpm xulrunner-debuginfo-17.0.5-1.el5_9.i386.rpm xulrunner-debuginfo-17.0.5-1.el5_9.i386.rpm xulrunner-debuginfo-17.0.5-1.el5_9.x86_64.rpm xulrunner-debuginfo-17.0.5-1.el5_9.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-17.0.5-1.el5_9.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-17.0.5-1.el5_9.src.rpm
i386: xulrunner-debuginfo-17.0.5-1.el5_9.i386.rpm xulrunner-debuginfo-17.0.5-1.el5_9.i386.rpm xulrunner-devel-17.0.5-1.el5_9.i386.rpm xulrunner-devel-17.0.5-1.el5_9.i386.rpm
x86_64: xulrunner-debuginfo-17.0.5-1.el5_9.i386.rpm xulrunner-debuginfo-17.0.5-1.el5_9.i386.rpm xulrunner-debuginfo-17.0.5-1.el5_9.x86_64.rpm xulrunner-debuginfo-17.0.5-1.el5_9.x86_64.rpm xulrunner-devel-17.0.5-1.el5_9.i386.rpm xulrunner-devel-17.0.5-1.el5_9.i386.rpm xulrunner-devel-17.0.5-1.el5_9.x86_64.rpm xulrunner-devel-17.0.5-1.el5_9.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-17.0.5-1.el5_9.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-17.0.5-1.el5_9.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-17.0.5-1.el5_9.src.rpm
i386: firefox-17.0.5-1.el5_9.i386.rpm firefox-17.0.5-1.el5_9.i386.rpm firefox-debuginfo-17.0.5-1.el5_9.i386.rpm firefox-debuginfo-17.0.5-1.el5_9.i386.rpm xulrunner-17.0.5-1.el5_9.i386.rpm xulrunner-debuginfo-17.0.5-1.el5_9.i386.rpm xulrunner-debuginfo-17.0.5-1.el5_9.i386.rpm xulrunner-devel-17.0.5-1.el5_9.i386.rpm xulrunner-devel-17.0.5-1.el5_9.i386.rpm
ia64: firefox-17.0.5-1.el5_9.ia64.rpm firefox-17.0.5-1.el5_9.ia64.rpm firefox-debuginfo-17.0.5-1.el5_9.ia64.rpm firefox-debuginfo-17.0.5-1.el5_9.ia64.rpm xulrunner-17.0.5-1.el5_9.ia64.rpm xulrunner-debuginfo-17.0.5-1.el5_9.ia64.rpm xulrunner-debuginfo-17.0.5-1.el5_9.ia64.rpm xulrunner-devel-17.0.5-1.el5_9.ia64.rpm xulrunner-devel-17.0.5-1.el5_9.ia64.rpm
ppc: firefox-17.0.5-1.el5_9.ppc.rpm firefox-17.0.5-1.el5_9.ppc.rpm firefox-debuginfo-17.0.5-1.el5_9.ppc.rpm firefox-debuginfo-17.0.5-1.el5_9.ppc.rpm xulrunner-17.0.5-1.el5_9.ppc.rpm xulrunner-17.0.5-1.el5_9.ppc64.rpm xulrunner-debuginfo-17.0.5-1.el5_9.ppc.rpm xulrunner-debuginfo-17.0.5-1.el5_9.ppc.rpm xulrunner-debuginfo-17.0.5-1.el5_9.ppc64.rpm xulrunner-debuginfo-17.0.5-1.el5_9.ppc64.rpm xulrunner-devel-17.0.5-1.el5_9.ppc.rpm xulrunner-devel-17.0.5-1.el5_9.ppc64.rpm
s390x: firefox-17.0.5-1.el5_9.s390.rpm firefox-17.0.5-1.el5_9.s390.rpm firefox-17.0.5-1.el5_9.s390x.rpm firefox-17.0.5-1.el5_9.s390x.rpm firefox-debuginfo-17.0.5-1.el5_9.s390.rpm firefox-debuginfo-17.0.5-1.el5_9.s390.rpm firefox-debuginfo-17.0.5-1.el5_9.s390x.rpm firefox-debuginfo-17.0.5-1.el5_9.s390x.rpm xulrunner-17.0.5-1.el5_9.s390.rpm xulrunner-17.0.5-1.el5_9.s390x.rpm xulrunner-debuginfo-17.0.5-1.el5_9.s390.rpm xulrunner-debuginfo-17.0.5-1.el5_9.s390.rpm xulrunner-debuginfo-17.0.5-1.el5_9.s390x.rpm xulrunner-debuginfo-17.0.5-1.el5_9.s390x.rpm xulrunner-devel-17.0.5-1.el5_9.s390.rpm xulrunner-devel-17.0.5-1.el5_9.s390x.rpm
x86_64: firefox-17.0.5-1.el5_9.i386.rpm firefox-17.0.5-1.el5_9.i386.rpm firefox-17.0.5-1.el5_9.x86_64.rpm firefox-17.0.5-1.el5_9.x86_64.rpm firefox-debuginfo-17.0.5-1.el5_9.i386.rpm firefox-debuginfo-17.0.5-1.el5_9.i386.rpm firefox-debuginfo-17.0.5-1.el5_9.x86_64.rpm firefox-debuginfo-17.0.5-1.el5_9.x86_64.rpm xulrunner-17.0.5-1.el5_9.i386.rpm xulrunner-17.0.5-1.el5_9.x86_64.rpm xulrunner-debuginfo-17.0.5-1.el5_9.i386.rpm xulrunner-debuginfo-17.0.5-1.el5_9.i386.rpm xulrunner-debuginfo-17.0.5-1.el5_9.x86_64.rpm xulrunner-debuginfo-17.0.5-1.el5_9.x86_64.rpm xulrunner-devel-17.0.5-1.el5_9.i386.rpm xulrunner-devel-17.0.5-1.el5_9.i386.rpm xulrunner-devel-17.0.5-1.el5_9.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-17.0.5-1.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-17.0.5-1.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm
i386: firefox-17.0.5-1.el6_4.i686.rpm firefox-17.0.5-1.el6_4.i686.rpm firefox-debuginfo-17.0.5-1.el6_4.i686.rpm firefox-debuginfo-17.0.5-1.el6_4.i686.rpm xulrunner-17.0.5-1.el6_4.i686.rpm xulrunner-17.0.5-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm
x86_64: firefox-17.0.5-1.el6_4.i686.rpm firefox-17.0.5-1.el6_4.i686.rpm firefox-17.0.5-1.el6_4.x86_64.rpm firefox-17.0.5-1.el6_4.x86_64.rpm firefox-debuginfo-17.0.5-1.el6_4.i686.rpm firefox-debuginfo-17.0.5-1.el6_4.i686.rpm firefox-debuginfo-17.0.5-1.el6_4.x86_64.rpm firefox-debuginfo-17.0.5-1.el6_4.x86_64.rpm xulrunner-17.0.5-1.el6_4.i686.rpm xulrunner-17.0.5-1.el6_4.i686.rpm xulrunner-17.0.5-1.el6_4.x86_64.rpm xulrunner-17.0.5-1.el6_4.x86_64.rpm xulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm xulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm
i386: xulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm xulrunner-devel-17.0.5-1.el6_4.i686.rpm xulrunner-devel-17.0.5-1.el6_4.i686.rpm
x86_64: xulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm xulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm xulrunner-devel-17.0.5-1.el6_4.i686.rpm xulrunner-devel-17.0.5-1.el6_4.i686.rpm xulrunner-devel-17.0.5-1.el6_4.x86_64.rpm xulrunner-devel-17.0.5-1.el6_4.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-17.0.5-1.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-17.0.5-1.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm
x86_64: firefox-17.0.5-1.el6_4.i686.rpm firefox-17.0.5-1.el6_4.i686.rpm firefox-17.0.5-1.el6_4.x86_64.rpm firefox-17.0.5-1.el6_4.x86_64.rpm firefox-debuginfo-17.0.5-1.el6_4.i686.rpm firefox-debuginfo-17.0.5-1.el6_4.i686.rpm firefox-debuginfo-17.0.5-1.el6_4.x86_64.rpm firefox-debuginfo-17.0.5-1.el6_4.x86_64.rpm xulrunner-17.0.5-1.el6_4.i686.rpm xulrunner-17.0.5-1.el6_4.i686.rpm xulrunner-17.0.5-1.el6_4.x86_64.rpm xulrunner-17.0.5-1.el6_4.x86_64.rpm xulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm xulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm xulrunner-devel-17.0.5-1.el6_4.i686.rpm xulrunner-devel-17.0.5-1.el6_4.i686.rpm xulrunner-devel-17.0.5-1.el6_4.x86_64.rpm xulrunner-devel-17.0.5-1.el6_4.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-17.0.5-1.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-17.0.5-1.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm
i386: firefox-17.0.5-1.el6_4.i686.rpm firefox-17.0.5-1.el6_4.i686.rpm firefox-debuginfo-17.0.5-1.el6_4.i686.rpm firefox-debuginfo-17.0.5-1.el6_4.i686.rpm xulrunner-17.0.5-1.el6_4.i686.rpm xulrunner-17.0.5-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm
ppc64: firefox-17.0.5-1.el6_4.ppc.rpm firefox-17.0.5-1.el6_4.ppc.rpm firefox-17.0.5-1.el6_4.ppc64.rpm firefox-17.0.5-1.el6_4.ppc64.rpm firefox-debuginfo-17.0.5-1.el6_4.ppc.rpm firefox-debuginfo-17.0.5-1.el6_4.ppc.rpm firefox-debuginfo-17.0.5-1.el6_4.ppc64.rpm firefox-debuginfo-17.0.5-1.el6_4.ppc64.rpm xulrunner-17.0.5-1.el6_4.ppc.rpm xulrunner-17.0.5-1.el6_4.ppc.rpm xulrunner-17.0.5-1.el6_4.ppc64.rpm xulrunner-17.0.5-1.el6_4.ppc64.rpm xulrunner-debuginfo-17.0.5-1.el6_4.ppc.rpm xulrunner-debuginfo-17.0.5-1.el6_4.ppc.rpm xulrunner-debuginfo-17.0.5-1.el6_4.ppc64.rpm xulrunner-debuginfo-17.0.5-1.el6_4.ppc64.rpm
s390x: firefox-17.0.5-1.el6_4.s390.rpm firefox-17.0.5-1.el6_4.s390.rpm firefox-17.0.5-1.el6_4.s390x.rpm firefox-17.0.5-1.el6_4.s390x.rpm firefox-debuginfo-17.0.5-1.el6_4.s390.rpm firefox-debuginfo-17.0.5-1.el6_4.s390.rpm firefox-debuginfo-17.0.5-1.el6_4.s390x.rpm firefox-debuginfo-17.0.5-1.el6_4.s390x.rpm xulrunner-17.0.5-1.el6_4.s390.rpm xulrunner-17.0.5-1.el6_4.s390.rpm xulrunner-17.0.5-1.el6_4.s390x.rpm xulrunner-17.0.5-1.el6_4.s390x.rpm xulrunner-debuginfo-17.0.5-1.el6_4.s390.rpm xulrunner-debuginfo-17.0.5-1.el6_4.s390.rpm xulrunner-debuginfo-17.0.5-1.el6_4.s390x.rpm xulrunner-debuginfo-17.0.5-1.el6_4.s390x.rpm
x86_64: firefox-17.0.5-1.el6_4.i686.rpm firefox-17.0.5-1.el6_4.i686.rpm firefox-17.0.5-1.el6_4.x86_64.rpm firefox-17.0.5-1.el6_4.x86_64.rpm firefox-debuginfo-17.0.5-1.el6_4.i686.rpm firefox-debuginfo-17.0.5-1.el6_4.i686.rpm firefox-debuginfo-17.0.5-1.el6_4.x86_64.rpm firefox-debuginfo-17.0.5-1.el6_4.x86_64.rpm xulrunner-17.0.5-1.el6_4.i686.rpm xulrunner-17.0.5-1.el6_4.i686.rpm xulrunner-17.0.5-1.el6_4.x86_64.rpm xulrunner-17.0.5-1.el6_4.x86_64.rpm xulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm xulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm
i386: xulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm xulrunner-devel-17.0.5-1.el6_4.i686.rpm xulrunner-devel-17.0.5-1.el6_4.i686.rpm
ppc64: xulrunner-debuginfo-17.0.5-1.el6_4.ppc.rpm xulrunner-debuginfo-17.0.5-1.el6_4.ppc.rpm xulrunner-debuginfo-17.0.5-1.el6_4.ppc64.rpm xulrunner-debuginfo-17.0.5-1.el6_4.ppc64.rpm xulrunner-devel-17.0.5-1.el6_4.ppc.rpm xulrunner-devel-17.0.5-1.el6_4.ppc.rpm xulrunner-devel-17.0.5-1.el6_4.ppc64.rpm xulrunner-devel-17.0.5-1.el6_4.ppc64.rpm
s390x: xulrunner-debuginfo-17.0.5-1.el6_4.s390.rpm xulrunner-debuginfo-17.0.5-1.el6_4.s390.rpm xulrunner-debuginfo-17.0.5-1.el6_4.s390x.rpm xulrunner-debuginfo-17.0.5-1.el6_4.s390x.rpm xulrunner-devel-17.0.5-1.el6_4.s390.rpm xulrunner-devel-17.0.5-1.el6_4.s390.rpm xulrunner-devel-17.0.5-1.el6_4.s390x.rpm xulrunner-devel-17.0.5-1.el6_4.s390x.rpm
x86_64: xulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm xulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm xulrunner-devel-17.0.5-1.el6_4.i686.rpm xulrunner-devel-17.0.5-1.el6_4.i686.rpm xulrunner-devel-17.0.5-1.el6_4.x86_64.rpm xulrunner-devel-17.0.5-1.el6_4.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-17.0.5-1.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-17.0.5-1.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm
i386: firefox-17.0.5-1.el6_4.i686.rpm firefox-17.0.5-1.el6_4.i686.rpm firefox-debuginfo-17.0.5-1.el6_4.i686.rpm firefox-debuginfo-17.0.5-1.el6_4.i686.rpm xulrunner-17.0.5-1.el6_4.i686.rpm xulrunner-17.0.5-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm
x86_64: firefox-17.0.5-1.el6_4.i686.rpm firefox-17.0.5-1.el6_4.i686.rpm firefox-17.0.5-1.el6_4.x86_64.rpm firefox-17.0.5-1.el6_4.x86_64.rpm firefox-debuginfo-17.0.5-1.el6_4.i686.rpm firefox-debuginfo-17.0.5-1.el6_4.i686.rpm firefox-debuginfo-17.0.5-1.el6_4.x86_64.rpm firefox-debuginfo-17.0.5-1.el6_4.x86_64.rpm xulrunner-17.0.5-1.el6_4.i686.rpm xulrunner-17.0.5-1.el6_4.i686.rpm xulrunner-17.0.5-1.el6_4.x86_64.rpm xulrunner-17.0.5-1.el6_4.x86_64.rpm xulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm xulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm
i386: xulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm xulrunner-devel-17.0.5-1.el6_4.i686.rpm xulrunner-devel-17.0.5-1.el6_4.i686.rpm
x86_64: xulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm xulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm xulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm xulrunner-devel-17.0.5-1.el6_4.i686.rpm xulrunner-devel-17.0.5-1.el6_4.i686.rpm xulrunner-devel-17.0.5-1.el6_4.x86_64.rpm xulrunner-devel-17.0.5-1.el6_4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2013-0788.html https://www.redhat.com/security/data/cve/CVE-2013-0793.html https://www.redhat.com/security/data/cve/CVE-2013-0795.html https://www.redhat.com/security/data/cve/CVE-2013-0796.html https://www.redhat.com/security/data/cve/CVE-2013-0800.html https://access.redhat.com/security/updates/classification/#critical http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRWzt5XlSAg2UNWIIRAobXAJ9/uirvEeOiGpegRbi/Fdtv9BRXUACeMYpK taMjOQZpo7Ea1JPyhBWhy7M= =2sCd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Note: All issues except CVE-2013-0800 cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. A crafted PNG image could use this flaw to leak data through rendered images drawing from random memory.
Security researcher Mariusz Mlynski reported a method to use browser navigations through history to load an arbitrary website with that page's baseURI property pointing to another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the browser. This allows violation of the browser's same origin policy and could also lead to privilege escalation and the execution of arbitrary code (CVE-2013-0795).
Security researcher miaubiz used the Address Sanitizer tool to discover a crash in WebGL rendering when memory is freed that has not previously been allocated. The resulting crash could be potentially exploitable (CVE-2013-0796). When certain values are passed to it during rendering, Cairo attempts to use negative boundaries or sizes for boxes, leading to a potentially exploitable crash in some instances (CVE-2013-0800).
Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code (CVE-2013-0788).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788 http://www.mozilla.org/security/announce/2013/mfsa2013-39.html http://www.mozilla.org/security/announce/2013/mfsa2013-38.html http://www.mozilla.org/security/announce/2013/mfsa2013-36.html http://www.mozilla.org/security/announce/2013/mfsa2013-35.html http://www.mozilla.org/security/announce/2013/mfsa2013-31.html http://www.mozilla.org/security/announce/2013/mfsa2013-30.html
Updated Packages:
Mandriva Enterprise Server 5: 0db2c1631a956f6147230a099f1d2d68 mes5/i586/firefox-17.0.5-0.1mdvmes5.2.i586.rpm b6accdf420ac5eb3dbea29d283fff049 mes5/i586/firefox-af-17.0.5-0.1mdvmes5.2.i586.rpm a434d7ee9d360c2b555873e8c93aac2a mes5/i586/firefox-ar-17.0.5-0.1mdvmes5.2.i586.rpm 3b64b73c7cb465fee179b140656a065d mes5/i586/firefox-be-17.0.5-0.1mdvmes5.2.i586.rpm 967b03abad307a338d0709df85e1ec1e mes5/i586/firefox-bg-17.0.5-0.1mdvmes5.2.i586.rpm 715fef97490152afcea942e32d9f8fae mes5/i586/firefox-bn-17.0.5-0.1mdvmes5.2.i586.rpm 46bac62630e189f9d6f7f2d90a5e1c4e mes5/i586/firefox-ca-17.0.5-0.1mdvmes5.2.i586.rpm 64143512420338cc54a073be91ccbf9d mes5/i586/firefox-cs-17.0.5-0.1mdvmes5.2.i586.rpm ba627030e474fb62caf34b2280e2432f mes5/i586/firefox-cy-17.0.5-0.1mdvmes5.2.i586.rpm d2ba69795c243c8aad3e56f1ba3190b4 mes5/i586/firefox-da-17.0.5-0.1mdvmes5.2.i586.rpm 81473710741c44e227e930f512a890d7 mes5/i586/firefox-de-17.0.5-0.1mdvmes5.2.i586.rpm 7d787c3a0eabf7b514083f267037cbdd mes5/i586/firefox-devel-17.0.5-0.1mdvmes5.2.i586.rpm f279d611e9a8233cec0090439e0bbc30 mes5/i586/firefox-el-17.0.5-0.1mdvmes5.2.i586.rpm 5ad88edccb4a8cb75d58464ed2201e2a mes5/i586/firefox-en_GB-17.0.5-0.1mdvmes5.2.i586.rpm 7c2bdafe6cf1219d33df634b40ca7f33 mes5/i586/firefox-eo-17.0.5-0.1mdvmes5.2.i586.rpm 6e8e3cc43e1b5326d886780d5409ff57 mes5/i586/firefox-es_AR-17.0.5-0.1mdvmes5.2.i586.rpm 8608ba9849ea4f56ac60475ccfc3acd7 mes5/i586/firefox-es_ES-17.0.5-0.1mdvmes5.2.i586.rpm b6de17fad95679a08dfc420f51d5e0fa mes5/i586/firefox-et-17.0.5-0.1mdvmes5.2.i586.rpm 7d5281fe391c7bcbc4f49369e00ce6f0 mes5/i586/firefox-eu-17.0.5-0.1mdvmes5.2.i586.rpm dfacd04856fb4529fb0ebdabbad374f9 mes5/i586/firefox-fi-17.0.5-0.1mdvmes5.2.i586.rpm b98f1800a67f8fec9dcbca77edd41ac4 mes5/i586/firefox-fr-17.0.5-0.1mdvmes5.2.i586.rpm eed03047da1e7642f207cb8821dbd95f mes5/i586/firefox-fy-17.0.5-0.1mdvmes5.2.i586.rpm 3f110cc8c73665a709b97bf554b835cc mes5/i586/firefox-ga_IE-17.0.5-0.1mdvmes5.2.i586.rpm 0ad55037b7527a452626a84dade35f56 mes5/i586/firefox-gl-17.0.5-0.1mdvmes5.2.i586.rpm e0272d903a0f8b1c938dded3626ac89a mes5/i586/firefox-gu_IN-17.0.5-0.1mdvmes5.2.i586.rpm 6bdc9c6edcc036122d131b6bf5a341ec mes5/i586/firefox-he-17.0.5-0.1mdvmes5.2.i586.rpm 8fd0ad163782a228e9176f1618dbae2f mes5/i586/firefox-hi-17.0.5-0.1mdvmes5.2.i586.rpm cef589c92b95defd03297a43a4a65e65 mes5/i586/firefox-hu-17.0.5-0.1mdvmes5.2.i586.rpm 6a4e24d1c59f774cab7ea341dedde5e5 mes5/i586/firefox-id-17.0.5-0.1mdvmes5.2.i586.rpm 617d63908bfa91b171a5e40acdfbb058 mes5/i586/firefox-is-17.0.5-0.1mdvmes5.2.i586.rpm 89d72f5231e362ffbcb74c5ebd9d2789 mes5/i586/firefox-it-17.0.5-0.1mdvmes5.2.i586.rpm 46e283185529cf7e3b55208e928d3e21 mes5/i586/firefox-ja-17.0.5-0.1mdvmes5.2.i586.rpm 9cb48d986cb94e843740461ccdc7e344 mes5/i586/firefox-kn-17.0.5-0.1mdvmes5.2.i586.rpm b4a30b6ae86cf07f9e15a5921ccf367c mes5/i586/firefox-ko-17.0.5-0.1mdvmes5.2.i586.rpm 447af559ce4a0a7cd0ff00ad81466966 mes5/i586/firefox-ku-17.0.5-0.1mdvmes5.2.i586.rpm f16fa703cc4611f42ef618a2709467ce mes5/i586/firefox-lt-17.0.5-0.1mdvmes5.2.i586.rpm f2f05879c892085be5d0fa4e9c787ae7 mes5/i586/firefox-lv-17.0.5-0.1mdvmes5.2.i586.rpm f166cef7eeae485e939a9964df355ffe mes5/i586/firefox-mk-17.0.5-0.1mdvmes5.2.i586.rpm a2d9533d98cd613ff49ace2dd3c4aaaf mes5/i586/firefox-mr-17.0.5-0.1mdvmes5.2.i586.rpm 04e604773ab19ad5060c53d906c7d222 mes5/i586/firefox-nb_NO-17.0.5-0.1mdvmes5.2.i586.rpm ea691e1ecd5cfac906a077614841100f mes5/i586/firefox-nl-17.0.5-0.1mdvmes5.2.i586.rpm 0b7dac86ef507b78504a6f507d2b82b6 mes5/i586/firefox-nn_NO-17.0.5-0.1mdvmes5.2.i586.rpm b5a1616579bd3804eb500a75aa9b040e mes5/i586/firefox-pa_IN-17.0.5-0.1mdvmes5.2.i586.rpm abca5b749f468af02e0d94e2c8b00ac1 mes5/i586/firefox-pl-17.0.5-0.1mdvmes5.2.i586.rpm 2585fe186ebb3b81ae4e3b4c4ed73442 mes5/i586/firefox-pt_BR-17.0.5-0.1mdvmes5.2.i586.rpm 416bbd1fc256861429b3fd78f7d83ef1 mes5/i586/firefox-pt_PT-17.0.5-0.1mdvmes5.2.i586.rpm 3d66426c2548c0ba2746c4c36a9db708 mes5/i586/firefox-ro-17.0.5-0.1mdvmes5.2.i586.rpm ae4fc0951b14c00d6656540e7d38e22e mes5/i586/firefox-ru-17.0.5-0.1mdvmes5.2.i586.rpm d323216cc380f286ff0c990062cdbd43 mes5/i586/firefox-si-17.0.5-0.1mdvmes5.2.i586.rpm a0edc229b50354a66d6c6152fc082395 mes5/i586/firefox-sk-17.0.5-0.1mdvmes5.2.i586.rpm 7d5edda5ddd9064dec3b85ecc7102f19 mes5/i586/firefox-sl-17.0.5-0.1mdvmes5.2.i586.rpm 277d4c09d495b4b8bb0c7e715761f267 mes5/i586/firefox-sq-17.0.5-0.1mdvmes5.2.i586.rpm 3d601400d0df895c73a5ebb064f4f016 mes5/i586/firefox-sr-17.0.5-0.1mdvmes5.2.i586.rpm f5f9e7bbe47f6fba7042f2bf5a61d28e mes5/i586/firefox-sv_SE-17.0.5-0.1mdvmes5.2.i586.rpm ec8dc022734c08dab5183405efa6d0c1 mes5/i586/firefox-te-17.0.5-0.1mdvmes5.2.i586.rpm 242b490062337f7f4f4b8169fb8c91d5 mes5/i586/firefox-th-17.0.5-0.1mdvmes5.2.i586.rpm 3f2fe42cd27e1c751513a561df7fb5a7 mes5/i586/firefox-tr-17.0.5-0.1mdvmes5.2.i586.rpm e5a6d7e6b9981687ca062526a14c7056 mes5/i586/firefox-uk-17.0.5-0.1mdvmes5.2.i586.rpm 8ad451f2a167af24160826bb6d054593 mes5/i586/firefox-zh_CN-17.0.5-0.1mdvmes5.2.i586.rpm 3d1c7ee791874a416ed2bf5847fa6ad7 mes5/i586/firefox-zh_TW-17.0.5-0.1mdvmes5.2.i586.rpm 0c338be36acdbe8c79655cfeac88627a mes5/i586/icedtea-web-1.3.1-0.3mdvmes5.2.i586.rpm 807123e3063f730d05282bf43f3dda6a mes5/i586/icedtea-web-javadoc-1.3.1-0.3mdvmes5.2.i586.rpm 7380860d463c5b198f74b592e51031f1 mes5/i586/libnspr4-4.9.6-0.1mdvmes5.2.i586.rpm 58137e16b3eb8e9655ceef99f4ec1fc7 mes5/i586/libnspr-devel-4.9.6-0.1mdvmes5.2.i586.rpm 6cb4ca4131bce6f48ff8d347ded8236d mes5/i586/libxulrunner17.0.5-17.0.5-0.1mdvmes5.2.i586.rpm 5c7ea7a5a52630606b7e71d61ac5c738 mes5/i586/libxulrunner-devel-17.0.5-0.1mdvmes5.2.i586.rpm 41f2f6022487aabc48b573620111b6b8 mes5/i586/xulrunner-17.0.5-0.1mdvmes5.2.i586.rpm 2a3a774ee0094a48cf108ed120ba227a mes5/SRPMS/firefox-17.0.5-0.1mdvmes5.2.src.rpm 58a810253d11b6af76cf1bcce6a3e7b4 mes5/SRPMS/firefox-l10n-17.0.5-0.1mdvmes5.2.src.rpm 5add3a80120b73f5ed97c9dd02837c58 mes5/SRPMS/icedtea-web-1.3.1-0.3mdvmes5.2.src.rpm 6d70b7e57cc741f0b587a1effee81fb4 mes5/SRPMS/nspr-4.9.6-0.1mdvmes5.2.src.rpm d7f835773038004ff8995ef676f8397e mes5/SRPMS/xulrunner-17.0.5-0.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64: 352b4b9c3ec49226611acfff2586132d mes5/x86_64/firefox-17.0.5-0.1mdvmes5.2.x86_64.rpm 29388b8d4da203e932710f8b98630932 mes5/x86_64/firefox-af-17.0.5-0.1mdvmes5.2.x86_64.rpm 35c9f59f4ce87eb7c64b89e60220ebb3 mes5/x86_64/firefox-ar-17.0.5-0.1mdvmes5.2.x86_64.rpm 204c1013d7e6d3925a73ff3c62ce6c14 mes5/x86_64/firefox-be-17.0.5-0.1mdvmes5.2.x86_64.rpm 43fdfdbedaf5a13fe6396775731a1835 mes5/x86_64/firefox-bg-17.0.5-0.1mdvmes5.2.x86_64.rpm d800fa786bef5538692c6b8fffb2f1b3 mes5/x86_64/firefox-bn-17.0.5-0.1mdvmes5.2.x86_64.rpm 74cb34c33f9d0f070338dd49332bbdd1 mes5/x86_64/firefox-ca-17.0.5-0.1mdvmes5.2.x86_64.rpm fca54be2cf51319542bca20cedf9dff6 mes5/x86_64/firefox-cs-17.0.5-0.1mdvmes5.2.x86_64.rpm 10b6de867fa24ab60c419fd9b314723c mes5/x86_64/firefox-cy-17.0.5-0.1mdvmes5.2.x86_64.rpm eb67b095d7490b5bc24c85bc8652fed9 mes5/x86_64/firefox-da-17.0.5-0.1mdvmes5.2.x86_64.rpm 7761e055af6b87172b2a05f9dc671d99 mes5/x86_64/firefox-de-17.0.5-0.1mdvmes5.2.x86_64.rpm b4ede22d5b768e082d47d2702fb71221 mes5/x86_64/firefox-devel-17.0.5-0.1mdvmes5.2.x86_64.rpm a359d0468b6217c59eb88771f2e799b2 mes5/x86_64/firefox-el-17.0.5-0.1mdvmes5.2.x86_64.rpm 4e58ae7627f5d6d0ba4d7c215c252611 mes5/x86_64/firefox-en_GB-17.0.5-0.1mdvmes5.2.x86_64.rpm 777062d66c8b57c59dc72c60bcade5aa mes5/x86_64/firefox-eo-17.0.5-0.1mdvmes5.2.x86_64.rpm c2b069c9c0105d85c5946f542204a7c7 mes5/x86_64/firefox-es_AR-17.0.5-0.1mdvmes5.2.x86_64.rpm 2a39a098a5b39dee19347f18c033f8c5 mes5/x86_64/firefox-es_ES-17.0.5-0.1mdvmes5.2.x86_64.rpm 412516e1b5a4b4b8b3a7eaf8d2b7806e mes5/x86_64/firefox-et-17.0.5-0.1mdvmes5.2.x86_64.rpm 5225e8ac59ee14a9fe5653e8afaa96b4 mes5/x86_64/firefox-eu-17.0.5-0.1mdvmes5.2.x86_64.rpm e91755da5dc3a6481ef5fd87b66dc2b3 mes5/x86_64/firefox-fi-17.0.5-0.1mdvmes5.2.x86_64.rpm 6c3c9ffddeb301345539516a2128870b mes5/x86_64/firefox-fr-17.0.5-0.1mdvmes5.2.x86_64.rpm f90bff71593d02e29a6801fb30196522 mes5/x86_64/firefox-fy-17.0.5-0.1mdvmes5.2.x86_64.rpm e36128274f24c1e3a905c6834dbd3431 mes5/x86_64/firefox-ga_IE-17.0.5-0.1mdvmes5.2.x86_64.rpm c1d8d7d3060a4a63ecf56e516d704322 mes5/x86_64/firefox-gl-17.0.5-0.1mdvmes5.2.x86_64.rpm fce3e57a97a18461e6784f27c9b5f982 mes5/x86_64/firefox-gu_IN-17.0.5-0.1mdvmes5.2.x86_64.rpm d567bdbe94970ce762fbbec34566271e mes5/x86_64/firefox-he-17.0.5-0.1mdvmes5.2.x86_64.rpm 68a74e20c4ee64127e275d443052a0aa mes5/x86_64/firefox-hi-17.0.5-0.1mdvmes5.2.x86_64.rpm 65eeb5076b7e049d2212f88e8e3a5d2b mes5/x86_64/firefox-hu-17.0.5-0.1mdvmes5.2.x86_64.rpm 7906c9372d2db0981a0f1fc5d068781f mes5/x86_64/firefox-id-17.0.5-0.1mdvmes5.2.x86_64.rpm 39174043fdecada0715aae758b111931 mes5/x86_64/firefox-is-17.0.5-0.1mdvmes5.2.x86_64.rpm 391b93959169588a74801efb2baeb048 mes5/x86_64/firefox-it-17.0.5-0.1mdvmes5.2.x86_64.rpm de1e0b1e3b0e2c1b91b3b9d8250b042d mes5/x86_64/firefox-ja-17.0.5-0.1mdvmes5.2.x86_64.rpm c465364f97f2c2cb891ff5866f7b2048 mes5/x86_64/firefox-kn-17.0.5-0.1mdvmes5.2.x86_64.rpm dd25c3ffde3ac083a3bd439855ab9e66 mes5/x86_64/firefox-ko-17.0.5-0.1mdvmes5.2.x86_64.rpm 0af917c3141a800843563b56e634e4b9 mes5/x86_64/firefox-ku-17.0.5-0.1mdvmes5.2.x86_64.rpm d17896516e04d7b2483c449c07018c1a mes5/x86_64/firefox-lt-17.0.5-0.1mdvmes5.2.x86_64.rpm e7925f0f39dd9cc0be8e390ff5b2511a mes5/x86_64/firefox-lv-17.0.5-0.1mdvmes5.2.x86_64.rpm aa7dada147bc0ee6e14de44582148245 mes5/x86_64/firefox-mk-17.0.5-0.1mdvmes5.2.x86_64.rpm 12eeadd008b58a4c51c396a3296c6876 mes5/x86_64/firefox-mr-17.0.5-0.1mdvmes5.2.x86_64.rpm 6043540a8e8edd39b06c8dbde4bbac6a mes5/x86_64/firefox-nb_NO-17.0.5-0.1mdvmes5.2.x86_64.rpm 0967142165225c2d0cde356bdf91af38 mes5/x86_64/firefox-nl-17.0.5-0.1mdvmes5.2.x86_64.rpm fe4d07e0a85ee4cf0a3ed65c4a24e561 mes5/x86_64/firefox-nn_NO-17.0.5-0.1mdvmes5.2.x86_64.rpm 18c355a3a4ecbed10dd933a2c0cee658 mes5/x86_64/firefox-pa_IN-17.0.5-0.1mdvmes5.2.x86_64.rpm fdb47ab94213fde94caca5c0e956ad0a mes5/x86_64/firefox-pl-17.0.5-0.1mdvmes5.2.x86_64.rpm 26659783f49eb63504f8240af15c46ef mes5/x86_64/firefox-pt_BR-17.0.5-0.1mdvmes5.2.x86_64.rpm 003887926df53eea9cd2c728ce2f2613 mes5/x86_64/firefox-pt_PT-17.0.5-0.1mdvmes5.2.x86_64.rpm f26a734cc64f5630d5763501789af036 mes5/x86_64/firefox-ro-17.0.5-0.1mdvmes5.2.x86_64.rpm 2055c8a4b5ab208de8bb7fc03df6f6ad mes5/x86_64/firefox-ru-17.0.5-0.1mdvmes5.2.x86_64.rpm eb5a279167efdded2ec946f1174885da mes5/x86_64/firefox-si-17.0.5-0.1mdvmes5.2.x86_64.rpm 0884722ce24c5dc947a1693b72ab87a8 mes5/x86_64/firefox-sk-17.0.5-0.1mdvmes5.2.x86_64.rpm 9ec578bd6111680976755026eee9736f mes5/x86_64/firefox-sl-17.0.5-0.1mdvmes5.2.x86_64.rpm d3ed346a9201d1c43ec0addd91404407 mes5/x86_64/firefox-sq-17.0.5-0.1mdvmes5.2.x86_64.rpm 7a3c688c303f03f13d370e078ef527d8 mes5/x86_64/firefox-sr-17.0.5-0.1mdvmes5.2.x86_64.rpm 679acfed547f9ed80a7515a4ac955990 mes5/x86_64/firefox-sv_SE-17.0.5-0.1mdvmes5.2.x86_64.rpm 94bf66782b9ffd747482d41526527b5f mes5/x86_64/firefox-te-17.0.5-0.1mdvmes5.2.x86_64.rpm 9b37e1edaa79527f9bb7159e39be108c mes5/x86_64/firefox-th-17.0.5-0.1mdvmes5.2.x86_64.rpm 2a6557c6d334dc4020f3cd2ba2235a0d mes5/x86_64/firefox-tr-17.0.5-0.1mdvmes5.2.x86_64.rpm c95479524cf439150d838ecd163e7040 mes5/x86_64/firefox-uk-17.0.5-0.1mdvmes5.2.x86_64.rpm aa31ef1321eff4e86d98acfac020fb25 mes5/x86_64/firefox-zh_CN-17.0.5-0.1mdvmes5.2.x86_64.rpm d539dfb331ec70a69828f7665686d9b0 mes5/x86_64/firefox-zh_TW-17.0.5-0.1mdvmes5.2.x86_64.rpm 2028cbbf55353a75366c9cb191efd67c mes5/x86_64/icedtea-web-1.3.1-0.3mdvmes5.2.x86_64.rpm 734ae27edc8c1026bca9947d70fd3fb7 mes5/x86_64/icedtea-web-javadoc-1.3.1-0.3mdvmes5.2.x86_64.rpm be78699f862f4a1d199248510e20ce1b mes5/x86_64/lib64nspr4-4.9.6-0.1mdvmes5.2.x86_64.rpm f62ab4de8ca959c4ff3990c92ea2427b mes5/x86_64/lib64nspr-devel-4.9.6-0.1mdvmes5.2.x86_64.rpm e94bbf818cfa59f67f7e5e75daf2726d mes5/x86_64/lib64xulrunner17.0.5-17.0.5-0.1mdvmes5.2.x86_64.rpm aecb7c59434a3330e7cb64bb6e7d902c mes5/x86_64/lib64xulrunner-devel-17.0.5-0.1mdvmes5.2.x86_64.rpm 531f21b03dbffa6024943663c1ba9e64 mes5/x86_64/xulrunner-17.0.5-0.1mdvmes5.2.x86_64.rpm 2a3a774ee0094a48cf108ed120ba227a mes5/SRPMS/firefox-17.0.5-0.1mdvmes5.2.src.rpm 58a810253d11b6af76cf1bcce6a3e7b4 mes5/SRPMS/firefox-l10n-17.0.5-0.1mdvmes5.2.src.rpm 5add3a80120b73f5ed97c9dd02837c58 mes5/SRPMS/icedtea-web-1.3.1-0.3mdvmes5.2.src.rpm 6d70b7e57cc741f0b587a1effee81fb4 mes5/SRPMS/nspr-4.9.6-0.1mdvmes5.2.src.rpm d7f835773038004ff8995ef676f8397e mes5/SRPMS/xulrunner-17.0.5-0.1mdvmes5.2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFRZBk1mqjQ0CJFipgRAplSAJ44faYKLDitsBC24gBnRhdQycVEmgCgq1FV wMd/SGhxwMMZZ8YXJEH7z9g= =83zI -----END PGP SIGNATURE-----
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.9,
"vendor": "mozilla",
"version": "2.1"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.9,
"vendor": "mozilla",
"version": "2.11"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.9,
"vendor": "mozilla",
"version": "2.4"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.9,
"vendor": "mozilla",
"version": "2.2"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.9,
"vendor": "mozilla",
"version": "2.3"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.9,
"vendor": "mozilla",
"version": "2.12"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.9,
"vendor": "mozilla",
"version": "2.13.1"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.0.11"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.0.5"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.7.1"
},
{
"_id": null,
"model": "thunderbird esr",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "17.0.1"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "17.0.4"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.15"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.0.10"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "17.0.1"
},
{
"_id": null,
"model": "thunderbird esr",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "17.0.4"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.5"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.10"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.0.13"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.0.14"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.0.9"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.0.12"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.0"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.0.2"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.0.4"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.0.3"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "17.0.3"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.0.6"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "19.0"
},
{
"_id": null,
"model": "thunderbird esr",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "17.0.3"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.14"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.0.7"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.9"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.13.2"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "17.0.2"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.6"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.0.1"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "17.0"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.7.2"
},
{
"_id": null,
"model": "thunderbird esr",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "17.0.2"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.0.8"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.13"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "17.0"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.16"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.8"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.16.1"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.3,
"vendor": "mozilla",
"version": "2.7"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.6.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "17.0.3"
},
{
"_id": null,
"model": "thunderbird esr",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "17.0"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "19.0.1"
},
{
"_id": null,
"model": "firefox",
"scope": "lte",
"trust": 1.0,
"vendor": "mozilla",
"version": "19.0.2"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.4.1"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.3.2"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "17.0.1"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.3.1"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.16.2"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.3.3"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.17"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "17.0.2"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "17.0.4"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.15.2"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.15.1"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.9.1"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.12.1"
},
{
"_id": null,
"model": "seamonkey",
"scope": "lte",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.17"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "2.10.1"
},
{
"_id": null,
"model": "firefox",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "20.0"
},
{
"_id": null,
"model": "firefox esr",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "17.0.5"
},
{
"_id": null,
"model": "seamonkey",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "2.17"
},
{
"_id": null,
"model": "thunderbird",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "17.0.5"
},
{
"_id": null,
"model": "thunderbird esr",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "17.0.5"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "13.0"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.5"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.6"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.21-21"
},
{
"_id": null,
"model": "firefox esr",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.1"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.8"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.9"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"_id": null,
"model": "thunderbird esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.2"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.1.2"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.8"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.1.9"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "4.0.1"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.19"
},
{
"_id": null,
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.4"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.9"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.7"
},
{
"_id": null,
"model": "browser avant browser build",
"scope": "ne",
"trust": 0.3,
"vendor": "avant",
"version": "2013107"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.7"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.2"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.17"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "14.0"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "11.0"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.11"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.4"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.2"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.6"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.12"
},
{
"_id": null,
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.9"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.8"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.16"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.4"
},
{
"_id": null,
"model": "thunderbird esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.8"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "14.01"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.3"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.7"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.4.1"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.1.18"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.7"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.8"
},
{
"_id": null,
"model": "thunderbird esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.11"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "13.0"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7.3"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6.0.2"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.19"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.2"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.8"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.20"
},
{
"_id": null,
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.10"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "7.0.1"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.1.1"
},
{
"_id": null,
"model": "linux enterprise server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.9"
},
{
"_id": null,
"model": "thunderbird esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.5"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.3"
},
{
"_id": null,
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.9"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.10"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.3"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.2"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.17"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.1"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.16"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.10.1"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.1.6"
},
{
"_id": null,
"model": "thunderbird esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.7"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.1.17"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.14"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "8.0"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.7"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.17"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.13"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16.0.1"
},
{
"_id": null,
"model": "thunderbird esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.6"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.2"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.15"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.13"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.11"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.12"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.9"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.8"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.0.13"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "12.0"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.15"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.24"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.1"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6.0.2"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "8.0.1"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1"
},
{
"_id": null,
"model": "thunderbird esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.10"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "7.0.1"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.1.7"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.19"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.1.19"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.1.10"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.8"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.2"
},
{
"_id": null,
"model": "browser avant browser build",
"scope": "eq",
"trust": 0.3,
"vendor": "avant",
"version": "201312"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.3"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.18"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.18"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.6"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.4"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.23"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.1.3"
},
{
"_id": null,
"model": "browser avant browser build",
"scope": "eq",
"trust": 0.3,
"vendor": "avant",
"version": "201321"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.11"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.8"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9.1"
},
{
"_id": null,
"model": "thunderbird esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.3"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.19"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "8.0"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16.0.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.10"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.1.0"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.6"
},
{
"_id": null,
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.17"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.26"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "9.0.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "12.0"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.6"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.27"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.11"
},
{
"_id": null,
"model": "seamonkey",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.17"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.1"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.024"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0"
},
{
"_id": null,
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.2"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.4"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.13"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.5"
},
{
"_id": null,
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7.2"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.11"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9.2"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.5"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.2.2"
},
{
"_id": null,
"model": "thunderbird esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.12"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.6"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "15"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.5"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.8"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.9"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.9"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.14"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.7"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.7"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.3"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.9"
},
{
"_id": null,
"model": "firefox",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "20.0"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.5"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.8"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.2"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.11"
},
{
"_id": null,
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.8"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.15"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.19"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.15"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.4"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.18"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "12.2"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.3"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.6"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"_id": null,
"model": "thunderbird esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.4"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.6"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.16"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.6"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.10"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.20"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.5"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.25"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.5"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.11"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.1"
},
{
"_id": null,
"model": "linux enterprise server for vmware sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.13"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.6"
},
{
"_id": null,
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "15"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.5"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.5"
},
{
"_id": null,
"model": "linux enterprise server sp1 for vmware lt",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.22"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.9"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.5"
},
{
"_id": null,
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.3"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.7"
},
{
"_id": null,
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.18"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "19.0.2"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.1.15"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "12.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.5"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.6.1"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.8"
},
{
"_id": null,
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"_id": null,
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.2"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6.0"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.4"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.17"
},
{
"_id": null,
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.10"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.4"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.3"
},
{
"_id": null,
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1.1"
},
{
"_id": null,
"model": "productions pale moon",
"scope": "ne",
"trust": 0.3,
"vendor": "moonchild",
"version": "20.0.1"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.9"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"_id": null,
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.6"
},
{
"_id": null,
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.10"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.14"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "4.0"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.2.3"
},
{
"_id": null,
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.1"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "14"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16.0.2"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.3"
},
{
"_id": null,
"model": "productions pale moon",
"scope": "eq",
"trust": 0.3,
"vendor": "moonchild",
"version": "19.0"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.1.13"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.5"
},
{
"_id": null,
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.6"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.2"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.9"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.15"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7.1"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.23"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.2"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.1.5"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.1.12"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6.0"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.1.11"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.6"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.4"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.12"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.6"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.7"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "7.0"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.7"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.28"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.5"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6.0.1"
},
{
"_id": null,
"model": "h3c s7500e series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"_id": null,
"model": "seamonkey beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.1"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.10"
},
{
"_id": null,
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.2"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.3"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "14"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.10"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16.0.2"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "9.0"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.4"
},
{
"_id": null,
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.16"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.13"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.10"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.1"
},
{
"_id": null,
"model": "thunderbird",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.5"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.13"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.512"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.4"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.1.8"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.3"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.2"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.17"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.15"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"_id": null,
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.12"
},
{
"_id": null,
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.14"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "7.0"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.2"
},
{
"_id": null,
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.11"
},
{
"_id": null,
"model": "browser avant browser build",
"scope": "eq",
"trust": 0.3,
"vendor": "avant",
"version": "201317"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "12.3"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.22"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "5.0"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6.0.1"
},
{
"_id": null,
"model": "thunderbird esr",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.5"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.5"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.5"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.10"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.12"
},
{
"_id": null,
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.5"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "18.0"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.1.4"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.14"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.12"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.18"
},
{
"_id": null,
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "9.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "5.0.1"
},
{
"_id": null,
"model": "linux enterprise server sp1 ltss",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "5"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.2"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.19"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.16"
},
{
"_id": null,
"model": "thunderbird esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.9"
},
{
"_id": null,
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.2"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.5"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.3"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "7"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.7"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.4"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.12"
},
{
"_id": null,
"model": "productions pale moon",
"scope": "eq",
"trust": 0.3,
"vendor": "moonchild",
"version": "19.0.2"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.10"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.10"
},
{
"_id": null,
"model": "linux enterprise sdk sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"_id": null,
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.6"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "5"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7"
},
{
"_id": null,
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.4"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "5.0"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.21"
},
{
"_id": null,
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "15.0.1"
},
{
"_id": null,
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.3"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.18"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.8"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.8"
},
{
"_id": null,
"model": "enterprise linux optional productivity application server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.8"
},
{
"_id": null,
"model": "scale out network attached storage",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.21-20"
},
{
"_id": null,
"model": "firefox beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.01"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.020"
},
{
"_id": null,
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.3"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.14"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.6"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.1"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.2"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.4"
},
{
"_id": null,
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"_id": null,
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.3"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.8"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.10"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.8"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.13"
},
{
"_id": null,
"model": "productions pale moon",
"scope": "eq",
"trust": 0.3,
"vendor": "moonchild",
"version": "19.0.1"
},
{
"_id": null,
"model": "linux enterprise desktop sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "11.0"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "14.0"
},
{
"_id": null,
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"_id": null,
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.11"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "linux enterprise desktop sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "firefox esr",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.12"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.2"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9.3"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.16"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.1.14"
},
{
"_id": null,
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.4"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.1.16"
},
{
"_id": null,
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.19"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.99"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.7"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.2"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.14"
},
{
"_id": null,
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.7"
}
],
"sources": [
{
"db": "BID",
"id": "58837"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-047"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002129"
},
{
"db": "NVD",
"id": "CVE-2013-0793"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mozilla:firefox",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mozilla:firefox_esr",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mozilla:seamonkey",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mozilla:thunderbird",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mozilla:thunderbird_esr",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002129"
}
]
},
"credits": {
"_id": null,
"data": "Mariusz Mlynski",
"sources": [
{
"db": "BID",
"id": "58837"
}
],
"trust": 0.3
},
"cve": "CVE-2013-0793",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2013-0793",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-0793",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-0793",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201304-047",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-047"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002129"
},
{
"db": "NVD",
"id": "CVE-2013-0793"
}
]
},
"description": {
"_id": null,
"data": "Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote attackers to conduct cross-site scripting (XSS) attacks or phishing attacks by leveraging control over navigation timing. Mozilla Firefox, SeaMonkey, and Thunderbird are prone to a cross-site scripting vulnerability. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nNote: This issue was previously discussed in BID 58818 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2013-30 through -40 Multiple Vulnerabilities), but has been moved to its own record to better document it. \nThe issue is fixed in:\nFirefox 20.0\nFirefox ESR 17.0.5\nThunderbird 17.0.5\nThunderbird ESR 17.0.5\nSeaMonkey 2.17. ============================================================================\nUbuntu Security Notice USN-1786-2\nApril 04, 2013\n\nunity-firefox-extension update\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.10\n\nSummary:\n\nThis update provides a compatible version of Unity Firefox Extension for\nFirefox 20. \n\nSoftware Description:\n- unity-firefox-extension: Unity Integration for Firefox\n\nDetails:\n\nUSN-1786-1 fixed vulnerabilities in Firefox. (CVE-2013-0788, CVE-2013-0789)\n \n Ambroz Bizjak discovered an out-of-bounds array read in the\n CERT_DecodeCertPackage function of the Network Security Services (NSS)\n libary when decoding certain certificates. An attacker could potentially\n exploit this to cause a denial of service via application crash. \n (CVE-2013-0791)\n \n Tobias Schula discovered an information leak in Firefox when the\n gfx.color_management.enablev4 preference is enabled. If the user were\n tricked into opening a specially crafted image, an attacker could\n potentially exploit this to steal confidential data. By default, the\n gfx.color_management.enablev4 preference is not enabled in Ubuntu. \n (CVE-2013-0792)\n \n Mariusz Mlynski discovered that timed history navigations could be used to\n load arbitrary websites with the wrong URL displayed in the addressbar. (CVE-2013-0793)\n \n It was discovered that the origin indication on tab-modal dialog boxes\n could be removed, which could allow an attacker\u0027s dialog to be displayed\n over another sites content. An attacker could exploit this to conduct\n phishing attacks. (CVE-2013-0794)\n \n Cody Crews discovered that the cloneNode method could be used to\n bypass System Only Wrappers (SOW) to clone a protected node and bypass\n same-origin policy checks. (CVE-2013-0795)\n \n A crash in WebGL rendering was discovered in Firefox. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201309-23\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Mozilla Products: Multiple vulnerabilities\n Date: September 27, 2013\n Bugs: #450940, #458390, #460818, #464226, #469868, #474758,\n #479968, #485258\n ID: 201309-23\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Mozilla Firefox,\nThunderbird, and SeaMonkey, some of which may allow a remote user to\nexecute arbitrary code. The\nSeaMonkey project is a community effort to deliver production-quality\nreleases of code derived from the application formerly known as the\n\u0027Mozilla Application Suite\u0027. Please review the CVE identifiers\nreferenced below for details. Further, a remote attacker could conduct\nXSS attacks, spoof URLs, bypass address space layout randomization,\nconduct clickjacking attacks, obtain potentially sensitive information,\nbypass access restrictions, modify the local filesystem, or conduct\nother unspecified attacks. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Mozilla Firefox users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-17.0.9\"\n\nAll users of the Mozilla Firefox binary package should upgrade to the\nlatest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-bin-17.0.9\"\n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=mail-client/thunderbird-17.0.9\"=\n\n\nAll users of the Mozilla Thunderbird binary package should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-bin-17.0.9\"\n\nAll SeaMonkey users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/seamonkey-2.21\"\n\nAll users of the Mozilla SeaMonkey binary package should upgrade to the\nlatest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/seamonkey-bin-2.21\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-0744\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0744\n[ 2 ] CVE-2013-0745\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0745\n[ 3 ] CVE-2013-0746\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0746\n[ 4 ] CVE-2013-0747\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0747\n[ 5 ] CVE-2013-0748\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0748\n[ 6 ] CVE-2013-0749\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0749\n[ 7 ] CVE-2013-0750\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0750\n[ 8 ] CVE-2013-0751\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0751\n[ 9 ] CVE-2013-0752\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0752\n[ 10 ] CVE-2013-0753\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0753\n[ 11 ] CVE-2013-0754\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0754\n[ 12 ] CVE-2013-0755\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0755\n[ 13 ] CVE-2013-0756\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0756\n[ 14 ] CVE-2013-0757\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0757\n[ 15 ] CVE-2013-0758\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0758\n[ 16 ] CVE-2013-0759\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0759\n[ 17 ] CVE-2013-0760\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0760\n[ 18 ] CVE-2013-0761\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0761\n[ 19 ] CVE-2013-0762\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0762\n[ 20 ] CVE-2013-0763\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0763\n[ 21 ] CVE-2013-0764\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0764\n[ 22 ] CVE-2013-0765\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0765\n[ 23 ] CVE-2013-0766\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0766\n[ 24 ] CVE-2013-0767\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0767\n[ 25 ] CVE-2013-0768\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0768\n[ 26 ] CVE-2013-0769\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0769\n[ 27 ] CVE-2013-0770\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0770\n[ 28 ] CVE-2013-0771\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0771\n[ 29 ] CVE-2013-0772\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0772\n[ 30 ] CVE-2013-0773\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0773\n[ 31 ] CVE-2013-0774\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0774\n[ 32 ] CVE-2013-0775\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0775\n[ 33 ] CVE-2013-0776\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0776\n[ 34 ] CVE-2013-0777\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0777\n[ 35 ] CVE-2013-0778\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0778\n[ 36 ] CVE-2013-0779\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0779\n[ 37 ] CVE-2013-0780\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0780\n[ 38 ] CVE-2013-0781\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0781\n[ 39 ] CVE-2013-0782\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0782\n[ 40 ] CVE-2013-0783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0783\n[ 41 ] CVE-2013-0784\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0784\n[ 42 ] CVE-2013-0787\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0787\n[ 43 ] CVE-2013-0788\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0788\n[ 44 ] CVE-2013-0789\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0789\n[ 45 ] CVE-2013-0791\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0791\n[ 46 ] CVE-2013-0792\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0792\n[ 47 ] CVE-2013-0793\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0793\n[ 48 ] CVE-2013-0794\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0794\n[ 49 ] CVE-2013-0795\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0795\n[ 50 ] CVE-2013-0796\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0796\n[ 51 ] CVE-2013-0797\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0797\n[ 52 ] CVE-2013-0799\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0799\n[ 53 ] CVE-2013-0800\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0800\n[ 54 ] CVE-2013-0801\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0801\n[ 55 ] CVE-2013-1670\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1670\n[ 56 ] CVE-2013-1671\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1671\n[ 57 ] CVE-2013-1674\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1674\n[ 58 ] CVE-2013-1675\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1675\n[ 59 ] CVE-2013-1676\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1676\n[ 60 ] CVE-2013-1677\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1677\n[ 61 ] CVE-2013-1678\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1678\n[ 62 ] CVE-2013-1679\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1679\n[ 63 ] CVE-2013-1680\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1680\n[ 64 ] CVE-2013-1681\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1681\n[ 65 ] CVE-2013-1682\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1682\n[ 66 ] CVE-2013-1684\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1684\n[ 67 ] CVE-2013-1687\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1687\n[ 68 ] CVE-2013-1690\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1690\n[ 69 ] CVE-2013-1692\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1692\n[ 70 ] CVE-2013-1693\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1693\n[ 71 ] CVE-2013-1694\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1694\n[ 72 ] CVE-2013-1697\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1697\n[ 73 ] CVE-2013-1701\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1701\n[ 74 ] CVE-2013-1702\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1702\n[ 75 ] CVE-2013-1704\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1704\n[ 76 ] CVE-2013-1705\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1705\n[ 77 ] CVE-2013-1707\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1707\n[ 78 ] CVE-2013-1708\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1708\n[ 79 ] CVE-2013-1709\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1709\n[ 80 ] CVE-2013-1710\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1710\n[ 81 ] CVE-2013-1711\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1711\n[ 82 ] CVE-2013-1712\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1712\n[ 83 ] CVE-2013-1713\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1713\n[ 84 ] CVE-2013-1714\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1714\n[ 85 ] CVE-2013-1717\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1717\n[ 86 ] CVE-2013-1718\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1718\n[ 87 ] CVE-2013-1719\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1719\n[ 88 ] CVE-2013-1720\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1720\n[ 89 ] CVE-2013-1722\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1722\n[ 90 ] CVE-2013-1723\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1723\n[ 91 ] CVE-2013-1724\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1724\n[ 92 ] CVE-2013-1725\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1725\n[ 93 ] CVE-2013-1726\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1726\n[ 94 ] CVE-2013-1728\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1728\n[ 95 ] CVE-2013-1730\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1730\n[ 96 ] CVE-2013-1732\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1732\n[ 97 ] CVE-2013-1735\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1735\n[ 98 ] CVE-2013-1736\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1736\n[ 99 ] CVE-2013-1737\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1737\n[ 100 ] CVE-2013-1738\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1738\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201309-23.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: firefox security update\nAdvisory ID: RHSA-2013:0696-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2013-0696.html\nIssue date: 2013-04-02\nCVE Names: CVE-2013-0788 CVE-2013-0793 CVE-2013-0795 \n CVE-2013-0796 CVE-2013-0800 \n=====================================================================\n\n1. Summary:\n\nUpdated firefox packages that fix several security issues are now available\nfor Red Hat Enterprise Linux 5 and 6. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox. \n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2013-0788)\n\nA flaw was found in the way Same Origin Wrappers were implemented in\nFirefox. (CVE-2013-0795)\n\nA flaw was found in the embedded WebGL library in Firefox. A web page\ncontaining malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox. \nNote: This issue only affected systems using the Intel Mesa graphics\ndrivers. (CVE-2013-0796)\n\nAn out-of-bounds write flaw was found in the embedded Cairo library in\nFirefox. A web page containing malicious content could cause Firefox to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running Firefox. (CVE-2013-0800)\n\nA flaw was found in the way Firefox handled the JavaScript history\nfunctions. A malicious site could cause a web page to be displayed that has\na baseURI pointing to a different site, allowing cross-site scripting (XSS)\nand phishing attacks. (CVE-2013-0793)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. \nUpstream acknowledges Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian\nHoller, Milan Sreckovic, Joe Drew, Cody Crews, miaubiz, Abhishek Arya, and\nMariusz Mlynski as the original reporters of these issues. \n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 17.0.5 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum. \n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 17.0.5 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n946927 - CVE-2013-0788 Mozilla: Miscellaneous memory safety hazards (rv:17.0.5) (MFSA 2013-30)\n946929 - CVE-2013-0800 Mozilla: Out-of-bounds write in Cairo library (MFSA 2013-31)\n946931 - CVE-2013-0796 Mozilla: WebGL crash with Mesa graphics driver on Linux (MFSA 2013-35)\n946932 - CVE-2013-0795 Mozilla: Bypass of SOW protections allows cloning of protected nodes (MFSA 2013-36)\n946935 - CVE-2013-0793 Mozilla: Cross-site scripting (XSS) using timed history navigations (MFSA 2013-38)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-17.0.5-1.el5_9.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-17.0.5-1.el5_9.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-17.0.5-1.el5_9.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-17.0.5-1.el5_9.src.rpm\n\ni386:\nfirefox-17.0.5-1.el5_9.i386.rpm\nfirefox-17.0.5-1.el5_9.i386.rpm\nfirefox-debuginfo-17.0.5-1.el5_9.i386.rpm\nfirefox-debuginfo-17.0.5-1.el5_9.i386.rpm\nxulrunner-17.0.5-1.el5_9.i386.rpm\nxulrunner-17.0.5-1.el5_9.i386.rpm\nxulrunner-debuginfo-17.0.5-1.el5_9.i386.rpm\nxulrunner-debuginfo-17.0.5-1.el5_9.i386.rpm\n\nx86_64:\nfirefox-17.0.5-1.el5_9.i386.rpm\nfirefox-17.0.5-1.el5_9.i386.rpm\nfirefox-17.0.5-1.el5_9.x86_64.rpm\nfirefox-17.0.5-1.el5_9.x86_64.rpm\nfirefox-debuginfo-17.0.5-1.el5_9.i386.rpm\nfirefox-debuginfo-17.0.5-1.el5_9.i386.rpm\nfirefox-debuginfo-17.0.5-1.el5_9.x86_64.rpm\nfirefox-debuginfo-17.0.5-1.el5_9.x86_64.rpm\nxulrunner-17.0.5-1.el5_9.i386.rpm\nxulrunner-17.0.5-1.el5_9.i386.rpm\nxulrunner-17.0.5-1.el5_9.x86_64.rpm\nxulrunner-17.0.5-1.el5_9.x86_64.rpm\nxulrunner-debuginfo-17.0.5-1.el5_9.i386.rpm\nxulrunner-debuginfo-17.0.5-1.el5_9.i386.rpm\nxulrunner-debuginfo-17.0.5-1.el5_9.x86_64.rpm\nxulrunner-debuginfo-17.0.5-1.el5_9.x86_64.rpm\n\nRHEL Desktop Workstation (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-17.0.5-1.el5_9.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xulrunner-17.0.5-1.el5_9.src.rpm\n\ni386:\nxulrunner-debuginfo-17.0.5-1.el5_9.i386.rpm\nxulrunner-debuginfo-17.0.5-1.el5_9.i386.rpm\nxulrunner-devel-17.0.5-1.el5_9.i386.rpm\nxulrunner-devel-17.0.5-1.el5_9.i386.rpm\n\nx86_64:\nxulrunner-debuginfo-17.0.5-1.el5_9.i386.rpm\nxulrunner-debuginfo-17.0.5-1.el5_9.i386.rpm\nxulrunner-debuginfo-17.0.5-1.el5_9.x86_64.rpm\nxulrunner-debuginfo-17.0.5-1.el5_9.x86_64.rpm\nxulrunner-devel-17.0.5-1.el5_9.i386.rpm\nxulrunner-devel-17.0.5-1.el5_9.i386.rpm\nxulrunner-devel-17.0.5-1.el5_9.x86_64.rpm\nxulrunner-devel-17.0.5-1.el5_9.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-17.0.5-1.el5_9.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-17.0.5-1.el5_9.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xulrunner-17.0.5-1.el5_9.src.rpm\n\ni386:\nfirefox-17.0.5-1.el5_9.i386.rpm\nfirefox-17.0.5-1.el5_9.i386.rpm\nfirefox-debuginfo-17.0.5-1.el5_9.i386.rpm\nfirefox-debuginfo-17.0.5-1.el5_9.i386.rpm\nxulrunner-17.0.5-1.el5_9.i386.rpm\nxulrunner-debuginfo-17.0.5-1.el5_9.i386.rpm\nxulrunner-debuginfo-17.0.5-1.el5_9.i386.rpm\nxulrunner-devel-17.0.5-1.el5_9.i386.rpm\nxulrunner-devel-17.0.5-1.el5_9.i386.rpm\n\nia64:\nfirefox-17.0.5-1.el5_9.ia64.rpm\nfirefox-17.0.5-1.el5_9.ia64.rpm\nfirefox-debuginfo-17.0.5-1.el5_9.ia64.rpm\nfirefox-debuginfo-17.0.5-1.el5_9.ia64.rpm\nxulrunner-17.0.5-1.el5_9.ia64.rpm\nxulrunner-debuginfo-17.0.5-1.el5_9.ia64.rpm\nxulrunner-debuginfo-17.0.5-1.el5_9.ia64.rpm\nxulrunner-devel-17.0.5-1.el5_9.ia64.rpm\nxulrunner-devel-17.0.5-1.el5_9.ia64.rpm\n\nppc:\nfirefox-17.0.5-1.el5_9.ppc.rpm\nfirefox-17.0.5-1.el5_9.ppc.rpm\nfirefox-debuginfo-17.0.5-1.el5_9.ppc.rpm\nfirefox-debuginfo-17.0.5-1.el5_9.ppc.rpm\nxulrunner-17.0.5-1.el5_9.ppc.rpm\nxulrunner-17.0.5-1.el5_9.ppc64.rpm\nxulrunner-debuginfo-17.0.5-1.el5_9.ppc.rpm\nxulrunner-debuginfo-17.0.5-1.el5_9.ppc.rpm\nxulrunner-debuginfo-17.0.5-1.el5_9.ppc64.rpm\nxulrunner-debuginfo-17.0.5-1.el5_9.ppc64.rpm\nxulrunner-devel-17.0.5-1.el5_9.ppc.rpm\nxulrunner-devel-17.0.5-1.el5_9.ppc64.rpm\n\ns390x:\nfirefox-17.0.5-1.el5_9.s390.rpm\nfirefox-17.0.5-1.el5_9.s390.rpm\nfirefox-17.0.5-1.el5_9.s390x.rpm\nfirefox-17.0.5-1.el5_9.s390x.rpm\nfirefox-debuginfo-17.0.5-1.el5_9.s390.rpm\nfirefox-debuginfo-17.0.5-1.el5_9.s390.rpm\nfirefox-debuginfo-17.0.5-1.el5_9.s390x.rpm\nfirefox-debuginfo-17.0.5-1.el5_9.s390x.rpm\nxulrunner-17.0.5-1.el5_9.s390.rpm\nxulrunner-17.0.5-1.el5_9.s390x.rpm\nxulrunner-debuginfo-17.0.5-1.el5_9.s390.rpm\nxulrunner-debuginfo-17.0.5-1.el5_9.s390.rpm\nxulrunner-debuginfo-17.0.5-1.el5_9.s390x.rpm\nxulrunner-debuginfo-17.0.5-1.el5_9.s390x.rpm\nxulrunner-devel-17.0.5-1.el5_9.s390.rpm\nxulrunner-devel-17.0.5-1.el5_9.s390x.rpm\n\nx86_64:\nfirefox-17.0.5-1.el5_9.i386.rpm\nfirefox-17.0.5-1.el5_9.i386.rpm\nfirefox-17.0.5-1.el5_9.x86_64.rpm\nfirefox-17.0.5-1.el5_9.x86_64.rpm\nfirefox-debuginfo-17.0.5-1.el5_9.i386.rpm\nfirefox-debuginfo-17.0.5-1.el5_9.i386.rpm\nfirefox-debuginfo-17.0.5-1.el5_9.x86_64.rpm\nfirefox-debuginfo-17.0.5-1.el5_9.x86_64.rpm\nxulrunner-17.0.5-1.el5_9.i386.rpm\nxulrunner-17.0.5-1.el5_9.x86_64.rpm\nxulrunner-debuginfo-17.0.5-1.el5_9.i386.rpm\nxulrunner-debuginfo-17.0.5-1.el5_9.i386.rpm\nxulrunner-debuginfo-17.0.5-1.el5_9.x86_64.rpm\nxulrunner-debuginfo-17.0.5-1.el5_9.x86_64.rpm\nxulrunner-devel-17.0.5-1.el5_9.i386.rpm\nxulrunner-devel-17.0.5-1.el5_9.i386.rpm\nxulrunner-devel-17.0.5-1.el5_9.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-17.0.5-1.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/firefox-17.0.5-1.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm\n\ni386:\nfirefox-17.0.5-1.el6_4.i686.rpm\nfirefox-17.0.5-1.el6_4.i686.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.i686.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.i686.rpm\nxulrunner-17.0.5-1.el6_4.i686.rpm\nxulrunner-17.0.5-1.el6_4.i686.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm\n\nx86_64:\nfirefox-17.0.5-1.el6_4.i686.rpm\nfirefox-17.0.5-1.el6_4.i686.rpm\nfirefox-17.0.5-1.el6_4.x86_64.rpm\nfirefox-17.0.5-1.el6_4.x86_64.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.i686.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.i686.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.x86_64.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.x86_64.rpm\nxulrunner-17.0.5-1.el6_4.i686.rpm\nxulrunner-17.0.5-1.el6_4.i686.rpm\nxulrunner-17.0.5-1.el6_4.x86_64.rpm\nxulrunner-17.0.5-1.el6_4.x86_64.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm\n\ni386:\nxulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm\nxulrunner-devel-17.0.5-1.el6_4.i686.rpm\nxulrunner-devel-17.0.5-1.el6_4.i686.rpm\n\nx86_64:\nxulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm\nxulrunner-devel-17.0.5-1.el6_4.i686.rpm\nxulrunner-devel-17.0.5-1.el6_4.i686.rpm\nxulrunner-devel-17.0.5-1.el6_4.x86_64.rpm\nxulrunner-devel-17.0.5-1.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-17.0.5-1.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/firefox-17.0.5-1.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm\n\nx86_64:\nfirefox-17.0.5-1.el6_4.i686.rpm\nfirefox-17.0.5-1.el6_4.i686.rpm\nfirefox-17.0.5-1.el6_4.x86_64.rpm\nfirefox-17.0.5-1.el6_4.x86_64.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.i686.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.i686.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.x86_64.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.x86_64.rpm\nxulrunner-17.0.5-1.el6_4.i686.rpm\nxulrunner-17.0.5-1.el6_4.i686.rpm\nxulrunner-17.0.5-1.el6_4.x86_64.rpm\nxulrunner-17.0.5-1.el6_4.x86_64.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm\nxulrunner-devel-17.0.5-1.el6_4.i686.rpm\nxulrunner-devel-17.0.5-1.el6_4.i686.rpm\nxulrunner-devel-17.0.5-1.el6_4.x86_64.rpm\nxulrunner-devel-17.0.5-1.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-17.0.5-1.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/firefox-17.0.5-1.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm\n\ni386:\nfirefox-17.0.5-1.el6_4.i686.rpm\nfirefox-17.0.5-1.el6_4.i686.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.i686.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.i686.rpm\nxulrunner-17.0.5-1.el6_4.i686.rpm\nxulrunner-17.0.5-1.el6_4.i686.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm\n\nppc64:\nfirefox-17.0.5-1.el6_4.ppc.rpm\nfirefox-17.0.5-1.el6_4.ppc.rpm\nfirefox-17.0.5-1.el6_4.ppc64.rpm\nfirefox-17.0.5-1.el6_4.ppc64.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.ppc.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.ppc.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.ppc64.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.ppc64.rpm\nxulrunner-17.0.5-1.el6_4.ppc.rpm\nxulrunner-17.0.5-1.el6_4.ppc.rpm\nxulrunner-17.0.5-1.el6_4.ppc64.rpm\nxulrunner-17.0.5-1.el6_4.ppc64.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.ppc.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.ppc.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.ppc64.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.ppc64.rpm\n\ns390x:\nfirefox-17.0.5-1.el6_4.s390.rpm\nfirefox-17.0.5-1.el6_4.s390.rpm\nfirefox-17.0.5-1.el6_4.s390x.rpm\nfirefox-17.0.5-1.el6_4.s390x.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.s390.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.s390.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.s390x.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.s390x.rpm\nxulrunner-17.0.5-1.el6_4.s390.rpm\nxulrunner-17.0.5-1.el6_4.s390.rpm\nxulrunner-17.0.5-1.el6_4.s390x.rpm\nxulrunner-17.0.5-1.el6_4.s390x.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.s390.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.s390.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.s390x.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.s390x.rpm\n\nx86_64:\nfirefox-17.0.5-1.el6_4.i686.rpm\nfirefox-17.0.5-1.el6_4.i686.rpm\nfirefox-17.0.5-1.el6_4.x86_64.rpm\nfirefox-17.0.5-1.el6_4.x86_64.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.i686.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.i686.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.x86_64.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.x86_64.rpm\nxulrunner-17.0.5-1.el6_4.i686.rpm\nxulrunner-17.0.5-1.el6_4.i686.rpm\nxulrunner-17.0.5-1.el6_4.x86_64.rpm\nxulrunner-17.0.5-1.el6_4.x86_64.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm\n\ni386:\nxulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm\nxulrunner-devel-17.0.5-1.el6_4.i686.rpm\nxulrunner-devel-17.0.5-1.el6_4.i686.rpm\n\nppc64:\nxulrunner-debuginfo-17.0.5-1.el6_4.ppc.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.ppc.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.ppc64.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.ppc64.rpm\nxulrunner-devel-17.0.5-1.el6_4.ppc.rpm\nxulrunner-devel-17.0.5-1.el6_4.ppc.rpm\nxulrunner-devel-17.0.5-1.el6_4.ppc64.rpm\nxulrunner-devel-17.0.5-1.el6_4.ppc64.rpm\n\ns390x:\nxulrunner-debuginfo-17.0.5-1.el6_4.s390.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.s390.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.s390x.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.s390x.rpm\nxulrunner-devel-17.0.5-1.el6_4.s390.rpm\nxulrunner-devel-17.0.5-1.el6_4.s390.rpm\nxulrunner-devel-17.0.5-1.el6_4.s390x.rpm\nxulrunner-devel-17.0.5-1.el6_4.s390x.rpm\n\nx86_64:\nxulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm\nxulrunner-devel-17.0.5-1.el6_4.i686.rpm\nxulrunner-devel-17.0.5-1.el6_4.i686.rpm\nxulrunner-devel-17.0.5-1.el6_4.x86_64.rpm\nxulrunner-devel-17.0.5-1.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-17.0.5-1.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/firefox-17.0.5-1.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm\n\ni386:\nfirefox-17.0.5-1.el6_4.i686.rpm\nfirefox-17.0.5-1.el6_4.i686.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.i686.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.i686.rpm\nxulrunner-17.0.5-1.el6_4.i686.rpm\nxulrunner-17.0.5-1.el6_4.i686.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm\n\nx86_64:\nfirefox-17.0.5-1.el6_4.i686.rpm\nfirefox-17.0.5-1.el6_4.i686.rpm\nfirefox-17.0.5-1.el6_4.x86_64.rpm\nfirefox-17.0.5-1.el6_4.x86_64.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.i686.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.i686.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.x86_64.rpm\nfirefox-debuginfo-17.0.5-1.el6_4.x86_64.rpm\nxulrunner-17.0.5-1.el6_4.i686.rpm\nxulrunner-17.0.5-1.el6_4.i686.rpm\nxulrunner-17.0.5-1.el6_4.x86_64.rpm\nxulrunner-17.0.5-1.el6_4.x86_64.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xulrunner-17.0.5-1.el6_4.src.rpm\n\ni386:\nxulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm\nxulrunner-devel-17.0.5-1.el6_4.i686.rpm\nxulrunner-devel-17.0.5-1.el6_4.i686.rpm\n\nx86_64:\nxulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.i686.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm\nxulrunner-debuginfo-17.0.5-1.el6_4.x86_64.rpm\nxulrunner-devel-17.0.5-1.el6_4.i686.rpm\nxulrunner-devel-17.0.5-1.el6_4.i686.rpm\nxulrunner-devel-17.0.5-1.el6_4.x86_64.rpm\nxulrunner-devel-17.0.5-1.el6_4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2013-0788.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-0793.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-0795.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-0796.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-0800.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2013 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFRWzt5XlSAg2UNWIIRAobXAJ9/uirvEeOiGpegRbi/Fdtv9BRXUACeMYpK\ntaMjOQZpo7Ea1JPyhBWhy7M=\n=2sCd\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nNote: All issues except CVE-2013-0800 cannot be exploited by a\nspecially-crafted HTML mail message as JavaScript is disabled by default\nfor mail messages. They could be exploited another way in Thunderbird, for\nexample, when viewing the full remote content of an RSS feed. A crafted PNG image could use this flaw to leak\n data through rendered images drawing from random memory. \n \n Security researcher Mariusz Mlynski reported a method to use browser\n navigations through history to load an arbitrary website with that\n page\u0026#039;s baseURI property pointing to another site instead of the\n seemingly loaded one. The user will continue to see the incorrect\n site in the addressbar of the browser. This allows violation of the browser\u0026#039;s same origin\n policy and could also lead to privilege escalation and the execution\n of arbitrary code (CVE-2013-0795). \n \n Security researcher miaubiz used the Address Sanitizer tool to\n discover a crash in WebGL rendering when memory is freed that has\n not previously been allocated. The resulting crash could be\n potentially exploitable (CVE-2013-0796). When certain values\n are passed to it during rendering, Cairo attempts to use negative\n boundaries or sizes for boxes, leading to a potentially exploitable\n crash in some instances (CVE-2013-0800). \n \n Mozilla developers identified and fixed several memory safety\n bugs in the browser engine used in Firefox and other Mozilla-based\n products. Some of these bugs showed evidence of memory corruption under\n certain circumstances, and we presume that with enough effort at least\n some of these could be exploited to run arbitrary code (CVE-2013-0788). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0792\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788\n http://www.mozilla.org/security/announce/2013/mfsa2013-39.html\n http://www.mozilla.org/security/announce/2013/mfsa2013-38.html\n http://www.mozilla.org/security/announce/2013/mfsa2013-36.html\n http://www.mozilla.org/security/announce/2013/mfsa2013-35.html\n http://www.mozilla.org/security/announce/2013/mfsa2013-31.html\n http://www.mozilla.org/security/announce/2013/mfsa2013-30.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Enterprise Server 5:\n 0db2c1631a956f6147230a099f1d2d68 mes5/i586/firefox-17.0.5-0.1mdvmes5.2.i586.rpm\n b6accdf420ac5eb3dbea29d283fff049 mes5/i586/firefox-af-17.0.5-0.1mdvmes5.2.i586.rpm\n a434d7ee9d360c2b555873e8c93aac2a mes5/i586/firefox-ar-17.0.5-0.1mdvmes5.2.i586.rpm\n 3b64b73c7cb465fee179b140656a065d mes5/i586/firefox-be-17.0.5-0.1mdvmes5.2.i586.rpm\n 967b03abad307a338d0709df85e1ec1e mes5/i586/firefox-bg-17.0.5-0.1mdvmes5.2.i586.rpm\n 715fef97490152afcea942e32d9f8fae mes5/i586/firefox-bn-17.0.5-0.1mdvmes5.2.i586.rpm\n 46bac62630e189f9d6f7f2d90a5e1c4e mes5/i586/firefox-ca-17.0.5-0.1mdvmes5.2.i586.rpm\n 64143512420338cc54a073be91ccbf9d mes5/i586/firefox-cs-17.0.5-0.1mdvmes5.2.i586.rpm\n ba627030e474fb62caf34b2280e2432f mes5/i586/firefox-cy-17.0.5-0.1mdvmes5.2.i586.rpm\n d2ba69795c243c8aad3e56f1ba3190b4 mes5/i586/firefox-da-17.0.5-0.1mdvmes5.2.i586.rpm\n 81473710741c44e227e930f512a890d7 mes5/i586/firefox-de-17.0.5-0.1mdvmes5.2.i586.rpm\n 7d787c3a0eabf7b514083f267037cbdd mes5/i586/firefox-devel-17.0.5-0.1mdvmes5.2.i586.rpm\n f279d611e9a8233cec0090439e0bbc30 mes5/i586/firefox-el-17.0.5-0.1mdvmes5.2.i586.rpm\n 5ad88edccb4a8cb75d58464ed2201e2a mes5/i586/firefox-en_GB-17.0.5-0.1mdvmes5.2.i586.rpm\n 7c2bdafe6cf1219d33df634b40ca7f33 mes5/i586/firefox-eo-17.0.5-0.1mdvmes5.2.i586.rpm\n 6e8e3cc43e1b5326d886780d5409ff57 mes5/i586/firefox-es_AR-17.0.5-0.1mdvmes5.2.i586.rpm\n 8608ba9849ea4f56ac60475ccfc3acd7 mes5/i586/firefox-es_ES-17.0.5-0.1mdvmes5.2.i586.rpm\n b6de17fad95679a08dfc420f51d5e0fa mes5/i586/firefox-et-17.0.5-0.1mdvmes5.2.i586.rpm\n 7d5281fe391c7bcbc4f49369e00ce6f0 mes5/i586/firefox-eu-17.0.5-0.1mdvmes5.2.i586.rpm\n dfacd04856fb4529fb0ebdabbad374f9 mes5/i586/firefox-fi-17.0.5-0.1mdvmes5.2.i586.rpm\n b98f1800a67f8fec9dcbca77edd41ac4 mes5/i586/firefox-fr-17.0.5-0.1mdvmes5.2.i586.rpm\n eed03047da1e7642f207cb8821dbd95f mes5/i586/firefox-fy-17.0.5-0.1mdvmes5.2.i586.rpm\n 3f110cc8c73665a709b97bf554b835cc mes5/i586/firefox-ga_IE-17.0.5-0.1mdvmes5.2.i586.rpm\n 0ad55037b7527a452626a84dade35f56 mes5/i586/firefox-gl-17.0.5-0.1mdvmes5.2.i586.rpm\n e0272d903a0f8b1c938dded3626ac89a mes5/i586/firefox-gu_IN-17.0.5-0.1mdvmes5.2.i586.rpm\n 6bdc9c6edcc036122d131b6bf5a341ec mes5/i586/firefox-he-17.0.5-0.1mdvmes5.2.i586.rpm\n 8fd0ad163782a228e9176f1618dbae2f mes5/i586/firefox-hi-17.0.5-0.1mdvmes5.2.i586.rpm\n cef589c92b95defd03297a43a4a65e65 mes5/i586/firefox-hu-17.0.5-0.1mdvmes5.2.i586.rpm\n 6a4e24d1c59f774cab7ea341dedde5e5 mes5/i586/firefox-id-17.0.5-0.1mdvmes5.2.i586.rpm\n 617d63908bfa91b171a5e40acdfbb058 mes5/i586/firefox-is-17.0.5-0.1mdvmes5.2.i586.rpm\n 89d72f5231e362ffbcb74c5ebd9d2789 mes5/i586/firefox-it-17.0.5-0.1mdvmes5.2.i586.rpm\n 46e283185529cf7e3b55208e928d3e21 mes5/i586/firefox-ja-17.0.5-0.1mdvmes5.2.i586.rpm\n 9cb48d986cb94e843740461ccdc7e344 mes5/i586/firefox-kn-17.0.5-0.1mdvmes5.2.i586.rpm\n b4a30b6ae86cf07f9e15a5921ccf367c mes5/i586/firefox-ko-17.0.5-0.1mdvmes5.2.i586.rpm\n 447af559ce4a0a7cd0ff00ad81466966 mes5/i586/firefox-ku-17.0.5-0.1mdvmes5.2.i586.rpm\n f16fa703cc4611f42ef618a2709467ce mes5/i586/firefox-lt-17.0.5-0.1mdvmes5.2.i586.rpm\n f2f05879c892085be5d0fa4e9c787ae7 mes5/i586/firefox-lv-17.0.5-0.1mdvmes5.2.i586.rpm\n f166cef7eeae485e939a9964df355ffe mes5/i586/firefox-mk-17.0.5-0.1mdvmes5.2.i586.rpm\n a2d9533d98cd613ff49ace2dd3c4aaaf mes5/i586/firefox-mr-17.0.5-0.1mdvmes5.2.i586.rpm\n 04e604773ab19ad5060c53d906c7d222 mes5/i586/firefox-nb_NO-17.0.5-0.1mdvmes5.2.i586.rpm\n ea691e1ecd5cfac906a077614841100f mes5/i586/firefox-nl-17.0.5-0.1mdvmes5.2.i586.rpm\n 0b7dac86ef507b78504a6f507d2b82b6 mes5/i586/firefox-nn_NO-17.0.5-0.1mdvmes5.2.i586.rpm\n b5a1616579bd3804eb500a75aa9b040e mes5/i586/firefox-pa_IN-17.0.5-0.1mdvmes5.2.i586.rpm\n abca5b749f468af02e0d94e2c8b00ac1 mes5/i586/firefox-pl-17.0.5-0.1mdvmes5.2.i586.rpm\n 2585fe186ebb3b81ae4e3b4c4ed73442 mes5/i586/firefox-pt_BR-17.0.5-0.1mdvmes5.2.i586.rpm\n 416bbd1fc256861429b3fd78f7d83ef1 mes5/i586/firefox-pt_PT-17.0.5-0.1mdvmes5.2.i586.rpm\n 3d66426c2548c0ba2746c4c36a9db708 mes5/i586/firefox-ro-17.0.5-0.1mdvmes5.2.i586.rpm\n ae4fc0951b14c00d6656540e7d38e22e mes5/i586/firefox-ru-17.0.5-0.1mdvmes5.2.i586.rpm\n d323216cc380f286ff0c990062cdbd43 mes5/i586/firefox-si-17.0.5-0.1mdvmes5.2.i586.rpm\n a0edc229b50354a66d6c6152fc082395 mes5/i586/firefox-sk-17.0.5-0.1mdvmes5.2.i586.rpm\n 7d5edda5ddd9064dec3b85ecc7102f19 mes5/i586/firefox-sl-17.0.5-0.1mdvmes5.2.i586.rpm\n 277d4c09d495b4b8bb0c7e715761f267 mes5/i586/firefox-sq-17.0.5-0.1mdvmes5.2.i586.rpm\n 3d601400d0df895c73a5ebb064f4f016 mes5/i586/firefox-sr-17.0.5-0.1mdvmes5.2.i586.rpm\n f5f9e7bbe47f6fba7042f2bf5a61d28e mes5/i586/firefox-sv_SE-17.0.5-0.1mdvmes5.2.i586.rpm\n ec8dc022734c08dab5183405efa6d0c1 mes5/i586/firefox-te-17.0.5-0.1mdvmes5.2.i586.rpm\n 242b490062337f7f4f4b8169fb8c91d5 mes5/i586/firefox-th-17.0.5-0.1mdvmes5.2.i586.rpm\n 3f2fe42cd27e1c751513a561df7fb5a7 mes5/i586/firefox-tr-17.0.5-0.1mdvmes5.2.i586.rpm\n e5a6d7e6b9981687ca062526a14c7056 mes5/i586/firefox-uk-17.0.5-0.1mdvmes5.2.i586.rpm\n 8ad451f2a167af24160826bb6d054593 mes5/i586/firefox-zh_CN-17.0.5-0.1mdvmes5.2.i586.rpm\n 3d1c7ee791874a416ed2bf5847fa6ad7 mes5/i586/firefox-zh_TW-17.0.5-0.1mdvmes5.2.i586.rpm\n 0c338be36acdbe8c79655cfeac88627a mes5/i586/icedtea-web-1.3.1-0.3mdvmes5.2.i586.rpm\n 807123e3063f730d05282bf43f3dda6a mes5/i586/icedtea-web-javadoc-1.3.1-0.3mdvmes5.2.i586.rpm\n 7380860d463c5b198f74b592e51031f1 mes5/i586/libnspr4-4.9.6-0.1mdvmes5.2.i586.rpm\n 58137e16b3eb8e9655ceef99f4ec1fc7 mes5/i586/libnspr-devel-4.9.6-0.1mdvmes5.2.i586.rpm\n 6cb4ca4131bce6f48ff8d347ded8236d mes5/i586/libxulrunner17.0.5-17.0.5-0.1mdvmes5.2.i586.rpm\n 5c7ea7a5a52630606b7e71d61ac5c738 mes5/i586/libxulrunner-devel-17.0.5-0.1mdvmes5.2.i586.rpm\n 41f2f6022487aabc48b573620111b6b8 mes5/i586/xulrunner-17.0.5-0.1mdvmes5.2.i586.rpm \n 2a3a774ee0094a48cf108ed120ba227a mes5/SRPMS/firefox-17.0.5-0.1mdvmes5.2.src.rpm\n 58a810253d11b6af76cf1bcce6a3e7b4 mes5/SRPMS/firefox-l10n-17.0.5-0.1mdvmes5.2.src.rpm\n 5add3a80120b73f5ed97c9dd02837c58 mes5/SRPMS/icedtea-web-1.3.1-0.3mdvmes5.2.src.rpm\n 6d70b7e57cc741f0b587a1effee81fb4 mes5/SRPMS/nspr-4.9.6-0.1mdvmes5.2.src.rpm\n d7f835773038004ff8995ef676f8397e mes5/SRPMS/xulrunner-17.0.5-0.1mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 352b4b9c3ec49226611acfff2586132d mes5/x86_64/firefox-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 29388b8d4da203e932710f8b98630932 mes5/x86_64/firefox-af-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 35c9f59f4ce87eb7c64b89e60220ebb3 mes5/x86_64/firefox-ar-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 204c1013d7e6d3925a73ff3c62ce6c14 mes5/x86_64/firefox-be-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 43fdfdbedaf5a13fe6396775731a1835 mes5/x86_64/firefox-bg-17.0.5-0.1mdvmes5.2.x86_64.rpm\n d800fa786bef5538692c6b8fffb2f1b3 mes5/x86_64/firefox-bn-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 74cb34c33f9d0f070338dd49332bbdd1 mes5/x86_64/firefox-ca-17.0.5-0.1mdvmes5.2.x86_64.rpm\n fca54be2cf51319542bca20cedf9dff6 mes5/x86_64/firefox-cs-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 10b6de867fa24ab60c419fd9b314723c mes5/x86_64/firefox-cy-17.0.5-0.1mdvmes5.2.x86_64.rpm\n eb67b095d7490b5bc24c85bc8652fed9 mes5/x86_64/firefox-da-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 7761e055af6b87172b2a05f9dc671d99 mes5/x86_64/firefox-de-17.0.5-0.1mdvmes5.2.x86_64.rpm\n b4ede22d5b768e082d47d2702fb71221 mes5/x86_64/firefox-devel-17.0.5-0.1mdvmes5.2.x86_64.rpm\n a359d0468b6217c59eb88771f2e799b2 mes5/x86_64/firefox-el-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 4e58ae7627f5d6d0ba4d7c215c252611 mes5/x86_64/firefox-en_GB-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 777062d66c8b57c59dc72c60bcade5aa mes5/x86_64/firefox-eo-17.0.5-0.1mdvmes5.2.x86_64.rpm\n c2b069c9c0105d85c5946f542204a7c7 mes5/x86_64/firefox-es_AR-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 2a39a098a5b39dee19347f18c033f8c5 mes5/x86_64/firefox-es_ES-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 412516e1b5a4b4b8b3a7eaf8d2b7806e mes5/x86_64/firefox-et-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 5225e8ac59ee14a9fe5653e8afaa96b4 mes5/x86_64/firefox-eu-17.0.5-0.1mdvmes5.2.x86_64.rpm\n e91755da5dc3a6481ef5fd87b66dc2b3 mes5/x86_64/firefox-fi-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 6c3c9ffddeb301345539516a2128870b mes5/x86_64/firefox-fr-17.0.5-0.1mdvmes5.2.x86_64.rpm\n f90bff71593d02e29a6801fb30196522 mes5/x86_64/firefox-fy-17.0.5-0.1mdvmes5.2.x86_64.rpm\n e36128274f24c1e3a905c6834dbd3431 mes5/x86_64/firefox-ga_IE-17.0.5-0.1mdvmes5.2.x86_64.rpm\n c1d8d7d3060a4a63ecf56e516d704322 mes5/x86_64/firefox-gl-17.0.5-0.1mdvmes5.2.x86_64.rpm\n fce3e57a97a18461e6784f27c9b5f982 mes5/x86_64/firefox-gu_IN-17.0.5-0.1mdvmes5.2.x86_64.rpm\n d567bdbe94970ce762fbbec34566271e mes5/x86_64/firefox-he-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 68a74e20c4ee64127e275d443052a0aa mes5/x86_64/firefox-hi-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 65eeb5076b7e049d2212f88e8e3a5d2b mes5/x86_64/firefox-hu-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 7906c9372d2db0981a0f1fc5d068781f mes5/x86_64/firefox-id-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 39174043fdecada0715aae758b111931 mes5/x86_64/firefox-is-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 391b93959169588a74801efb2baeb048 mes5/x86_64/firefox-it-17.0.5-0.1mdvmes5.2.x86_64.rpm\n de1e0b1e3b0e2c1b91b3b9d8250b042d mes5/x86_64/firefox-ja-17.0.5-0.1mdvmes5.2.x86_64.rpm\n c465364f97f2c2cb891ff5866f7b2048 mes5/x86_64/firefox-kn-17.0.5-0.1mdvmes5.2.x86_64.rpm\n dd25c3ffde3ac083a3bd439855ab9e66 mes5/x86_64/firefox-ko-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 0af917c3141a800843563b56e634e4b9 mes5/x86_64/firefox-ku-17.0.5-0.1mdvmes5.2.x86_64.rpm\n d17896516e04d7b2483c449c07018c1a mes5/x86_64/firefox-lt-17.0.5-0.1mdvmes5.2.x86_64.rpm\n e7925f0f39dd9cc0be8e390ff5b2511a mes5/x86_64/firefox-lv-17.0.5-0.1mdvmes5.2.x86_64.rpm\n aa7dada147bc0ee6e14de44582148245 mes5/x86_64/firefox-mk-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 12eeadd008b58a4c51c396a3296c6876 mes5/x86_64/firefox-mr-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 6043540a8e8edd39b06c8dbde4bbac6a mes5/x86_64/firefox-nb_NO-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 0967142165225c2d0cde356bdf91af38 mes5/x86_64/firefox-nl-17.0.5-0.1mdvmes5.2.x86_64.rpm\n fe4d07e0a85ee4cf0a3ed65c4a24e561 mes5/x86_64/firefox-nn_NO-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 18c355a3a4ecbed10dd933a2c0cee658 mes5/x86_64/firefox-pa_IN-17.0.5-0.1mdvmes5.2.x86_64.rpm\n fdb47ab94213fde94caca5c0e956ad0a mes5/x86_64/firefox-pl-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 26659783f49eb63504f8240af15c46ef mes5/x86_64/firefox-pt_BR-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 003887926df53eea9cd2c728ce2f2613 mes5/x86_64/firefox-pt_PT-17.0.5-0.1mdvmes5.2.x86_64.rpm\n f26a734cc64f5630d5763501789af036 mes5/x86_64/firefox-ro-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 2055c8a4b5ab208de8bb7fc03df6f6ad mes5/x86_64/firefox-ru-17.0.5-0.1mdvmes5.2.x86_64.rpm\n eb5a279167efdded2ec946f1174885da mes5/x86_64/firefox-si-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 0884722ce24c5dc947a1693b72ab87a8 mes5/x86_64/firefox-sk-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 9ec578bd6111680976755026eee9736f mes5/x86_64/firefox-sl-17.0.5-0.1mdvmes5.2.x86_64.rpm\n d3ed346a9201d1c43ec0addd91404407 mes5/x86_64/firefox-sq-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 7a3c688c303f03f13d370e078ef527d8 mes5/x86_64/firefox-sr-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 679acfed547f9ed80a7515a4ac955990 mes5/x86_64/firefox-sv_SE-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 94bf66782b9ffd747482d41526527b5f mes5/x86_64/firefox-te-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 9b37e1edaa79527f9bb7159e39be108c mes5/x86_64/firefox-th-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 2a6557c6d334dc4020f3cd2ba2235a0d mes5/x86_64/firefox-tr-17.0.5-0.1mdvmes5.2.x86_64.rpm\n c95479524cf439150d838ecd163e7040 mes5/x86_64/firefox-uk-17.0.5-0.1mdvmes5.2.x86_64.rpm\n aa31ef1321eff4e86d98acfac020fb25 mes5/x86_64/firefox-zh_CN-17.0.5-0.1mdvmes5.2.x86_64.rpm\n d539dfb331ec70a69828f7665686d9b0 mes5/x86_64/firefox-zh_TW-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 2028cbbf55353a75366c9cb191efd67c mes5/x86_64/icedtea-web-1.3.1-0.3mdvmes5.2.x86_64.rpm\n 734ae27edc8c1026bca9947d70fd3fb7 mes5/x86_64/icedtea-web-javadoc-1.3.1-0.3mdvmes5.2.x86_64.rpm\n be78699f862f4a1d199248510e20ce1b mes5/x86_64/lib64nspr4-4.9.6-0.1mdvmes5.2.x86_64.rpm\n f62ab4de8ca959c4ff3990c92ea2427b mes5/x86_64/lib64nspr-devel-4.9.6-0.1mdvmes5.2.x86_64.rpm\n e94bbf818cfa59f67f7e5e75daf2726d mes5/x86_64/lib64xulrunner17.0.5-17.0.5-0.1mdvmes5.2.x86_64.rpm\n aecb7c59434a3330e7cb64bb6e7d902c mes5/x86_64/lib64xulrunner-devel-17.0.5-0.1mdvmes5.2.x86_64.rpm\n 531f21b03dbffa6024943663c1ba9e64 mes5/x86_64/xulrunner-17.0.5-0.1mdvmes5.2.x86_64.rpm \n 2a3a774ee0094a48cf108ed120ba227a mes5/SRPMS/firefox-17.0.5-0.1mdvmes5.2.src.rpm\n 58a810253d11b6af76cf1bcce6a3e7b4 mes5/SRPMS/firefox-l10n-17.0.5-0.1mdvmes5.2.src.rpm\n 5add3a80120b73f5ed97c9dd02837c58 mes5/SRPMS/icedtea-web-1.3.1-0.3mdvmes5.2.src.rpm\n 6d70b7e57cc741f0b587a1effee81fb4 mes5/SRPMS/nspr-4.9.6-0.1mdvmes5.2.src.rpm\n d7f835773038004ff8995ef676f8397e mes5/SRPMS/xulrunner-17.0.5-0.1mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFRZBk1mqjQ0CJFipgRAplSAJ44faYKLDitsBC24gBnRhdQycVEmgCgq1FV\nwMd/SGhxwMMZZ8YXJEH7z9g=\n=83zI\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0793"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002129"
},
{
"db": "BID",
"id": "58837"
},
{
"db": "PACKETSTORM",
"id": "121086"
},
{
"db": "PACKETSTORM",
"id": "121085"
},
{
"db": "PACKETSTORM",
"id": "121133"
},
{
"db": "PACKETSTORM",
"id": "123420"
},
{
"db": "PACKETSTORM",
"id": "121049"
},
{
"db": "PACKETSTORM",
"id": "121050"
},
{
"db": "PACKETSTORM",
"id": "121190"
}
],
"trust": 2.52
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2013-0793",
"trust": 3.4
},
{
"db": "BID",
"id": "58837",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002129",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "52830",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "52293",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "52888",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "52831",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "52770",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201304-047",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "121086",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "121085",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "121133",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123420",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "121049",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "121050",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "121190",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "58837"
},
{
"db": "PACKETSTORM",
"id": "121086"
},
{
"db": "PACKETSTORM",
"id": "121085"
},
{
"db": "PACKETSTORM",
"id": "121133"
},
{
"db": "PACKETSTORM",
"id": "123420"
},
{
"db": "PACKETSTORM",
"id": "121049"
},
{
"db": "PACKETSTORM",
"id": "121050"
},
{
"db": "PACKETSTORM",
"id": "121190"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-047"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002129"
},
{
"db": "NVD",
"id": "CVE-2013-0793"
}
]
},
"id": "VAR-201304-0062",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2026-04-10T23:21:40.444000Z",
"patch": {
"_id": null,
"data": [
{
"title": "DSA-2699",
"trust": 0.8,
"url": "http://www.debian.org/security/2013/dsa-2699"
},
{
"title": "MFSA2013-38",
"trust": 0.8,
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-38.html"
},
{
"title": "MFSA2013-38",
"trust": 0.8,
"url": "http://www.mozilla-japan.org/security/announce/2013/mfsa2013-38.html"
},
{
"title": "openSUSE-SU-2013:0630",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html"
},
{
"title": "openSUSE-SU-2013:0631",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html"
},
{
"title": "SUSE-SU-2013:0645",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html"
},
{
"title": "SUSE-SU-2013:0850",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html"
},
{
"title": "openSUSE-SU-2013:0875",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html"
},
{
"title": "RHSA-2013:0697",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2013-0697.html"
},
{
"title": "RHSA-2013:0696",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2013-0696.html"
},
{
"title": "USN-1791-1",
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/USN-1791-1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002129"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002129"
},
{
"db": "NVD",
"id": "CVE-2013-0793"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.0,
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-38.html"
},
{
"trust": 1.6,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=803870"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-1791-1"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2013-0696.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2013-0697.html"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16928"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2013/dsa-2699"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/58837"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0793"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0793"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0793"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0796"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0795"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0800"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/52293"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/52770"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/52830"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/52831"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/52888"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0788"
},
{
"trust": 0.3,
"url": "http://www.avantbrowser.com/new.aspx?uil=en-us#13000000107"
},
{
"trust": 0.3,
"url": "http://www.mozilla.org/projects/seamonkey/"
},
{
"trust": 0.3,
"url": "http://www.mozilla.org/products/thunderbird/"
},
{
"trust": 0.3,
"url": "http://www.palemoon.org/releasenotes-ng.shtml"
},
{
"trust": 0.3,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0676"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100172166"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004390"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0792"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0791"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0794"
},
{
"trust": 0.2,
"url": "https://launchpad.net/bugs/1161422"
},
{
"trust": 0.2,
"url": "http://www.ubuntu.com/usn/usn-1786-1"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0788.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0796.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0800.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0795.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2013-0793.html"
},
{
"trust": 0.2,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1786-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/unity-firefox-extension/2.4.4-0ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0789"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/20.0+build1-0ubuntu0.12.04.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/20.0+build1-0ubuntu0.11.10.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/20.0+build1-0ubuntu0.12.10.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/20.0+build1-0ubuntu0.10.04.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/thunderbird/17.0.5+build1-0ubuntu0.12.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/thunderbird/17.0.5+build1-0ubuntu0.11.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/thunderbird/17.0.5+build1-0ubuntu0.10.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/thunderbird/17.0.5+build1-0ubuntu0.12.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1162043"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0761"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0754"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0800"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0789"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0766"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0773"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0756"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0749"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0750"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0761"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1675"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1736"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0797"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1692"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1711"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0759"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0753"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0746"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0752"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0767"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1722"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0770"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0783"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0759"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0768"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0792"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0760"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1718"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0780"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0791"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1697"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0757"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0793"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0782"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1705"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0764"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0765"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0768"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0760"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1690"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0757"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0776"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1737"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0771"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0775"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0777"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0778"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0795"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0767"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0794"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1681"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0748"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1725"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0762"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1701"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1670"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0799"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0749"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1702"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0769"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0784"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1712"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1687"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0772"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1713"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1714"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0745"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0756"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0747"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1682"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0763"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0751"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0748"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1724"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1674"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1709"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0765"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0744"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0747"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1707"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0758"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1738"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1671"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0753"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0754"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1679"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1680"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0752"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0745"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1720"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1684"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0787"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0762"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1693"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1710"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0764"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0788"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201309-23.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0744"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0751"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0755"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0763"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1694"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1726"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1730"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0766"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0801"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0769"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1723"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1678"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1717"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1735"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1676"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0755"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0770"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1732"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0758"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0746"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1728"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1677"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1704"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0774"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1708"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/known-vulnerabilities/firefoxesr.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0792"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-36.html"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0788"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-30.html"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-35.html"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-39.html"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0795"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0800"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-31.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0796"
}
],
"sources": [
{
"db": "BID",
"id": "58837"
},
{
"db": "PACKETSTORM",
"id": "121086"
},
{
"db": "PACKETSTORM",
"id": "121085"
},
{
"db": "PACKETSTORM",
"id": "121133"
},
{
"db": "PACKETSTORM",
"id": "123420"
},
{
"db": "PACKETSTORM",
"id": "121049"
},
{
"db": "PACKETSTORM",
"id": "121050"
},
{
"db": "PACKETSTORM",
"id": "121190"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-047"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002129"
},
{
"db": "NVD",
"id": "CVE-2013-0793"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "BID",
"id": "58837",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "121086",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "121085",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "121133",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "123420",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "121049",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "121050",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "121190",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201304-047",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002129",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2013-0793",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2013-04-02T00:00:00",
"db": "BID",
"id": "58837",
"ident": null
},
{
"date": "2013-04-05T01:58:43",
"db": "PACKETSTORM",
"id": "121086",
"ident": null
},
{
"date": "2013-04-05T01:58:28",
"db": "PACKETSTORM",
"id": "121085",
"ident": null
},
{
"date": "2013-04-08T21:11:50",
"db": "PACKETSTORM",
"id": "121133",
"ident": null
},
{
"date": "2013-09-27T22:24:30",
"db": "PACKETSTORM",
"id": "123420",
"ident": null
},
{
"date": "2013-04-02T14:35:00",
"db": "PACKETSTORM",
"id": "121049",
"ident": null
},
{
"date": "2013-04-02T14:37:00",
"db": "PACKETSTORM",
"id": "121050",
"ident": null
},
{
"date": "2013-04-10T01:24:07",
"db": "PACKETSTORM",
"id": "121190",
"ident": null
},
{
"date": "2013-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-047",
"ident": null
},
{
"date": "2013-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002129",
"ident": null
},
{
"date": "2013-04-03T11:56:21.150000",
"db": "NVD",
"id": "CVE-2013-0793",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2015-04-13T22:14:00",
"db": "BID",
"id": "58837",
"ident": null
},
{
"date": "2013-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-047",
"ident": null
},
{
"date": "2013-06-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002129",
"ident": null
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-0793",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "123420"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-047"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "plural Mozilla Product cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002129"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-047"
}
],
"trust": 0.6
}
}
CVE-2026-5734 (GCVE-0-2026-5734)
Vulnerability from nvd – Published: 2026-04-07 12:43 – Updated: 2026-04-13 13:51- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.9.1 , ≤ 140.*
(rpm)
Unaffected: 149.0.2 , ≤ * (rpm) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5734",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T03:55:30.963374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:20:27.463Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149.0.2",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149.0.2",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Brian Grinstead, Christian Holler, Tom Schuster and the Mozilla Fuzzing Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1."
}
],
"value": "Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:51:34.677Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-25/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-27/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-28/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-29/"
}
],
"title": "Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-5734",
"datePublished": "2026-04-07T12:43:14.833Z",
"dateReserved": "2026-04-07T12:43:14.328Z",
"dateUpdated": "2026-04-13T13:51:34.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5732 (GCVE-0-2026-5732)
Vulnerability from nvd – Published: 2026-04-07 12:43 – Updated: 2026-04-13 13:51- CWE-190 - Integer Overflow or Wraparound
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.9.1 , ≤ 140.*
(rpm)
Unaffected: 149.0.2 , ≤ * (rpm) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5732",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T14:28:39.207668Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:29:05.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149.0.2",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149.0.2",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sajeeb Lohani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1."
}
],
"value": "Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:51:28.140Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017867"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-25/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-27/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-28/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-29/"
}
],
"title": "Incorrect boundary conditions, integer overflow in the Graphics: Text component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-5732",
"datePublished": "2026-04-07T12:43:12.829Z",
"dateReserved": "2026-04-07T12:43:12.349Z",
"dateUpdated": "2026-04-13T13:51:28.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5731 (GCVE-0-2026-5731)
Vulnerability from nvd – Published: 2026-04-07 12:43 – Updated: 2026-04-13 13:51- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
115.34.1 , ≤ 115.*
(rpm)
Unaffected: 140.9.1 , ≤ 140.* (rpm) Unaffected: 149.0.2 , ≤ * (rpm) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T03:55:32.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "115.*",
"status": "unaffected",
"version": "115.34.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149.0.2",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149.0.2",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Brian Grinstead, Christian Holler, Tom Schuster and the Mozilla Fuzzing Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1."
}
],
"value": "Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:51:32.565Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2021894%2C2022225%2C2022252%2C2022294%2C2023007%2C2023130%2C2023191%2C2023364%2C2023829%2C2024074%2C2024417%2C2024433%2C2024436%2C2024437%2C2024453%2C2024461%2C2024462%2C2024472%2C2024474%2C2024477%2C2025364%2C2025401%2C2025402%2C2025472%2C2026287%2C2026299%2C2026305%2C2026426"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-25/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-26/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-27/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-28/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-29/"
}
],
"title": "Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-5731",
"datePublished": "2026-04-07T12:43:11.895Z",
"dateReserved": "2026-04-07T12:43:11.413Z",
"dateUpdated": "2026-04-13T13:51:32.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4721 (GCVE-0-2026-4721)
Vulnerability from nvd – Published: 2026-03-24 12:30 – Updated: 2026-04-13 13:51- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
115.34 , ≤ 115.*
(rpm)
Unaffected: 140.9 , ≤ 140.* (rpm) Unaffected: 149 , ≤ * (rpm) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4721",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T03:56:11.360250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T13:09:23.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "115.*",
"status": "unaffected",
"version": "115.34",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Christian Holler, Timothy Nikkel, Tom Schuster and the Mozilla Fuzzing Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"value": "Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:51:21.639Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2013762%2C2015291%2C2016591%2C2016661%2C2016664%2C2017303%2C2017894%2C2018090%2C2018196%2C2018379%2C2019112%2C2022090%2C2022243%2C2022351%2C2022478%2C2022676"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-4721",
"datePublished": "2026-03-24T12:30:44.312Z",
"dateReserved": "2026-03-23T23:22:42.445Z",
"dateUpdated": "2026-04-13T13:51:21.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4720 (GCVE-0-2026-4720)
Vulnerability from nvd – Published: 2026-03-24 12:30 – Updated: 2026-04-13 13:51- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.9 , ≤ 140.*
(rpm)
Unaffected: 149 , ≤ * (rpm) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4720",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T03:56:10.337285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T13:10:13.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Christian Holler, Gabriele Svelto, Tom Schuster and the Mozilla Fuzzing Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"value": "Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:51:17.655Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2004652%2C2019372%2C2021922%2C2022567%2C2022733"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-4720",
"datePublished": "2026-03-24T12:30:43.271Z",
"dateReserved": "2026-03-23T23:22:41.974Z",
"dateUpdated": "2026-04-13T13:51:17.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4719 (GCVE-0-2026-4719)
Vulnerability from nvd – Published: 2026-03-24 12:30 – Updated: 2026-04-13 13:51- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.9 , ≤ 140.*
(rpm)
Unaffected: 149 , ≤ * (rpm) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4719",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T19:08:12.648684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T19:49:16.511Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sajeeb Lohani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"value": "Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:51:15.420Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016367"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "Incorrect boundary conditions in the Graphics: Text component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-4719",
"datePublished": "2026-03-24T12:30:42.762Z",
"dateReserved": "2026-03-23T23:22:39.782Z",
"dateUpdated": "2026-04-13T13:51:15.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4718 (GCVE-0-2026-4718)
Vulnerability from nvd – Published: 2026-03-24 12:30 – Updated: 2026-04-13 13:51- CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.9 , ≤ 140.*
(rpm)
Unaffected: 149 , ≤ * (rpm) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4718",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T19:11:07.322179Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-758",
"description": "CWE-758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T19:49:21.495Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"value": "Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:51:12.032Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014864"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "Undefined behavior in the WebRTC: Signaling component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-4718",
"datePublished": "2026-03-24T12:30:42.279Z",
"dateReserved": "2026-03-23T23:22:37.804Z",
"dateUpdated": "2026-04-13T13:51:12.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4717 (GCVE-0-2026-4717)
Vulnerability from nvd – Published: 2026-03-24 12:30 – Updated: 2026-04-13 13:51| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.9 , ≤ 140.*
(rpm)
Unaffected: 149 , ≤ * (rpm) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4717",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T03:56:09.242900Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T13:11:11.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Satoki Tsuji"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"value": "Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:51:03.533Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2021695"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "Privilege escalation in the Netmonitor component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-4717",
"datePublished": "2026-03-24T12:30:40.175Z",
"dateReserved": "2026-03-23T23:22:35.771Z",
"dateUpdated": "2026-04-13T13:51:03.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4716 (GCVE-0-2026-4716)
Vulnerability from nvd – Published: 2026-03-24 12:30 – Updated: 2026-04-13 13:51- CWE-908 - Use of Uninitialized Resource
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.9 , ≤ 140.*
(rpm)
Unaffected: 149 , ≤ * (rpm) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4716",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T19:24:14.555574Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908 Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T19:49:33.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Pwn2addr"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"value": "Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:51:01.318Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018592"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-4716",
"datePublished": "2026-03-24T12:30:39.453Z",
"dateReserved": "2026-03-23T23:22:33.703Z",
"dateUpdated": "2026-04-13T13:51:01.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4715 (GCVE-0-2026-4715)
Vulnerability from nvd – Published: 2026-03-24 12:30 – Updated: 2026-04-13 13:50- CWE-908 - Use of Uninitialized Resource
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.9 , ≤ 140.*
(rpm)
Unaffected: 149 , ≤ * (rpm) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4715",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T19:34:24.461807Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908 Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T19:49:39.101Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jun Yang"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"value": "Uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:50:59.102Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018405"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "Uninitialized memory in the Graphics: Canvas2D component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-4715",
"datePublished": "2026-03-24T12:30:38.831Z",
"dateReserved": "2026-03-23T23:22:31.885Z",
"dateUpdated": "2026-04-13T13:50:59.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4714 (GCVE-0-2026-4714)
Vulnerability from nvd – Published: 2026-03-24 12:30 – Updated: 2026-04-13 13:50- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.9 , ≤ 140.*
(rpm)
Unaffected: 149 , ≤ * (rpm) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4714",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T16:10:07.067081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T16:10:36.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sajeeb Lohani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"value": "Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:50:56.854Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018126"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "Incorrect boundary conditions in the Audio/Video component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-4714",
"datePublished": "2026-03-24T12:30:38.311Z",
"dateReserved": "2026-03-23T23:22:29.882Z",
"dateUpdated": "2026-04-13T13:50:56.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4713 (GCVE-0-2026-4713)
Vulnerability from nvd – Published: 2026-03-24 12:30 – Updated: 2026-04-13 13:50- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.9 , ≤ 140.*
(rpm)
Unaffected: 149 , ≤ * (rpm) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4713",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T16:13:05.618870Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T16:13:37.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sajeeb Lohani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"value": "Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:50:54.808Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018113"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "Incorrect boundary conditions in the Graphics component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-4713",
"datePublished": "2026-03-24T12:30:37.800Z",
"dateReserved": "2026-03-23T23:22:27.865Z",
"dateUpdated": "2026-04-13T13:50:54.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4712 (GCVE-0-2026-4712)
Vulnerability from nvd – Published: 2026-03-24 12:30 – Updated: 2026-04-13 13:50- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.9 , ≤ 140.*
(rpm)
Unaffected: 149 , ≤ * (rpm) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4712",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T17:49:31.267492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T18:08:03.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Josh Aas"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Information disclosure in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"value": "Information disclosure in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:50:52.664Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017666"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "Information disclosure in the Widget: Cocoa component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-4712",
"datePublished": "2026-03-24T12:30:37.333Z",
"dateReserved": "2026-03-23T23:22:25.868Z",
"dateUpdated": "2026-04-13T13:50:52.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4711 (GCVE-0-2026-4711)
Vulnerability from nvd – Published: 2026-03-24 12:30 – Updated: 2026-04-13 13:50- CWE-416 - Use After Free
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.9 , ≤ 140.*
(rpm)
Unaffected: 149 , ≤ * (rpm) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4711",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T16:25:02.389182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T16:25:17.158Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Josh Aas"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"value": "Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:50:48.884Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017002"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "Use-after-free in the Widget: Cocoa component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-4711",
"datePublished": "2026-03-24T12:30:36.392Z",
"dateReserved": "2026-03-23T23:22:23.818Z",
"dateUpdated": "2026-04-13T13:50:48.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4710 (GCVE-0-2026-4710)
Vulnerability from nvd – Published: 2026-03-24 12:30 – Updated: 2026-04-13 13:50- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.9 , ≤ 140.*
(rpm)
Unaffected: 149 , ≤ * (rpm) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4710",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T18:52:46.444267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T18:54:06.751Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sajeeb Lohani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"value": "Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:50:46.845Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016370"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "Incorrect boundary conditions in the Audio/Video component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-4710",
"datePublished": "2026-03-24T12:30:35.852Z",
"dateReserved": "2026-03-23T23:22:21.623Z",
"dateUpdated": "2026-04-13T13:50:46.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4709 (GCVE-0-2026-4709)
Vulnerability from nvd – Published: 2026-03-24 12:30 – Updated: 2026-04-13 13:50- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
115.34 , ≤ 115.*
(rpm)
Unaffected: 140.9 , ≤ 140.* (rpm) Unaffected: 149 , ≤ * (rpm) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4709",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T16:27:39.259980Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T16:27:43.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "115.*",
"status": "unaffected",
"version": "115.34",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sajeeb Lohani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"value": "Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:50:44.839Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016329"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016342"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "Incorrect boundary conditions in the Audio/Video: GMP component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-4709",
"datePublished": "2026-03-24T12:30:35.375Z",
"dateReserved": "2026-03-23T23:22:19.524Z",
"dateUpdated": "2026-04-13T13:50:44.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4708 (GCVE-0-2026-4708)
Vulnerability from nvd – Published: 2026-03-24 12:30 – Updated: 2026-04-13 13:50- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.9 , ≤ 140.*
(rpm)
Unaffected: 149 , ≤ * (rpm) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4708",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T16:28:54.434329Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T16:31:36.303Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sajeeb Lohani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"value": "Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:50:42.608Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015268"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "Incorrect boundary conditions in the Graphics component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-4708",
"datePublished": "2026-03-24T12:30:34.423Z",
"dateReserved": "2026-03-23T23:22:17.660Z",
"dateUpdated": "2026-04-13T13:50:42.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4707 (GCVE-0-2026-4707)
Vulnerability from nvd – Published: 2026-03-24 12:30 – Updated: 2026-04-13 13:50- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
115.34 , ≤ 115.*
(rpm)
Unaffected: 140.9 , ≤ 140.* (rpm) Unaffected: 149 , ≤ * (rpm) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4707",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T19:37:12.279405Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T19:49:44.717Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "115.*",
"status": "unaffected",
"version": "115.34",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sajeeb Lohani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"value": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:50:40.488Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015267"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "Incorrect boundary conditions in the Graphics: Canvas2D component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-4707",
"datePublished": "2026-03-24T12:30:33.906Z",
"dateReserved": "2026-03-23T23:22:15.462Z",
"dateUpdated": "2026-04-13T13:50:40.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4706 (GCVE-0-2026-4706)
Vulnerability from nvd – Published: 2026-03-24 12:30 – Updated: 2026-04-13 13:50- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
115.34 , ≤ 115.*
(rpm)
Unaffected: 140.9 , ≤ 140.* (rpm) Unaffected: 149 , ≤ * (rpm) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4706",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T19:38:16.757316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T19:49:49.707Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "115.*",
"status": "unaffected",
"version": "115.34",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jun Yang"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"value": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:50:38.452Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015091"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "Incorrect boundary conditions in the Graphics: Canvas2D component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-4706",
"datePublished": "2026-03-24T12:30:33.263Z",
"dateReserved": "2026-03-23T23:22:13.686Z",
"dateUpdated": "2026-04-13T13:50:38.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4705 (GCVE-0-2026-4705)
Vulnerability from nvd – Published: 2026-03-24 12:30 – Updated: 2026-04-13 13:50- CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.9 , ≤ 140.*
(rpm)
Unaffected: 149 , ≤ * (rpm) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4705",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T19:38:48.900474Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-758",
"description": "CWE-758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T19:49:54.957Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"value": "Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:50:36.275Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014873"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "Undefined behavior in the WebRTC: Signaling component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-4705",
"datePublished": "2026-03-24T12:30:32.731Z",
"dateReserved": "2026-03-23T23:22:11.844Z",
"dateUpdated": "2026-04-13T13:50:36.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4704 (GCVE-0-2026-4704)
Vulnerability from nvd – Published: 2026-03-24 12:30 – Updated: 2026-04-13 13:50- CWE-400 - Uncontrolled Resource Consumption
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.9 , ≤ 140.*
(rpm)
Unaffected: 149 , ≤ * (rpm) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T17:50:26.794152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T18:08:08.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Denial-of-service in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"value": "Denial-of-service in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:50:34.107Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014868"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "Denial-of-service in the WebRTC: Signaling component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-4704",
"datePublished": "2026-03-24T12:30:32.214Z",
"dateReserved": "2026-03-23T23:22:09.666Z",
"dateUpdated": "2026-04-13T13:50:34.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4702 (GCVE-0-2026-4702)
Vulnerability from nvd – Published: 2026-03-24 12:30 – Updated: 2026-04-13 13:50- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.9 , ≤ 140.*
(rpm)
Unaffected: 149 , ≤ * (rpm) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4702",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T19:48:14.570163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T19:50:15.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "JIT miscompilation in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"value": "JIT miscompilation in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:50:24.307Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013560"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "JIT miscompilation in the JavaScript Engine component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-4702",
"datePublished": "2026-03-24T12:30:30.743Z",
"dateReserved": "2026-03-23T23:22:07.529Z",
"dateUpdated": "2026-04-13T13:50:24.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5734 (GCVE-0-2026-5734)
Vulnerability from cvelistv5 – Published: 2026-04-07 12:43 – Updated: 2026-04-13 13:51- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.9.1 , ≤ 140.*
(rpm)
Unaffected: 149.0.2 , ≤ * (rpm) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5734",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T03:55:30.963374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:20:27.463Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149.0.2",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149.0.2",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Brian Grinstead, Christian Holler, Tom Schuster and the Mozilla Fuzzing Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1."
}
],
"value": "Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:51:34.677Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-25/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-27/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-28/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-29/"
}
],
"title": "Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-5734",
"datePublished": "2026-04-07T12:43:14.833Z",
"dateReserved": "2026-04-07T12:43:14.328Z",
"dateUpdated": "2026-04-13T13:51:34.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5732 (GCVE-0-2026-5732)
Vulnerability from cvelistv5 – Published: 2026-04-07 12:43 – Updated: 2026-04-13 13:51- CWE-190 - Integer Overflow or Wraparound
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.9.1 , ≤ 140.*
(rpm)
Unaffected: 149.0.2 , ≤ * (rpm) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5732",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T14:28:39.207668Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:29:05.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149.0.2",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149.0.2",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sajeeb Lohani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1."
}
],
"value": "Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:51:28.140Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017867"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-25/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-27/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-28/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-29/"
}
],
"title": "Incorrect boundary conditions, integer overflow in the Graphics: Text component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-5732",
"datePublished": "2026-04-07T12:43:12.829Z",
"dateReserved": "2026-04-07T12:43:12.349Z",
"dateUpdated": "2026-04-13T13:51:28.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5731 (GCVE-0-2026-5731)
Vulnerability from cvelistv5 – Published: 2026-04-07 12:43 – Updated: 2026-04-13 13:51- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
115.34.1 , ≤ 115.*
(rpm)
Unaffected: 140.9.1 , ≤ 140.* (rpm) Unaffected: 149.0.2 , ≤ * (rpm) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T03:55:32.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "115.*",
"status": "unaffected",
"version": "115.34.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149.0.2",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149.0.2",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Brian Grinstead, Christian Holler, Tom Schuster and the Mozilla Fuzzing Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1."
}
],
"value": "Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:51:32.565Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2021894%2C2022225%2C2022252%2C2022294%2C2023007%2C2023130%2C2023191%2C2023364%2C2023829%2C2024074%2C2024417%2C2024433%2C2024436%2C2024437%2C2024453%2C2024461%2C2024462%2C2024472%2C2024474%2C2024477%2C2025364%2C2025401%2C2025402%2C2025472%2C2026287%2C2026299%2C2026305%2C2026426"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-25/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-26/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-27/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-28/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-29/"
}
],
"title": "Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-5731",
"datePublished": "2026-04-07T12:43:11.895Z",
"dateReserved": "2026-04-07T12:43:11.413Z",
"dateUpdated": "2026-04-13T13:51:32.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}