Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site.
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html
http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html
http://rhn.redhat.com/errata/RHSA-2013-0271.html
http://rhn.redhat.com/errata/RHSA-2013-0272.html
http://www.debian.org/security/2013/dsa-2699
http://www.mozilla.org/security/announce/2013/mfsa2013-27.html
http://www.ubuntu.com/usn/USN-1729-1
http://www.ubuntu.com/usn/USN-1729-2
http://www.ubuntu.com/usn/USN-1748-1
https://bugzilla.mozilla.org/show_bug.cgi?id=796475
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16666
OR
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
OR
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
OR
cpe:2.3:o:redhat:enterprise_linux_aus:5.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
OR
OR
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
74898 | openSUSE Security Update : Mozilla (openSUSE-SU-2013:0323-1) | Nessus | SuSE Local Security Checks | critical |
70183 | GLSA-201309-23 : Mozilla Products: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
68733 | Oracle Linux 6 : thunderbird (ELSA-2013-0272) | Nessus | Oracle Linux Local Security Checks | high |
68732 | Oracle Linux 5 / 6 : firefox (ELSA-2013-0271) | Nessus | Oracle Linux Local Security Checks | high |
66766 | Debian DSA-2699-1 : iceweasel - several vulnerabilities | Nessus | Debian Local Security Checks | critical |
65598 | SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8506) | Nessus | SuSE Local Security Checks | critical |
65175 | SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7447) | Nessus | SuSE Local Security Checks | critical |
64967 | Ubuntu 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1729-2) | Nessus | Ubuntu Local Security Checks | critical |
64892 | Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1748-1) | Nessus | Ubuntu Local Security Checks | critical |
801258 | Mozilla SeaMonkey < 2.16 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
6693 | SeaMonkey < 2.16 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |
64779 | Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20130219) | Nessus | Scientific Linux Local Security Checks | critical |
64777 | Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20130219) | Nessus | Scientific Linux Local Security Checks | critical |
64729 | CentOS 5 / 6 : thunderbird (CESA-2013:0272) | Nessus | CentOS Local Security Checks | high |
801245 | Mozilla Thunderbird 17.x < 17.0.3 Multiple Vulnerabilities | Log Correlation Engine | SMTP Clients | high |
801233 | Mozilla Firefox 18.x <= 18 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
6692 | Mozilla Thunderbird < 17.0.3 Multiple Vulnerabilities | Nessus Network Monitor | SMTP Clients | high |
6691 | Mozilla Firefox < 19.0 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |
64726 | SeaMonkey < 2.16 Multiple Vulnerabilities | Nessus | Windows | critical |
64725 | Mozilla Thunderbird ESR 17.x < 17.0.3 Multiple Vulnerabilities | Nessus | Windows | critical |
64724 | Mozilla Thunderbird < 17.0.3 Multiple Vulnerabilities | Nessus | Windows | critical |
64723 | Firefox < 19.0 Multiple Vulnerabilities | Nessus | Windows | critical |
64722 | Firefox ESR 17.x < 17.0.3 Multiple Vulnerabilities | Nessus | Windows | critical |
64721 | Thunderbird ESR 17.x < 17.0.3 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
64720 | Thunderbird < 17.0.3 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
64719 | Firefox 18.x Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
64718 | Firefox ESR 17.x < 17.0.3 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
64698 | Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1729-1) | Nessus | Ubuntu Local Security Checks | critical |
64697 | RHEL 5 / 6 : thunderbird (RHSA-2013:0272) | Nessus | Red Hat Local Security Checks | high |
64696 | RHEL 5 / 6 : firefox (RHSA-2013:0271) | Nessus | Red Hat Local Security Checks | high |
64693 | FreeBSD : mozilla -- multiple vulnerabilities (e3f0374a-7ad6-11e2-84cd-d43d7e0c7c02) | Nessus | FreeBSD Local Security Checks | high |
64692 | CentOS 5 / 6 : devhelp / firefox / libproxy / xulrunner / yelp (CESA-2013:0271) | Nessus | CentOS Local Security Checks | high |