The installed version of Firefox is earlier than 3.0.16.  Such versions are potentially affected by the following security issues :

  - Multiple crashes can result in arbitrary code execution.
    (MFSA 2009-65)

  - The NTLM implementation is vulnerable to reflection     attacks in which NTLM credentials from one application     can be forwarded to another application. (MFSA 2009-68)

  - Multiple location bar spoofing vulnerabilities exist.     (MFSA 2009-69)

  - A content window which is opened by a chrome window     retains a reference to the chrome window via the     'window.opener' property, which can lead to privilege     escalation. (MFSA 2009-70)

  - The exception messages generated by the     'GeckoActiveXObject' differ based on whether or not the     requested COM object's ProgID is present in the system     registry. (MFSA 2009-71)

Security issues were identified and fixed in firefox 3.5.x :

liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to memory safety issues. (CVE-2009-3388)

Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions (CVE-2009-3389).

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3979).

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3980).

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3982).

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user (CVE-2009-3983).

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body (CVE-2009-3984).

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654 (CVE-2009-3985).

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property (CVE-2009-3986).

The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects (CVE-2009-3987).

Additionally, some packages which require so, have been rebuilt and are being provided as updates.

The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Mozilla Firefox,       Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the       CVE identifiers referenced below for details.
  Impact :

    A remote attacker could entice a user to view a specially crafted web       page or email, possibly resulting in execution of arbitrary code or a       Denial of Service condition. Furthermore, a remote attacker may be able       to perform Man-in-the-Middle attacks, obtain sensitive information,       bypass restrictions and protection mechanisms, force file downloads,       conduct XML injection attacks, conduct XSS attacks, bypass the Same       Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical       scroll, spoof the location bar, spoof an SSL indicator, modify the       browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified       impact.
    A local attacker could gain escalated privileges, obtain sensitive       information, or replace an arbitrary downloaded file.
  Workaround :

    There is no known workaround at this time.

The installed version of Firefox is 3.5.x earlier than 3.5.6.  Such versions are potentially affected by the following security issues :

  - Multiple crashes can result in arbitrary code     execution. (MFSA 2009-65)

  - Multiple vulnerabilities in 'liboggplay' can lead to     arbitrary code execution. (MFSA 2009-66)

  - An integer overflow in the 'Theora' video library can     lead to a crash or the execution of arbitrary code.     (MFSA 2009-67)

  - The NTLM implementation is vulnerable to reflection     attacks in which NTLM credentials from one application     can be forwarded to another application. (MFSA 2009-68)

  - Multiple location bar spoofing vulnerabilities exist.     (MFSA 2009-69)

  - A content window which is opened by a chrome window     retains a reference to the chrome window via the     'window.opener' property, which can lead to privilege     escalation. (MFSA 2009-70)

  - The exception messages generated by the     'GeckoActiveXObject' differ based on whether or not the     requested COM object's ProgID is present in the system     registry. (MFSA 2009-71)

The installed version of SeaMonkey is earlier than 2.0.1.  Such versions are potentially affected by the following security issues :

  - Multiple crashes can result in arbitrary code execution.     (MFSA 2009-65)

  - Multiple vulnerabilities in 'liboggplay' can lead to     arbitrary code execution. (MFSA 2009-66)

  - An integer overflow in the 'Theora' video library can     lead to a crash or the execution of arbitrary code.
    (MFSA 2009-67)

  - The NTLM implementation is vulnerable to reflection     attacks in which NTLM credentials from one application     can be forwarded to another application. (MFSA 2009-68)

  - Multiple location bar spoofing vulnerabilities exist.
    (MFSA 2009-69)

  - A content window which is opened by a chrome window     retains a reference to the chrome window via the     'window.opener' property, which can lead to privilege     escalation. (MFSA 2009-70)

  - The exception messages generated by the     'GeckoActiveXObject' differ based on whether or not the     requested COM object's ProgID is present in the system     registry. (MFSA 2009-71)

Security issues were identified and fixed in firefox 3.0.x :

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3979).

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3980).

Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3981).

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user (CVE-2009-3983).

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body (CVE-2009-3984).

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654 (CVE-2009-3985).

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property (CVE-2009-3986).

The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects (CVE-2009-3987).

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.

Additionally, some packages which require so, have been rebuilt and are being provided as updates.

The Mozilla SeaMonkey browser suite was updated to version 2.0.1, fixing lots of bugs and various security issues.

The following issues were fixed :

  - MFSA 2009-65/CVE-2009-3979/CVE-2009-3981 Crashes with     evidence of memory corruption (1.9.0.16)

  - MFSA 2009-68/CVE-2009-3983 (bmo#487872) NTLM reflection     vulnerability

  - MFSA 2009-69/CVE-2009-3984/CVE-2009-3985     (bmo#521461,bmo#514232) Location bar spoofing     vulnerabilities

  - MFSA 2009-70/CVE-2009-3986 (bmo#522430) Privilege     escalation via chrome window.opener

  - MFSA 2009-71/CVE-2009-3987: COM object enumeration only     affects Windows operating systems.

The remote host is running a version of SeaMonkey earlier than 2.0.1.  Such versions are potentially affected by multiple vulnerabilities : 

  - Multiple crashes that could result in arbitrary code execution. (MFSA 2009-65)

  - Multiple vulnerabilities in 'liboggplay'  which could lead to arbitrary code execution.  Note that this only affects the 3.5.x branch. (MFSA 2009-66)

  - An integer overflow in the 'Theora' video library which could lead to a crash or the execution of arbitrary code.  Note that this only affects the 3.5.x branch. (MFSA 2009-67)

  - The NTML implementation is vulnerable to reflection attacks in which NTML credentials from one application could be forwarded to another application. (MFSA 2009-68)

  - Multiple location bar spoofing vulnerabilities. (MFSA 2009-69)

  - A content window which is opened by a chrome window retains a reference to the chrome window via the 'window.opener' property which could lead to a privilege escalation. (MFSA 2009-70)

  - The exception messages generated by the 'GeckoActiveXObject' differ based on whether or not the requested COM object's ProgID is present in the system registry. (MFSA 2009-71)

The remote host is running a version of Mozilla Firefox earlier than 3.0.16 or 3.5.6.  Such versions are potentially affected by multiple vulnerabilities : 

 - Multiple crashes that could result in arbitrary code execution. (MFSA 2009-65)
 - Multiple vulnerabilities in 'liboggplay'  which could lead to arbitrary code execution.  Note that this only affects the 3.5.x branch. (MFSA 2009-66)
 - An integer overflow in the 'Theora' video library which could lead to a crash or the execution of arbitrary code.  Note that this only affects the 3.5.x branch. (MFSA 2009-67)
 - The NTML implementation is vulnerable to reflection attacks in which NTML credentials from one application could be forwarded to another application. (MFSA 2009-68)
 - Multiple location bar spoofing vulnerabilities. (MFSA 2009-69)
 - A content window which is opened by a chrome window retains a reference to the chrome window via the 'window.opener' property which could lead to a privilege escalation. (MFSA 2009-70)
 - The exception messages generated by the 'GeckoActiveXObject' differ based on whether or not the requested COM object's ProgID is present in the system registry. (MFSA 2009-71)



The remote host is running a version of Mozilla SeaMonkey earlier than 2.0.1.  Such versions are potentially affected by multiple vulnerabilities : 

  - Multiple crashes that could result in arbitrary code execution. (MFSA 2009-65)

  - Multiple vulnerabilities in 'liboggplay'  which could lead to arbitrary code execution.  Note that this only affects the 3.5.x branch. (MFSA 2009-66)

  - An integer overflow in the 'Theora' video library which could lead to a crash or the execution of arbitrary code.  Note that this only affects the 3.5.x branch. (MFSA 2009-67)

  - The NTML implementation is vulnerable to reflection attacks in which NTML credentials from one application could be forwarded to another application. (MFSA 2009-68)

  - Multiple location bar spoofing vulnerabilities. (MFSA 2009-69)

  - A content window which is opened by a chrome window retains a reference to the chrome window via the 'window.opener' property which could lead to a privilege escalation. (MFSA 2009-70)

  - The exception messages generated by the 'GeckoActiveXObject' differ based on whether or not the requested COM object's ProgID is present in the system registry. (MFSA 2009-71)

The remote host is running a version of Mozilla Firefox earlier than 3.0.16 or 3.5.6.  Such versions are potentially affected by multiple vulnerabilities : 

  - Multiple crashes that could result in arbitrary code execution. (MFSA 2009-65)

  - Multiple vulnerabilities in 'liboggplay'  which could lead to arbitrary code execution.  Note that this only affects the 3.5.x branch. (MFSA 2009-66)

  - An integer overflow in the 'Theora' video library which could lead to a crash or the execution of arbitrary code.  Note that this only affects the 3.5.x branch. (MFSA 2009-67)

  - The NTML implementation is vulnerable to reflection attacks in which NTML credentials from one application could be forwarded to another application. (MFSA 2009-68)

  - Multiple location bar spoofing vulnerabilities. (MFSA 2009-69)

  - A content window which is opened by a chrome window retains a reference to the chrome window via the 'window.opener' property which could lead to a privilege escalation. (MFSA 2009-70)

  - The exception messages generated by the 'GeckoActiveXObject' differ based on whether or not the requested COM object's ProgID is present in the system registry. (MFSA 2009-71)

ID	Name	Product	Family	Published	Updated	Severity
43173	Firefox < 3.0.16 Multiple Vulnerabilities	Nessus	Windows	12/16/2009	7/16/2018	high
48162	Mandriva Linux Security Advisory : firefox (MDVSA-2009:338)	Nessus	Mandriva Local Security Checks	7/30/2010	1/6/2021	high
63402	GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)	Nessus	Gentoo Local Security Checks	1/8/2013	12/5/2022	critical
43174	Firefox 3.5 < 3.5.6 Multiple Vulnerabilities	Nessus	Windows	12/16/2009	7/16/2018	high
43175	SeaMonkey < 2.0.1 Multiple Vulnerabilities	Nessus	Windows	12/16/2009	7/27/2018	high
43394	Mandriva Linux Security Advisory : firefox (MDVSA-2009:339)	Nessus	Mandriva Local Security Checks	12/23/2009	1/6/2021	high
43619	openSUSE Security Update : seamonkey (seamonkey-1738)	Nessus	SuSE Local Security Checks	1/3/2010	1/14/2021	high
5265	SeaMonkey < 2.0.1 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	12/16/2009	3/6/2019	medium
5264	Mozilla Firefox < 3.0.16 / 3.5.6 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	12/16/2009	3/6/2019	medium
801360	Mozilla SeaMonkey < 2.0.1 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	12/16/2009		high
801369	Mozilla Firefox < 3.0.16 / 3.5.6 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	12/16/2009		high

Detections

Analytics

Plugins Search

high

high

critical

high

high

high

high

medium

medium

high

high