Vulnerability Name:

CVE-2008-0415 (CCN-40360)

Assigned:2008-02-07
Published:2008-02-07
Updated:2018-10-15
Summary:Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation bugs."
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: Netscape Web site
Release Notes: What's New in Netscape Navigator 9.0.0.6

Source: CONFIRM
Type: UNKNOWN
http://browser.netscape.com/releasenotes/

Source: MITRE
Type: CNA
CVE-2008-0415

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:008

Source: CCN
Type: RHSA-2008-0103
Critical: firefox security update

Source: CCN
Type: RHSA-2008-0104
Critical: seamonkey security update

Source: CCN
Type: RHSA-2008-0105
Moderate: thunderbird security update

Source: SECUNIA
Type: UNKNOWN
28754

Source: CCN
Type: SA28758
Mozilla Firefox Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
28758

Source: SECUNIA
Type: UNKNOWN
28766

Source: CCN
Type: SA28808
Mozilla Thunderbird Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
28808

Source: CCN
Type: SA28815
Mozilla SeaMonkey Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
28815

Source: SECUNIA
Type: UNKNOWN
28818

Source: SECUNIA
Type: UNKNOWN
28839

Source: SECUNIA
Type: UNKNOWN
28864

Source: SECUNIA
Type: UNKNOWN
28865

Source: SECUNIA
Type: UNKNOWN
28877

Source: SECUNIA
Type: UNKNOWN
28879

Source: SECUNIA
Type: UNKNOWN
28924

Source: SECUNIA
Type: UNKNOWN
28939

Source: SECUNIA
Type: UNKNOWN
28958

Source: CCN
Type: SA29049
Netscape Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
29049

Source: SECUNIA
Type: UNKNOWN
29086

Source: SECUNIA
Type: UNKNOWN
29098

Source: SECUNIA
Type: UNKNOWN
29164

Source: SECUNIA
Type: UNKNOWN
29167

Source: SECUNIA
Type: UNKNOWN
29211

Source: SECUNIA
Type: UNKNOWN
29567

Source: SECUNIA
Type: UNKNOWN
30327

Source: CCN
Type: SA30620
Sun Solaris Firefox Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
30620

Source: CCN
Type: SA31043
Sun Solaris Thunderbird Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
31043

Source: CCN
Type: SECTRACK ID: 1019327
Mozilla Firefox JavaScript Bugs Let Remote Users Conduct Cross-Site Scripting Attacks and Execute Arbitrary Code

Source: SLACKWARE
Type: UNKNOWN
SSA:2008-061-01

Source: SUNALERT
Type: UNKNOWN
238492

Source: SUNALERT
Type: UNKNOWN
239546

Source: CCN
Type: Sun Alert ID: 238492
Multiple Security Vulnerabilities in Solaris 10 Firefox may Allow Execution of Arbitrary Code and Access to Unauthorized Data

Source: CCN
Type: Sun Alert ID: 239546
Security Vulnerabilities in Thunderbird for Solaris May Result in Privilege Escalation or Cross-Site Scripting (XSS)

Source: CCN
Type: ASA-2008-058
thunderbird security update (RHSA-2008-0105)

Source: CCN
Type: ASA-2008-059
firefox security update (RHSA-2008-0103)

Source: CCN
Type: ASA-2008-101
seamonkey security update (RHSA-2008-0104)

Source: CONFIRM
Type: UNKNOWN
http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html

Source: CONFIRM
Type: UNKNOWN
http://wiki.rpath.com/Advisories:rPSA-2008-0051

Source: CONFIRM
Type: UNKNOWN
http://wiki.rpath.com/Advisories:rPSA-2008-0093

Source: CONFIRM
Type: UNKNOWN
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093

Source: DEBIAN
Type: UNKNOWN
DSA-1484

Source: DEBIAN
Type: UNKNOWN
DSA-1485

Source: DEBIAN
Type: UNKNOWN
DSA-1489

Source: DEBIAN
Type: UNKNOWN
DSA-1506

Source: DEBIAN
Type: DSA-1484
xulrunner -- several vulnerabilities

Source: DEBIAN
Type: DSA-1485
icedove -- several vulnerabilities

Source: DEBIAN
Type: DSA-1489
iceweasel -- several vulnerabilities

Source: DEBIAN
Type: DSA-1506
iceape -- several vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200805-18

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:048

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:062

Source: CCN
Type: MFSA 2008-03
Privilege escalation, XSS, Remote Code Execution

Source: CONFIRM
Type: UNKNOWN
http://www.mozilla.org/security/announce/2008/mfsa2008-03.html

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0103

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0104

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0105

Source: BUGTRAQ
Type: UNKNOWN
20080209 rPSA-2008-0051-1 firefox

Source: BUGTRAQ
Type: UNKNOWN
20080212 FLEA-2008-0001-1 firefox

Source: BUGTRAQ
Type: UNKNOWN
20080229 rPSA-2008-0093-1 thunderbird

Source: BID
Type: UNKNOWN
27683

Source: CCN
Type: BID-27683
Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.11 Multiple Remote Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1019327

Source: CCN
Type: USN-576-1
Firefox vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-576-1

Source: CCN
Type: USN-582-1
Thunderbird vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-582-1

Source: CCN
Type: USN-582-2
Thunderbird regression

Source: UBUNTU
Type: UNKNOWN
USN-582-2

Source: VUPEN
Type: UNKNOWN
ADV-2008-0453

Source: VUPEN
Type: UNKNOWN
ADV-2008-0454

Source: VUPEN
Type: UNKNOWN
ADV-2008-0627

Source: VUPEN
Type: UNKNOWN
ADV-2008-1793

Source: VUPEN
Type: UNKNOWN
ADV-2008-2091

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.mozilla.org/buglist.cgi?bug_id=386695,393761,393762,399298,407289,372075,363597

Source: XF
Type: UNKNOWN
mozilla-chrome-privilege-escalation(40360)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-1995

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9897

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-1435

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-1459

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-1535

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-2060

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-2118

Source: SUSE
Type: SUSE-SA:2008:008
Mozilla Firefox and Seamonkey Security Problems

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version <= 2.0.0.11)
  • OR cpe:/a:mozilla:seamonkey:*:*:*:*:*:*:*:* (Version <= 1.1.7)
  • OR cpe:/a:mozilla:thunderbird:*:*:*:*:*:*:*:* (Version <= 2.0.0.11)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/a:redhat:rhel_productivity:5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mozilla:firefox:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:navigator:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:2.0.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.1::beta:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10:*:sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10:*:x86:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:novell_linux_pos:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:x86-64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.6.z:ga:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.6.z:ga:es:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:2008.5:*:*:*:*:*:x86:*
  • OR cpe:/o:sun:opensolaris:2008.5:*:*:*:*:*:sparc:*
  • OR cpe:/o:sun:opensolaris:build_snv_89:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_89:*:sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2008-0415 (CCN-40361)

    Assigned:2008-02-07
    Published:2008-02-07
    Updated:2018-10-15
    Summary:Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation bugs."
    CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): Low
    Availibility (A): None
    CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
    3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
    3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Type:CWE-79
    Vulnerability Consequences:Bypass Security
    References:Source: CCN
    Type: Netscape Web site
    Release Notes: What's New in Netscape Navigator 9.0.0.6

    Source: MITRE
    Type: CNA
    CVE-2008-0415

    Source: CCN
    Type: RHSA-2008-0103
    Critical: firefox security update

    Source: CCN
    Type: RHSA-2008-0104
    Critical: seamonkey security update

    Source: CCN
    Type: RHSA-2008-0105
    Moderate: thunderbird security update

    Source: CCN
    Type: SA28758
    Mozilla Firefox Multiple Vulnerabilities

    Source: CCN
    Type: SA28808
    Mozilla Thunderbird Multiple Vulnerabilities

    Source: CCN
    Type: SA28815
    Mozilla SeaMonkey Multiple Vulnerabilities

    Source: CCN
    Type: SA29049
    Netscape Multiple Vulnerabilities

    Source: CCN
    Type: SA30620
    Sun Solaris Firefox Multiple Vulnerabilities

    Source: CCN
    Type: SA31043
    Sun Solaris Thunderbird Multiple Vulnerabilities

    Source: CCN
    Type: SECTRACK ID: 1019327
    Mozilla Firefox JavaScript Bugs Let Remote Users Conduct Cross-Site Scripting Attacks and Execute Arbitrary Code

    Source: CCN
    Type: Sun Alert ID: 238492
    Multiple Security Vulnerabilities in Solaris 10 Firefox may Allow Execution of Arbitrary Code and Access to Unauthorized Data

    Source: CCN
    Type: Sun Alert ID: 239546
    Security Vulnerabilities in Thunderbird for Solaris May Result in Privilege Escalation or Cross-Site Scripting (XSS)

    Source: CCN
    Type: ASA-2008-058
    thunderbird security update (RHSA-2008-0105)

    Source: CCN
    Type: ASA-2008-059
    firefox security update (RHSA-2008-0103)

    Source: CCN
    Type: ASA-2008-101
    seamonkey security update (RHSA-2008-0104)

    Source: DEBIAN
    Type: DSA-1484
    xulrunner -- several vulnerabilities

    Source: DEBIAN
    Type: DSA-1485
    icedove -- several vulnerabilities

    Source: DEBIAN
    Type: DSA-1489
    iceweasel -- several vulnerabilities

    Source: DEBIAN
    Type: DSA-1506
    iceape -- several vulnerabilities

    Source: CCN
    Type: MFSA 2008-03
    Privilege escalation, XSS, Remote Code Execution

    Source: CCN
    Type: BID-27683
    Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.11 Multiple Remote Vulnerabilities

    Source: CCN
    Type: USN-576-1
    Firefox vulnerabilities

    Source: CCN
    Type: USN-582-1
    Thunderbird vulnerabilities

    Source: CCN
    Type: USN-582-2
    Thunderbird regression

    Source: XF
    Type: UNKNOWN
    mozilla-xmldocumentload-security-bypass(40361)

    Source: SUSE
    Type: SUSE-SA:2008:008
    Mozilla Firefox and Seamonkey Security Problems

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*
    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*
    • Configuration RedHat 9:
  • cpe:/a:redhat:rhel_productivity:5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20080415
    V
    		CVE-2008-0415
    2022-06-30
    oval:org.opensuse.security:def:42260
    P
    		Security update for yaml-cpp (Moderate)
    2022-04-01
    oval:org.opensuse.security:def:111899
    P
    		MozillaFirefox-92.0-1.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:113434
    P
    		seamonkey-2.53.9.1-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:31755
    P
    		Security update for libvirt (Important)
    2022-01-10
    oval:org.opensuse.security:def:32252
    P
    		Security update for chrony (Moderate)
    2021-12-22
    oval:org.opensuse.security:def:31321
    P
    		Security update for glib-networking (Important)
    2021-12-13
    oval:org.opensuse.security:def:31320
    P
    		Security update for MozillaFirefox (Important)
    2021-12-12
    oval:org.opensuse.security:def:26179
    P
    		Security update for gmp (Moderate)
    2021-12-02
    oval:org.opensuse.security:def:31698
    P
    		Security update for transfig (Important)
    2021-10-29
    oval:org.opensuse.security:def:33034
    P
    		Security update for opensc (Important)
    2021-10-29
    oval:org.opensuse.security:def:31293
    P
    		Security update for postgresql10 (Important)
    2021-10-20
    oval:org.opensuse.security:def:32203
    P
    		Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)
    2021-10-18
    oval:org.opensuse.security:def:106835
    P
    		seamonkey-2.53.9.1-1.1 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:105476
    P
    		MozillaFirefox-92.0-1.2 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:31687
    P
    		Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:26135
    P
    		Security update for hivex (Moderate)
    2021-09-23
    oval:org.opensuse.security:def:26121
    P
    		Security update for ntfs-3g_ntfsprogs (Important)
    2021-09-07
    oval:org.opensuse.security:def:32995
    P
    		Security update for file (Important)
    2021-09-02
    oval:org.opensuse.security:def:26115
    P
    		Security update for libesmtp (Important)
    2021-09-02
    oval:org.opensuse.security:def:32147
    P
    		Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)
    2021-07-21
    oval:org.opensuse.security:def:32140
    P
    		Security update for MozillaFirefox (Important)
    2021-07-16
    oval:org.opensuse.security:def:26082
    P
    		Security update for openexr (Important)
    2021-06-24
    oval:org.opensuse.security:def:31212
    P
    		Security update for ovmf (Important)
    2021-06-22
    oval:org.opensuse.security:def:36362
    P
    		MozillaFirefox-devel-31.7.0esr-0.8.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:42478
    P
    		MozillaFirefox-31.7.0esr-0.8.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36071
    P
    		MozillaFirefox-31.7.0esr-0.8.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:31630
    P
    		Security update for polkit (Important)
    2021-06-03
    oval:org.opensuse.security:def:31623
    P
    		Security update for libxml2 (Important)
    2021-05-19
    oval:org.opensuse.security:def:26046
    P
    		Security update for libxml2 (Moderate)
    2021-05-05
    oval:org.opensuse.security:def:42065
    P
    		Security update for permissions (Important)
    2021-05-04
    oval:org.opensuse.security:def:32074
    P
    		Security update for MozillaFirefox (Important)
    2021-04-27
    oval:org.opensuse.security:def:26033
    P
    		Security update for ImageMagick (Moderate)
    2021-04-20
    oval:org.opensuse.security:def:31350
    P
    		Security update for python-cryptography (Important)
    2021-03-02
    oval:org.opensuse.security:def:31737
    P
    		Security update for python-cryptography (Important)
    2021-03-02
    oval:org.opensuse.security:def:31736
    P
    		Security update for MozillaFirefox (Important)
    2021-03-01
    oval:org.opensuse.security:def:26197
    P
    		Security update for postgresql13 (Moderate)
    2021-02-22
    oval:org.opensuse.security:def:26196
    P
    		Security update for ImageMagick (Moderate)
    2021-02-19
    oval:org.opensuse.security:def:31344
    P
    		Security update for java-1_7_1-ibm (Important)
    2021-02-18
    oval:org.opensuse.security:def:31332
    P
    		Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)
    2021-02-10
    oval:org.opensuse.security:def:31649
    P
    		Security update for postgresql, postgresql12, postgresql13 (Important)
    2021-01-26
    oval:org.opensuse.security:def:31201
    P
    		Security update for ImageMagick (Important)
    2021-01-22
    oval:org.opensuse.security:def:32096
    P
    		Security update for dnsmasq (Important)
    2021-01-19
    oval:org.opensuse.security:def:25985
    P
    		Security update for gimp (Moderate)
    2020-12-29
    oval:org.opensuse.security:def:25980
    P
    		Security update for MozillaFirefox (Critical)
    2020-12-21
    oval:org.opensuse.security:def:35515
    P
    		MozillaFirefox-3.5.9-0.1.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35658
    P
    		MozillaFirefox-10.0-0.3.2 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:41922
    P
    		MozillaFirefox-3.5.9-0.1.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35853
    P
    		MozillaFirefox-17.0.4esr-0.10.42 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:25987
    P
    		Security update for the Linux Kernel (Critical)
    2020-12-01
    oval:org.opensuse.security:def:25635
    P
    		Security update for tigervnc (Critical)
    2020-12-01
    oval:org.opensuse.security:def:27325
    P
    		xen on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31138
    P
    		Security update for lcms
    2020-12-01
    oval:org.opensuse.security:def:25962
    P
    		Security update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:25888
    P
    		Security update for flash-player (Critical)
    2020-12-01
    oval:org.opensuse.security:def:31946
    P
    		Security update for gnutls (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31538
    P
    		Security update for samba (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32313
    P
    		Security update for quagga (Important)
    2020-12-01
    oval:org.opensuse.security:def:25210
    P
    		Security update for unzip (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25941
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:32623
    P
    		MozillaFirefox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25620
    P
    		Security update for ovmf (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31437
    P
    		Security update for php53 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26338
    P
    		Security update for Chromium (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25285
    P
    		Security update for tomcat (Important)
    2020-12-01
    oval:org.opensuse.security:def:26623
    P
    		pam on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25632
    P
    		Security update for aspell (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25408
    P
    		Security update for sane-backends (Important)
    2020-12-01
    oval:org.opensuse.security:def:31792
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:26396
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:30984
    P
    		Security update for icu (Important)
    2020-12-01
    oval:org.opensuse.security:def:25688
    P
    		Security update for systemd (Important)
    2020-12-01
    oval:org.opensuse.security:def:31930
    P
    		Security update for glib2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31759
    P
    		Security update for LibVNCServer (Important)
    2020-12-01
    oval:org.opensuse.security:def:25824
    P
    		Security update for mariadb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25643
    P
    		Security update for hunspell (Low)
    2020-12-01
    oval:org.opensuse.security:def:27069
    P
    		MozillaFirefox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25066
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:31069
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25829
    P
    		Security update for php5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25784
    P
    		Security update for flash-player (Critical)
    2020-12-01
    oval:org.opensuse.security:def:32441
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:26253
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25078
    P
    		Security update for mailman (Important)
    2020-12-01
    oval:org.opensuse.security:def:31436
    P
    		Security update for php53 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26250
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25842
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25404
    P
    		Security update for spice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26488
    P
    		Security update for cacti, cacti-spine (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32817
    P
    		MozillaFirefox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25911
    P
    		Security update for gstreamer-plugins-base (Low)
    2020-12-01
    oval:org.opensuse.security:def:25270
    P
    		Security update for libxslt (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31580
    P
    		Security update for syslog-ng (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26629
    P
    		perl-Tk on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26515
    P
    		MozillaFirefox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25479
    P
    		Security update for mariadb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31904
    P
    		Security update for foomatic-filters (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31841
    P
    		Security update for bzip2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:26817
    P
    		rsync on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25923
    P
    		Security update for util-linux (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25551
    P
    		Security update for tomcat (Important)
    2020-12-01
    oval:org.opensuse.security:def:31986
    P
    		Security update for java-1_7_1-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:26687
    P
    		e2fsprogs on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31127
    P
    		Security update for kvm (Important)
    2020-12-01
    oval:org.opensuse.security:def:25905
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:31902
    P
    		Security update for MozillaFirefox, mozilla-nss (Important)
    2020-12-01
    oval:org.opensuse.security:def:31537
    P
    		Security update for samba (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25786
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:32291
    P
    		Security update for postgresql94 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27360
    P
    		MozillaFirefox-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25209
    P
    		Security update for mutt (Important)
    2020-12-01
    oval:org.opensuse.security:def:25927
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:32584
    P
    		ntp on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31549
    P
    		Security update for screen (Low)
    2020-12-01
    oval:org.opensuse.security:def:26299
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:32357
    P
    		Security update for squid3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25221
    P
    		Security update for sysstat (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26541
    P
    		evince on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25621
    P
    		Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:25351
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:31593
    P
    		Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26352
    P
    		Security update for Mozilla Thunderbird (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:30983
    P
    		Security update for icu (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25413
    P
    		Security update for ucode-intel (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31774
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:26658
    P
    		MozillaFirefox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25696
    P
    		Security update for sudo (Important)
    2020-12-01
    oval:org.opensuse.security:def:25492
    P
    		Security update for webkit2gtk3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:32035
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:27034
    P
    		stunnel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:30995
    P
    		Security update for jasper (Important)
    2020-12-01
    oval:org.opensuse.security:def:25745
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:31803
    P
    		Security update for amanda (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25839
    P
    		Security update for gimp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25067
    P
    		Security update for libjpeg-turbo (Important)
    2020-12-01
    oval:org.opensuse.security:def:25798
    P
    		Security update for flash-player (Critical)
    2020-12-01
    oval:org.opensuse.security:def:32480
    P
    		MozillaFirefox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25403
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:31406
    P
    		Security update for perl-PlRPC (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26337
    P
    		Security update for freexl (Low)
    2020-12-01
    oval:org.opensuse.security:def:32778
    P
    		pyxml on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25142
    P
    		Security update for wget (Important)
    2020-12-01
    oval:org.opensuse.security:def:31493
    P
    		Security update for python
    2020-12-01
    oval:org.opensuse.security:def:26590
    P
    		libmusicbrainz4 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26480
    P
    		Security update for okular (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25415
    P
    		Security update for openldap2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31847
    P
    		Security update for clamav (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25912
    P
    		Security update for zziplib (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25494
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26643
    P
    		systemtap on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31126
    P
    		Security update for kvm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25607
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:31991
    P
    		Security update for java-1_7_1-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:31880
    P
    		Security update for dhcpcd (Important)
    2020-12-01
    oval:org.opensuse.security:def:26852
    P
    		MozillaFirefox on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:17244
    P
    		USN-582-2 -- mozilla-thunderbird
    2014-07-21
    oval:org.mitre.oval:def:17594
    P
    		USN-582-1 -- mozilla-thunderbird, thunderbird vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:17533
    P
    		USN-576-1 -- firefox vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:7909
    P
    		DSA-1489 iceweasel -- several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:20267
    P
    		DSA-1484-1 xulrunner - several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:18417
    P
    		DSA-1485-2 icedove - several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:7914
    P
    		DSA-1485 icedove -- several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:18434
    P
    		DSA-1489-1 iceweasel - several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:8000
    P
    		DSA-1484 xulrunner -- several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:20074
    P
    		DSA-1506-1 iceape - several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:8162
    P
    		DSA-1506 iceape -- several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:21756
    P
    		ELSA-2008:0105: thunderbird security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:22437
    P
    		ELSA-2008:0103: firefox security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:9897
    V
    		Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation bugs."
    2013-04-29
    oval:com.redhat.rhsa:def:20080103
    P
    		RHSA-2008:0103: firefox security update (Critical)
    2008-03-20
    oval:com.redhat.rhsa:def:20080104
    P
    		RHSA-2008:0104: seamonkey security update (Critical)
    2008-03-20
    oval:com.redhat.rhsa:def:20080105
    P
    		RHSA-2008:0105: thunderbird security update (Critical)
    2008-02-27
    oval:org.debian:def:1506
    V
    		several vulnerabilities
    2008-02-24
    oval:org.debian:def:1485
    V
    		several vulnerabilities
    2008-02-10
    oval:org.debian:def:1489
    V
    		several vulnerabilities
    2008-02-10
    oval:org.debian:def:1484
    V
    		several vulnerabilities
    2008-02-10
    BACK
    mozilla firefox *
    mozilla seamonkey *
    mozilla thunderbird *
    mozilla firefox 2.0
    mozilla firefox 2.0.0.1
    mozilla firefox 2.0.0.2
    mozilla firefox 2.0.0.3
    mozilla firefox 2.0.0.4
    netscape navigator 9.0
    mozilla firefox 2.0.0.5
    mozilla thunderbird 2.0.0.5
    mozilla seamonkey 1.1.3
    mozilla firefox 2.0.0.6
    mozilla firefox 2.0.0.9
    mozilla thunderbird 2.0.0.4
    mozilla thunderbird 2.0.0.3
    mozilla thunderbird 2.0.0.2
    mozilla thunderbird 2.0.0.1
    mozilla seamonkey 1.1.2
    mozilla seamonkey 1.1.1
    mozilla firefox 2.0.0.7
    mozilla thunderbird 2.0.0.6
    mozilla thunderbird 2.0.0.7
    mozilla seamonkey 1.1.4
    mozilla firefox 2.0.0.8
    mozilla seamonkey 1.1.5
    mozilla seamonkey 1.1.6
    mozilla firefox 2.0.0.11
    mozilla thunderbird 2.0.0.9
    mozilla firefox 2.0 beta1
    mozilla firefox 2.0 rc2
    mozilla firefox 2.0 rc3
    mozilla firefox 2.0.0.10
    mozilla thunderbird 2.0.0.0
    mozilla thunderbird 2.0.0.11
    mozilla thunderbird 2.0.0.8
    mozilla seamonkey 1.1
    mozilla seamonkey 1.1.7
    mozilla seamonkey 1.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    sun solaris 10
    sun solaris 10
    redhat linux advanced workstation 2.1
    canonical ubuntu 6.06
    suse suse linux 10.1
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    suse novell linux pos 9
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    canonical ubuntu 7.04
    redhat enterprise linux 5
    canonical ubuntu 7.10
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2007.1
    redhat enterprise linux 4.6.z ga
    redhat enterprise linux 4.6.z ga
    novell open enterprise server *
    novell opensuse 10.2
    novell opensuse 10.3
    sun opensolaris 2008.5
    sun opensolaris 2008.5
    sun opensolaris build_snv_89
    sun opensolaris build_snv_89