Vulnerability CVE-2011-3670 - CERT Civis.Net

Vulnerability Name:

CVE-2011-3670 (CCN-72834)

Assigned:

2011-09-23

Published:

2012-01-31

Updated:

2017-12-29

Summary:

Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

2.9 Low (REDHAT CVSS v2 Vector: AV:A/AC:M/Au:N/C:P/I:N/A:N)
2.1 Low (REDHAT Temporal CVSS v2 Vector: AV:A/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2011-3670

Source: SUSE
Type: UNKNOWN
SUSE-SU-2012:0198

Source: SUSE
Type: UNKNOWN
SUSE-SU-2012:0221

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2012:0234

Source: CCN
Type: RHSA-2012-0079
Critical: firefox security update

Source: CCN
Type: RHSA-2012-0080
Critical: thunderbird security update

Source: CCN
Type: RHSA-2012-0084
Critical: seamonkey security update

Source: CCN
Type: RHSA-2012-0085
Critical: thunderbird security update

Source: DEBIAN
Type: UNKNOWN
DSA-2400

Source: DEBIAN
Type: UNKNOWN
DSA-2402

Source: DEBIAN
Type: UNKNOWN
DSA-2406

Source: DEBIAN
Type: DSA-2400
iceweasel -- several vulnerabilities

Source: DEBIAN
Type: DSA-2402
iceape -- several vulnerabilities

Source: DEBIAN
Type: DSA-2406
icedove -- several vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2012:013

Source: CCN
Type: MFSA 2012-02
Overly permissive IPv6 literal syntax

Source: CONFIRM
Type: Vendor Advisory
http://www.mozilla.org/security/announce/2012/mfsa2012-02.html

Source: CCN
Type: OSVDB ID: 78774
Mozilla Multiple Products IPv6 Proxy Generated XMLHttpRequest Object Handling Remote Information Disclosure

Source: CCN
Type: BID-51786
Mozilla Firefox IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.mozilla.org/show_bug.cgi?id=504014

Source: XF
Type: UNKNOWN
mozilla-ipv6literalsyntax-info-disc(72834)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:14814

Vulnerable Configuration:

Configuration 1:

cpe:/a:mozilla:firefox:0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9:rc:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.4.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.13:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.14:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.5.15:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.13:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.14:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.15:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.16:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.17:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.18:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.19:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.20:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.21:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.22:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.23:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:3.6.24:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version <= 3.6.25)

Configuration 2:

cpe:/a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.7:-:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0:-:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.13:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.0.14:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.5.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.7.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:1.7.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0:-:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.13:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.14:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.15:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.16:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.17:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.18:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.19:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.20:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.21:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.22:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:2.0.0.23:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.0:-:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.0.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.0.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1:-:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:*:*:*:*:*:*:*:* (Version <= 3.1.7)

OR cpe:/a:mozilla:thunderbird:3.1.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1.11:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:mozilla:firefox:4.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:5.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:6.0:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:6.0:*:*:*:*:*:*:*

Configuration 5:

cpe:/a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.:beta3:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:*:beta3:*:*:*:*:*:* (Version <= 2.4)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration RedHat 10:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 11:

cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

Configuration RedHat 12:

cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

Configuration RedHat 13:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration RedHat 14:

cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

Configuration RedHat 15:

cpe:/a:redhat:rhel_productivity:5:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:mozilla:firefox:3.6:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:3.1:-:*:*:*:*:*:*

OR cpe:/a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:thunderbird:6.0:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:42401	P	Security update for salt (Important)	2022-06-24
oval:org.opensuse.security:def:20113670	V	CVE-2011-3670	2022-05-22
oval:org.opensuse.security:def:26222	P	Security update for virglrenderer (Important) (in QA)	2022-01-17
oval:org.opensuse.security:def:26220	P	Security update for MozillaFirefox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:31723	P	Security update for chrony (Moderate)	2021-12-22
oval:org.opensuse.security:def:32236	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:31711	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:31712	P	Security update for xen (Moderate)	2021-12-01
oval:org.opensuse.security:def:26173	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:32214	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:26145	P	Security update for the Linux Kernel (Important)	2021-10-12
oval:org.opensuse.security:def:26136	P	Security update for gd (Moderate)	2021-09-23
oval:org.opensuse.security:def:26120	P	Security update for xerces-c (Important)	2021-09-03
oval:org.opensuse.security:def:31678	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:32175	P	Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:32165	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:26081	P	Security update for libgcrypt (Important)	2021-06-24
oval:org.opensuse.security:def:26079	P	Security update for gupnp (Important)	2021-06-18
oval:org.opensuse.security:def:32126	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:26070	P	Security update for spice (Important)	2021-06-08
oval:org.opensuse.security:def:36520	P	mozilla-xulrunner192-devel-1.9.2.27-0.2.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42652	P	mozilla-xulrunner192-1.9.2.27-0.2.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36245	P	mozilla-xulrunner192-1.9.2.27-0.2.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32918	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:32078	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:32070	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:32280	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:32957	P	Security update for postgresql, postgresql12, postgresql13 (Important)	2021-01-26
oval:org.opensuse.security:def:26069	P	Security update for java-1_7_1-ibm (Moderate)	2021-01-04
oval:org.opensuse.security:def:25969	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:35994	P	mozilla-xulrunner192-1.9.2.27-0.2.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:31460	P	Security update for postgresql94 (Important)	2020-12-01
oval:org.opensuse.security:def:26845	P	xorg-x11-libs-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31770	P	Security update for MozillaFirefox, mozilla-nss, mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:26275	P	Security update for freerdp (Important)	2020-12-01
oval:org.opensuse.security:def:25998	P	Security update for libreoffice (Important)	2020-12-01
oval:org.opensuse.security:def:26424	P	Security update for enigmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:27208	P	libpoppler-glib4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25543	P	Security update for libgxps (Moderate)	2020-12-01
oval:org.opensuse.security:def:26411	P	Security update for go (Moderate)	2020-12-01
oval:org.opensuse.security:def:32487	P	apache2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25828	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:26787	P	nagios on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31546	P	Security update for sane-backends (Moderate)	2020-12-01
oval:org.opensuse.security:def:25806	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26992	P	mozilla-xulrunner192 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32021	P	Security update for kernel-firmware (Moderate)	2020-12-01
oval:org.opensuse.security:def:26526	P	bind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26273	P	Security update for libraw (Moderate)	2020-12-01
oval:org.opensuse.security:def:32426	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25619	P	Security update for libmspack (Moderate)	2020-12-01
oval:org.opensuse.security:def:26699	P	freeradius-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33208	P	mozilla-xulrunner192 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31461	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27483	P	libsmi on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25794	P	Security update for libssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:31827	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:26319	P	Security update for kde-cli-tools5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31797	P	Recommended update for NetworkManager-kde4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26473	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:32321	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:27243	P	mozilla-xulrunner192 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25544	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26495	P	Security update for phpMyAdmin (Important)	2020-12-01
oval:org.opensuse.security:def:32531	P	ipsec-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25885	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:26801	P	pcsc-ccid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26261	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:25870	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26371	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26570	P	kdebase3-runtime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26354	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:32465	P	Security update for xorg-x11-libXv (Moderate)	2020-12-01
oval:org.opensuse.security:def:25747	P	Security update for git (Important)	2020-12-01
oval:org.opensuse.security:def:26748	P	libgnomesu on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31472	P	Security update for ppp (Important)	2020-12-01
oval:org.opensuse.security:def:27518	P	mozilla-xulrunner192-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25795	P	Security update for kernel-source (Important)	2020-12-01
oval:org.opensuse.security:def:31914	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:26957	P	libneon27 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31929	P	Security update for glib2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26512	P	Security update for pdns-recursor (Moderate)	2020-12-01
oval:org.opensuse.security:def:32377	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:25555	P	Security update for mariadb-100 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26646	P	unzip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33169	P	libopenssl0_9_8 on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:14814	V	Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages.	2014-10-06
oval:org.mitre.oval:def:15231	P	USN-1350-1 -- Thunderbird vulnerabilities	2014-06-30
oval:org.mitre.oval:def:15451	P	USN-1353-1 -- Xulrunnner vulnerabilities	2014-06-30
oval:org.mitre.oval:def:14983	P	DSA-2400-1 iceweasel -- several	2014-06-23
oval:org.mitre.oval:def:15283	P	DSA-2402-1 iceape -- several	2014-06-23
oval:org.mitre.oval:def:14959	P	DSA-2406-1 icedove -- several	2014-06-23
oval:org.mitre.oval:def:22851	P	ELSA-2012:0085: thunderbird security update (Critical)	2014-05-26
oval:org.mitre.oval:def:23504	P	ELSA-2012:0079: firefox security update (Critical)	2014-05-26
oval:org.mitre.oval:def:23792	P	ELSA-2012:0080: thunderbird security update (Critical)	2014-05-26
oval:org.mitre.oval:def:20719	P	RHSA-2012:0079: firefox security update (Critical)	2014-02-24
oval:org.mitre.oval:def:20845	P	RHSA-2012:0080: thunderbird security update (Critical)	2014-02-24
oval:org.mitre.oval:def:21230	P	RHSA-2012:0085: thunderbird security update (Critical)	2014-02-24
oval:com.redhat.rhsa:def:20120079	P	RHSA-2012:0079: firefox security update (Critical)	2012-02-01
oval:com.ubuntu.precise:def:20113670000	V	CVE-2011-3670 on Ubuntu 12.04 LTS (precise) - low.	2012-02-01
oval:com.redhat.rhsa:def:20120084	P	RHSA-2012:0084: seamonkey security update (Critical)	2012-02-01
oval:com.redhat.rhsa:def:20120085	P	RHSA-2012:0085: thunderbird security update (Critical)	2012-02-01
oval:com.redhat.rhsa:def:20120080	P	RHSA-2012:0080: thunderbird security update (Critical)	2012-01-31