Mozilla XULRunner 已更新到 1.9.2.27 以修复嵌入式 libpng 的一个安全问题，该问题中的整数溢出可允许远程攻击者造成浏览器崩溃或者可能执行代码 (CVE-2011-3026)。

Versions of Mozilla Thunderbird 10.x prior to 10.0.2 are affected by an integer overflow error in 'libpng', a library used by this application. When decompressing certain PNG image files, this error can allow a heap-based buffer overflow which can crash the application or potentially allow code execution. 

Versions of Firefox 10.x prior to 10.0.2 are affected by an integer overflow vulnerability. An integer overflow error exists in 'libpng', a library used by this application.  When decompressing certain PNG image files, this error can allow a heap-based buffer overflow which can crash the application or potentially allow code execution.

Versions of SeaMonkey 2.x earlier than 2.7.2 are potentially affected by an integer overflow vulnerability in 'libpng', a library used by this application.  When decompressing certain PNG image files, this error can allow a heap-based buffer overflow which can crash the application or potentially allow code execution.

According to its banner, the remote Apple iOS device is missing a security update.  Versions of Apple iOS prior to 6.0 are exposed to the following vulnerabilities :

  - Numerous memory errors exist related to handling 'TIFF', 'PNG' and 'JPEG' images and 'ImageIO' that can allow arbitrary code execution. (CVE-2011-1167, CVE-2011-3026, CVE-2011-3048, CVE-2011-3328, CVE-2012-1173, CVE-2012-3726)

  - Several issues exist related to 'CoreGraphics' and 'FreeType' (CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133, CVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137, CVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1142, CVE-2012-1143, CVE-2012-1144)

  - Numerous issues exist related to libxml and can lead to application crashes or arbitrary code execution. (CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3919)

  - A stack-based buffer overflow exists related to 'locale ID' and 'International Components for Unicode' (ICU). (CVE-2011-4599)

  - An unitialized memory access issue exists related to 'Sorenson' encoded movie files and 'CoreMedia'. (CVE-2012-3722)

  - An URL handling issue exists related to 'CFNetwork' that can disclose sensitive information. (CVE-2012-3724)

  - The 'DNAv4' protocol discloses sensitive information when connecting to unencrypted Wi-Fi networks. (CVE-2012-3725)

  - A buffer overflow error exists related to 'IPSec' and 'racoon' configuration files. (CVE-2012-3727)

  - An invalid pointer dereference error exists related to the kernel and packet filter ioctls. (CVE-2012-3728)

  - An uninitialized memory access error exists related to the kernel and the Berkeley Packet Filter interpreter. (CVE-2012-3729)

  - Several issues exist related to 'Mail' and the handling of attachments and 'S/MIME' signed messages. (CVE-2012-3730, CVE-2012-3731, CVE-2012-3732)

  - Information disclosure issues exist related to 'Messages', 'Office Viewer', system logs, and 'UIKit'. (CVE-2012-3733, CVE-2012-3734, CVE-2012-3743, CVE-2012-3746)

  - Memory corruption errors exist related to 'OpenGL'. (CVE-2011-3457)

  - Numerous errors exist related to 'Passcode Lock'. (CVE-2012-3735, CVE-2012-3736, CVE-2012-3737, CVE-2012-3738, CVE-2012-3739, CVE-2012-3740)

  - An error exists in 'Restrictions' that can allow unauthorized purchases. (CVE-2012-3741)

  - Errors exist in 'Safari' that are related to misleading URL characters and password auto complete. (CVE-2012-3742, CVE-2012-0680)

  - A buffer overflow error exists related to 'Telephony' and SMS handling. (CVE-2012-3745)

  - Many errors exist related to the bundled 'WebKit' components. (CVE-2011-2845, CVE-2011-3016, CVE-2011-3021, CVE-2011-3027, CVE-2011-3032, CVE-2011-3034, CVE-2011-3035, CVE-2011-3036, CVE-2011-3037, CVE-2011-3038, CVE-2011-3039, CVE-2011-3040, CVE-2011-3041, CVE-2011-3042, CVE-2011-3043, CVE-2011-3044, CVE-2011-3050, CVE-2011-3053, CVE-2011-3059, CVE-2011-3060, CVE-2011-3064, CVE-2011-3067, CVE-2011-3068, CVE-2011-3069, CVE-2011-3071, CVE-2011-3073, CVE-2011-3074, CVE-2011-3075, CVE-2011-3076, CVE-2011-3078, CVE-2011-3081, CVE-2011-3086, CVE-2011-3089, CVE-2011-3090, CVE-2011-3105, CVE-2011-3913, CVE-2011-3924, CVE-2011-3926, CVE-2011-3958, CVE-2011-3966, CVE-2011-3968, CVE-2011-3969, CVE-2011-3971, CVE-2012-0682, CVE-2012-0683, CVE-2012-1520, CVE-2012-1521, CVE-2012-2815, CVE-2012-2818, CVE-2012-3589, CVE-2012-3590, CVE-2012-3591, CVE-2012-3592, CVE-2012-3593, CVE-2012-3594, CVE-2012-3595, CVE-2012-3596, CVE-2012-3597, CVE-2012-3598, CVE-2012-3599, CVE-2012-3600, CVE-2012-3601, CVE-2012-3602, CVE-2012-3603, CVE-2012-3604, CVE-2012-3605, CVE-2012-3608, CVE-2012-3609, CVE-2012-3610, CVE-2012-3611, CVE-2012-3612, CVE-2012-3613, CVE-2012-3614, CVE-2012-3615, CVE-2012-3617, CVE-2012-3618, CVE-2012-3620, CVE-2012-3624, CVE-2012-3625, CVE-2012-3626, CVE-2012-3627, CVE-2012-3628, CVE-2012-3629, CVE-2012-3630, CVE-2012-3631, CVE-2012-3633, CVE-2012-3634, CVE-2012-3635, CVE-2012-3636, CVE-2012-3637, CVE-2012-3638, CVE-2012-3639, CVE-2012-3640, CVE-2012-3641, CVE-2012-3642, CVE-2012-3644, CVE-2012-3645, CVE-2012-3646, CVE-2012-3647, CVE-2012-3648, CVE-2012-3650, CVE-2012-3651, CVE-2012-3652, CVE-2012-3653, CVE-2012-3655, CVE-2012-3656, CVE-2012-3658, CVE-2012-3659, CVE-2012-3660, CVE-2012-3661, CVE-2012-3663, CVE-2012-3664, CVE-2012-3665, CVE-2012-3666, CVE-2012-3667, CVE-2012-3668, CVE-2012-3669, CVE-2012-3670, CVE-2012-3671, CVE-2012-3672, CVE-2012-3673, CVE-2012-3674, CVE-2012-3676, CVE-2012-3677, CVE-2012-3678, CVE-2012-3679, CVE-2012-3680, CVE-2012-3681, CVE-2012-3682, CVE-2012-3683, CVE-2012-3684, CVE-2012-3686, CVE-2012-3691, CVE-2012-3693, CVE-2012-3695, CVE-2012-3696, CVE-2012-3703, CVE-2012-3704, CVE-2012-3706, CVE-2012-3708, CVE-2012-3710, CVE-2012-3747)

The remote host is running a version of Mac OS X 10.7 that is older than version 10.7.5.  The newer version contains numerous security-related fixes for the following components :

  - Apache

  - BIND

  - CoreText

  - Data Security

  - ImageIO

  - Installer

  - International Components for Unicode

  - Kernel

  - Mail

  - PHP

  - Profile Manager

  - QuickLook

  - QuickTime

  - Ruby

  - USB

Versions of Thunderbird 10.x earlier than 10.0.2 are potentially affected by an integer overflow error in 'libpng', a library used by this application.  When decompressing certain PNG image files, this error can allow a heap-based buffer overflow which can crash the application or potentially allow code execution.

Versions of Firefox 10.x earlier than 10.0.2 are potentially affected by an integer overflow vulnerability.  An integer overflow error exists in 'libpng', a library used by this application.  When decompressing certain PNG image files, this error can allow a heap-based buffer overflow which can crash the application or potentially allow code execution.

Versions of Google Chrome earlier than 17.0.963.56 are potentially affected by the following vulnerabilities :

  - Integer overflow errors exist related to PDF codecs and libpng. (CVE-2011-3015, CVE-2011-3026)

  - A read-after-free error exists related to 'counter nodes'. (CVE-2011-3016)

  - Use-after-free errors exist related to database handling, subframe loading, and ddrag-and-drop functionality. (CVE-2011-3017, CVE-2011-3021, CVE-2011-3023)

  - Heap-overflow errors exist related to path rendering and 'MKV' handling. (CVE-2011-3018, CVE-2011-3019)

  - Unspecified errors exist related to the native client validator and HTTP use with translation scripts. (CVE-2011-3020, CVE-2011-3022)

  - Empty x509 certificates can cause browser crashes. (CVE-2011-3024)

  - An out-of-bounds read error exists related to h.264 parsing. (CVE-2011-3025)

  - A bad variable cast exists related to column handling. (CVE-2011-3027)

ID	Name	Product	Family	Published	Updated	Severity
75962	openSUSE 安全更新：mozilla-js192 (mozilla-js192-5832)	Nessus	SuSE Local Security Checks	6/13/2014	1/19/2021	high
6327	Mozilla Thunderbird 10.x < 10.0.2 'png_decompress_chunk' Integer Overflow	Nessus Network Monitor	SMTP Clients	2/20/2012	3/6/2019	high
6325	Mozilla Firefox 10.x < 10.0.2 'png_decompress_chunk' Integer Overflow	Nessus Network Monitor	Web Clients	2/20/2012	3/6/2019	high
6329	SeaMonkey 2.x < 2.7.2 'png_decompress_chunk' Integer Overflow	Nessus Network Monitor	Web Clients	2/20/2012	3/6/2019	high
6589	Apple iOS < 6.0 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	9/24/2012	3/6/2019	high
6583	Mac OS X 10.7 < 10.7.5 Multiple Vulnerabilities	Nessus Network Monitor	Generic	9/21/2012	3/6/2019	critical
801381	Mozilla Thunderbird 10.x < 10.0.2 'png_decompress_chunk' Integer Overflow	Log Correlation Engine	Web Clients	2/20/2012		high
801380	Mozilla SeaMonkey 2.x < 2.7.2 'png_decompress_chunk' Integer Overflow	Log Correlation Engine	Web Clients	2/20/2012		high
801253	Mozilla Firefox 10.x < 10.0.2 'png_decompress_chunk' Integer Overflow	Log Correlation Engine	Web Clients	2/20/2012		high
800966	Google Chrome < 17.0.963.56 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	2/17/2012		high

Detections

Analytics

Plugins Search

high

high

high

high

high

critical

high

high

high

high