Vulnerability CVE-2009-1838 - CERT Civis.Net

Vulnerability Name:

CVE-2009-1838 (CCN-51075)

Assigned:

2009-06-11

Published:

2009-06-11

Updated:

2018-10-30

Summary:

The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2009-1838

Source: OSVDB
Type: UNKNOWN
55157

Source: CCN
Type: RHSA-2009-1095
Critical: firefox security update

Source: CCN
Type: RHSA-2009-1096
Critical: seamonkey security update

Source: REDHAT
Type: UNKNOWN
RHSA-2009:1096

Source: CCN
Type: RHSA-2009-1125
Moderate: thunderbird security update

Source: CCN
Type: RHSA-2009-1126
Moderate: thunderbird security update

Source: CCN
Type: SA35331
Mozilla Firefox Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
35331

Source: SECUNIA
Type: UNKNOWN
35415

Source: SECUNIA
Type: Vendor Advisory
35428

Source: SECUNIA
Type: Vendor Advisory
35431

Source: CCN
Type: SA35439
Mozilla SeaMonkey Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
35439

Source: CCN
Type: SA35440
Mozilla Thunderbird Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
35440

Source: SECUNIA
Type: UNKNOWN
35468

Source: SECUNIA
Type: UNKNOWN
35536

Source: SECUNIA
Type: UNKNOWN
35561

Source: SECUNIA
Type: UNKNOWN
35602

Source: SECUNIA
Type: UNKNOWN
35882

Source: CCN
Type: SECTRACK ID: 1022397
Mozilla Thunderbird Bugs Let Remote Users Execute Arbitrary Code

Source: SLACKWARE
Type: UNKNOWN
SSA:2009-167-01

Source: SLACKWARE
Type: UNKNOWN
SSA:2009-176-01

Source: SUNALERT
Type: UNKNOWN
264308

Source: CCN
Type: ASA-2009-231
firefox security update (RHSA-2009-1095)

Source: CCN
Type: ASA-2009-232
seamonkey security update (RHSA-2009-1096)

Source: CCN
Type: ASA-2009-248
thunderbird security update (RHSA-2009-1126)

Source: CCN
Type: ASA-2009-250
thunderbird security update (RHSA-2009-1125)

Source: DEBIAN
Type: UNKNOWN
DSA-1820

Source: DEBIAN
Type: UNKNOWN
DSA-1830

Source: DEBIAN
Type: DSA-1820
xulrunner -- several vulnerabilities

Source: DEBIAN
Type: DSA-1830
icedove -- several vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:141

Source: CCN
Type: MFSA 2009-29
Arbitrary code execution using event listeners attached to an element whose owner document is null

Source: CONFIRM
Type: Vendor Advisory
http://www.mozilla.org/security/announce/2009/mfsa2009-29.html

Source: CCN
Type: OSVDB ID: 55157
Mozilla Multiple Products Garbage-collection Implementation Crafted Event Handler Privilege Escalation

Source: REDHAT
Type: UNKNOWN
RHSA-2009:1125

Source: REDHAT
Type: UNKNOWN
RHSA-2009:1126

Source: BID
Type: Patch
35326

Source: CCN
Type: BID-35326
RETIRED: Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through 32 Multiple Vulnerabilities

Source: BID
Type: UNKNOWN
35383

Source: CCN
Type: BID-35383
Mozilla Firefox/Thunderbird/SeaMonkey Null Owner Document Arbitrary Code Execution Vulnerability

Source: SECTRACK
Type: UNKNOWN
1022397

Source: SLACKWARE
Type: UNKNOWN
SSA:2009-178-01

Source: CCN
Type: USN-779-1
Firefox and Xulrunner vulnerabilities

Source: CCN
Type: USN-782-1
Thunderbird vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-782-1

Source: VUPEN
Type: Patch, Vendor Advisory
ADV-2009-1572

Source: CCN
Type: Bugzilla@Mozilla - Bug 489131
Arbitrary code execution using event listeners attached to an element whose owner document is null

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.mozilla.org/show_bug.cgi?id=489131

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=503580

Source: XF
Type: UNKNOWN
mozilla-eventlistener-code-execution(51075)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11080

Source: REDHAT
Type: UNKNOWN
RHSA-2009:1095

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-7567

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-7614

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-6366

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-6411

Source: SUSE
Type: SUSE-SA:2009:034
Mozilla Firefox 3.0.11

Vulnerable Configuration:

Configuration 1:

cpe:/a:mozilla:firefox:0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9:rc:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9_rc:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.4.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.21:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0_.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0_.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0_.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0_.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0_.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0_.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0_.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0_8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version <= 3.0.10)

OR cpe:/a:mozilla:firefox:3.0beta5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0:*:beta:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.99:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.5:1.1.10:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:*:*:*:*:*:*:*:* (Version <= 1.1.16)

OR cpe:/a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.7:-:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0:-:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.13:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.14:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.7.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.7.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.13:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.14:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.15:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.16:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.17:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.18:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:*:*:*:*:*:*:*:* (Version <= 2.0.0.19)

OR cpe:/a:mozilla:thunderbird:2.0_.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0_.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0_.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0_.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0_.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0_.13:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0_.14:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0_8:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration RedHat 10:

cpe:/a:redhat:rhel_productivity:5:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0::dev:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.13:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.13:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1::beta:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0:-:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.7.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.7.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0::alpha:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0::beta:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.14:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.16:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.15:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.17:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.18:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.19:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.20:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1::alpha:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1::alpha:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1::beta:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.14:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.21:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*

AND

cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:11.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20091838	V	CVE-2009-1838	2022-05-20
oval:org.opensuse.security:def:31300	P	Security update for MozillaFirefox (Important)	2021-11-17
oval:org.opensuse.security:def:31168	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:31748	P	Security update for openssl (Moderate)	2021-03-24
oval:org.opensuse.security:def:31692	P	Security update for python3 (Important)	2021-02-08
oval:org.opensuse.security:def:31083	P	Security update for python-cryptography (Moderate)	2020-12-04
oval:org.opensuse.security:def:35614	P	mozilla-xulrunner190-1.9.0.19-0.1.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:31082	P	Security update for gdm (Important)	2020-12-03
oval:org.opensuse.security:def:42021	P	mozilla-xulrunner190-1.9.0.19-0.1.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:26579	P	libMagickCore1-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31797	P	Recommended update for NetworkManager-kde4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25591	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:25165	P	Security update for squid (Important)	2020-12-01
oval:org.opensuse.security:def:31858	P	Security update for cups (Important)	2020-12-01
oval:org.opensuse.security:def:25795	P	Security update for kernel-source (Important)	2020-12-01
oval:org.opensuse.security:def:31392	P	Security update for pam-modules (Moderate)	2020-12-01
oval:org.opensuse.security:def:25177	P	Security update for mariadb-connector-c (Important)	2020-12-01
oval:org.opensuse.security:def:32540	P	krb5-doc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25883	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31536	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:25369	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25941	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25507	P	Security update for git (Moderate)	2020-12-01
oval:org.opensuse.security:def:31094	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26614	P	mozilla-xulrunner190 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31836	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:25742	P	Security update for ceph (Important)	2020-12-01
oval:org.opensuse.security:def:25166	P	Security update for apache2 (Important)	2020-12-01
oval:org.opensuse.security:def:31902	P	Security update for MozillaFirefox, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:25844	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31449	P	Security update for postgresql10 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25241	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:32579	P	mozilla-xulrunner190 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25897	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:25450	P	Security update for bluez (Moderate)	2020-12-01
oval:org.mitre.oval:def:29183	P	RHSA-2009:1126 -- thunderbird security update (Moderate)	2015-08-17
oval:org.mitre.oval:def:29396	P	RHSA-2009:1095 -- firefox security update (Critical)	2015-08-17
oval:org.mitre.oval:def:13939	P	USN-779-1 -- firefox-3.0, xulrunner-1.9 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:14001	P	USN-782-1 -- thunderbird vulnerabilities	2014-06-30
oval:org.mitre.oval:def:8036	P	DSA-1830 icedove -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:13378	P	DSA-1830-1 icedove -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:7872	P	DSA-1820 xulrunner -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:13425	P	DSA-1820-1 xulrunner -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:22817	P	ELSA-2009:1095: firefox security update (Critical)	2014-05-26
oval:org.mitre.oval:def:22628	P	ELSA-2009:1126: thunderbird security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:11080	V	The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.	2013-04-29
oval:org.debian:def:1830	V	several vulnerabilities	2009-07-12
oval:com.redhat.rhsa:def:20091125	P	RHSA-2009:1125: thunderbird security update (Moderate)	2009-06-25
oval:com.redhat.rhsa:def:20091126	P	RHSA-2009:1126: thunderbird security update (Moderate)	2009-06-25
oval:org.debian:def:1820	V	several vulnerabilities	2009-06-18
oval:com.redhat.rhsa:def:20091095	P	RHSA-2009:1095: firefox security update (Critical)	2009-06-11
oval:com.redhat.rhsa:def:20091096	P	RHSA-2009:1096: seamonkey security update (Critical)	2009-06-11