Search for packages
Package details: pkg:deb/debian/iceweasel@24.8.1esr-1~deb7u1
purl pkg:deb/debian/iceweasel@24.8.1esr-1~deb7u1
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (131)
Vulnerability Summary Fixed by
VCID-11n2-z2te-8uhz
Aliases:
CVE-2015-0807
Mozilla developer Christoph Kerschbaumer discovered an issue while investigating Mozilla Foundation Security Advisory 2015-03, previously reported by security researcher Muneaki Nishimura. This flaw was that a cross-origin resource sharing (CORS) request should not follow 30x redirections after preflight according to the specification. This only affects sendBeacon() requests but could allow for a potential Cross-site request forgery (XSRF) attack from malicious websites. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
31.6.0esr-1
Affected by 103 other vulnerabilities.
VCID-1atw-2txv-jydj
Aliases:
CVE-2014-1576
Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a buffer overflow when making capitalization style changes during CSS parsing. This can cause a crash that is potentially exploitable.
31.6.0esr-1
Affected by 103 other vulnerabilities.
VCID-1msn-8tvt-ekhd
Aliases:
CVE-2015-7182
Mozilla engineers Tyson Smith and David Keeler reported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security Services (NSS). These issues were in octet string parsing and were found through fuzzing and code inspection. If these issues were triggered, they would lead to a potentially exploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in Firefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in the Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation. This leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-1stj-xuxd-ykbt
Aliases:
CVE-2016-2802
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-21wp-eycu-kbfu
Aliases:
CVE-2016-1977
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-24dk-u885-wuc4
Aliases:
CVE-2015-4520
Mozilla developer Ehsan Akhgari reported two issues with Cross-origin resource sharing (CORS) "preflight" requests.The first issue is that in some circumstances the same cache key can be generated for two preflight requests on a site. As a result, if a second request is made that will match the cached key generated by an earlier request, CORS checks will be bypassed because the system will see the previously cached request as applicable.In the second issue, when some Access-Control- headers are missing from CORS responses, the values from different Access-Control- headers can be used that present in the same response. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-27bs-ub3m-7fcx
Aliases:
CVE-2014-1590
Security researcher Joe Vennix from Rapid7 reported that passing a JavaScript object to XMLHttpRequest that mimics an input stream will a crash. This crash is not exploitable and can only be used for denial of service attacks. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
31.6.0esr-1
Affected by 103 other vulnerabilities.
VCID-29cd-ee2e-eudd
Aliases:
CVE-2016-2800
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-2bx8-2dn3-zyhv
Aliases:
CVE-2015-7213
Security researcher Ronald Crane reported a vulnerability found through code inspection. This issue is an integer overflow while processing an MP4 format video file when an a erroneously-small buffer is allocated and then overrun, resulting in a potentially exploitable crash. This issue only affects 64-bit versions with 32-bit versions being unaffected.In general this flaw cannot be exploited through email in the Thunderbird product, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-2nux-rchb-k3fq
Aliases:
CVE-2015-2737
Security researcher Ronald Crane reported seven vulnerabilities affecting released code that he found through code inspection. These included three uses of uninitialized memory, one poor validation leading to an exploitable crash, one read of unowned memory in zip files, and two buffer overflows. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them.
31.8.0esr-1~deb7u1
Affected by 97 other vulnerabilities.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-3725-z3mj-jubv
Aliases:
CVE-2015-4506
Security researcher Khalil Zhani reported that a maliciously crafted vp9 format video could be used to trigger a buffer overflow while parsing the file. This leads to a potentially exploitable crash due to a flaw in the libvpx library. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-3mbe-grmk-nybd
Aliases:
CVE-2015-4500
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-3nmw-zq4v-ebgc
Aliases:
CVE-2016-1974
Security researcher Ronald Crane reported an out-of-bounds read following a failed allocation in the HTML parser while working with unicode strings. This can also affect the parsing of XML and SVG format data. This leads to a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-3zm4-kw65-5khp
Aliases:
CVE-2016-2791
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-43hc-6n9u-7yer
Aliases:
CVE-2014-1578
Using the Address Sanitizer tool, security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team found an out-of-bounds write when buffering WebM format video containing frames with invalid tile sizes. This can lead to a potentially exploitable crash during WebM video playback. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
31.6.0esr-1
Affected by 103 other vulnerabilities.
VCID-4ar5-4gpb-2qba
Aliases:
CVE-2015-7174
Security researcher Ronald Crane reported eight vulnerabilities affecting released code that were found through code inspection. These included several potential memory safety issues resulting from the use of snprintf, one use of unowned memory, one use of a string without overflow checks, and five memory safety bugs. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-4thd-5556-b3gc
Aliases:
CVE-2015-7175
Security researcher Ronald Crane reported eight vulnerabilities affecting released code that were found through code inspection. These included several potential memory safety issues resulting from the use of snprintf, one use of unowned memory, one use of a string without overflow checks, and five memory safety bugs. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-4ymv-58y7-kybh
Aliases:
CVE-2014-1592
Security researcher SkyLined reported a use-after-free created by triggering the creation of a second root element while parsing HTML written to a document created with document.open(). This leads to a potentially exploitable crash.In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
31.6.0esr-1
Affected by 103 other vulnerabilities.
VCID-5arh-jpfa-aya9
Aliases:
CVE-2015-0815
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts.
31.6.0esr-1
Affected by 103 other vulnerabilities.
VCID-5hjp-yuf4-dqd6
Aliases:
CVE-2016-2808
The CESG, the Information Security Arm of GCHQ, reported that the JavaScript .watch() method could be used to overflow the 32-bit generation count of the underlying HashMap, resulting in a write to an invalid entry. Under the right conditions this write could lead to arbitrary code execution. The overflow takes considerable time and a malicious page would require a user to keep it open for the duration of the attack.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-6929-dm6j-ufgv
Aliases:
CVE-2015-0813
Security researcher Aki Helin reported a use-after-free when playing certain MP3 format audio files on the web using the Fluendo MP3 plugin for GStreamer on Linux. This is due to a flaw in handling certain MP3 files by the plugin and its interaction with Mozilla code. This can lead to a potentially exploitable crash. This flaw only affects Linux installations. Windows and OS X users are unaffected by it.
31.6.0esr-1
Affected by 103 other vulnerabilities.
VCID-6nes-q68w-ebgt
Aliases:
CVE-2015-7189
Security researcher Looben Yang reported a buffer overflow in the JPEGEncoder function during script interactions with a canvas element. This is caused by a race condition and incorrectly matched sizes following image interactions. This leads to a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-7mjw-rf57-rugg
Aliases:
CVE-2016-2805
Mozilla developers fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-7svy-v5cp-u3fd
Aliases:
CVE-2015-7575
Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services (NSS) where MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has officially disallowed the accepting MD5 as a hash algorithm in signatures since 2011. This issues exposes NSS based clients such as Firefox to theoretical collision-based forgery attacks. This issue was fixed in NSS version 3.20.2.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-7xvr-jqtj-a3c7
Aliases:
CVE-2016-2799
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-8n69-wvzb-4kf9
Aliases:
CVE-2015-4522
Security researcher Ronald Crane reported eight vulnerabilities affecting released code that were found through code inspection. These included several potential memory safety issues resulting from the use of snprintf, one use of unowned memory, one use of a string without overflow checks, and five memory safety bugs. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-8pk6-9wzx-47da
Aliases:
CVE-2016-1964
Security researcher Nicolas Grégoire used the Address Sanitizer to find a use-after-free during XML transformation operations. This results in a potentially exploitable crash triggerable by web content. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-96kj-we17-vkd2
Aliases:
CVE-2015-7180
Security researcher Ronald Crane reported eight vulnerabilities affecting released code that were found through code inspection. These included several potential memory safety issues resulting from the use of snprintf, one use of unowned memory, one use of a string without overflow checks, and five memory safety bugs. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-9dhq-vhpf-eqg3
Aliases:
CVE-2015-0836
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts.
31.6.0esr-1
Affected by 103 other vulnerabilities.
VCID-9dq3-sh61-s3h9
Aliases:
CVE-2015-2734
Security researcher Ronald Crane reported seven vulnerabilities affecting released code that he found through code inspection. These included three uses of uninitialized memory, one poor validation leading to an exploitable crash, one read of unowned memory in zip files, and two buffer overflows. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them.
31.8.0esr-1~deb7u1
Affected by 97 other vulnerabilities.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-9g92-xeur-sue1
Aliases:
CVE-2014-1574
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts.
31.6.0esr-1
Affected by 103 other vulnerabilities.
VCID-9kxm-srck-suga
Aliases:
CVE-2015-7222
Mozilla developer Gerald Squelart fixed an integer underflow in the libstagefright library initially reported by Joshua Drake to Google. The issues occurred in MP4 format video file while parsing cover metadata, leading to a buffer overflow. This results in a potentially exploitable crash and can be triggered by a malformed MP4 file served by web content. In general this flaw cannot be exploited through email in the Thunderbird product, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-9pm7-9tph-f3fz
Aliases:
CVE-2015-2724
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts.
31.8.0esr-1~deb7u1
Affected by 97 other vulnerabilities.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-9ufv-gdzx-m7gt
Aliases:
CVE-2015-7210
Security researcher Looben Yang reported a use-after-free error in WebRTC that occurs due to timing issues in WebRTC when closing channels. WebRTC may still believe is has a datachannel open after another WebRTC function has closed it. This results in attempts to use the now destroyed datachannel, leading to a potentially exploitable crash.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-ab54-wdtp-33ea
Aliases:
CVE-2016-2792
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-abc6-u8w3-mfdw
Aliases:
CVE-2015-4509
An anonymous researcher reported, via HP's Zero Day Initiative, a use-after-free vulnerability with HTML media elements on a page during script manipulation of the URI table of these elements. This results in a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-adqx-5gbp-pkbg
Aliases:
CVE-2015-2738
Security researcher Ronald Crane reported seven vulnerabilities affecting released code that he found through code inspection. These included three uses of uninitialized memory, one poor validation leading to an exploitable crash, one read of unowned memory in zip files, and two buffer overflows. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them.
31.8.0esr-1~deb7u1
Affected by 97 other vulnerabilities.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-age6-jr9v-2qcq
Aliases:
CVE-2015-7197
Mozilla developer Ehsan Akhgari reported a mechanism through which a web worker could be used to bypass secure requirements for WebSockets when workers are used to create WebSockets. This allows for the bypassing of mixed content WebSocket policy. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-arv7-nfbr-dfc1
Aliases:
CVE-2015-2721
Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services (NSS) where the client allows for a ECDHE_ECDSA exchange where the server does not send its ServerKeyExchange message instead of aborting the handshake. Instead, the NSS client will take the EC key from the ECDSA certificate. This violates the TLS protocol and also has some security implications for forward secrecy. In this situation, the browser thinks it is engaged in an ECDHE exchange, but has been silently downgraded to a non-forward secret mixed-ECDH exchange instead. As a result, if False Start is enabled, the browser will start sending data encrypted under these non-forward-secret connection keys. This issue was fixed in NSS version 3.19.1.
31.8.0esr-1~deb7u1
Affected by 97 other vulnerabilities.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-asfc-cmcs-b7hm
Aliases:
CVE-2016-1954
Security researcher Nicolas Golubovic reported that a malicious page can overwrite files on the user's machine using Content Security Policy (CSP) violation reports. The file contents are restricted to the JSON format of the report. In many cases overwriting a local file may simply be destructive, breaking the functionality of that file. The CSP error reports can include HTML fragments which could be rendered by browsers. If a user has disabled add-on signing and has installed an "unpacked" add-on, a malicious page could overwrite one of the add-on resources. Depending on how this resource is used, this could lead to privilege escalation. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-awjf-692c-dubk
Aliases:
CVE-2015-7200
Security researcher Ronald Crane reported three vulnerabilities affecting released code that were found through code inspection. These included a buffer overflow in the ANGLE graphics library and two issues of missing status checks in SVG rendering and during cryptographic key manipulation. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-b6p1-6aza-due3
Aliases:
CVE-2014-8634
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts.
31.6.0esr-1
Affected by 103 other vulnerabilities.
VCID-bexe-a2pb-8ubp
Aliases:
CVE-2016-1966
The CESG, the Information Security Arm of GCHQ, reported a dangling pointer dereference within the Netscape Plugin Application Programming Interface (NPAPI) that could lead to the NPAPI subsystem crashing. This issue requires a maliciously crafted NPAPI plugin in concert with scripted web content, resulting in a potentially exploitable crash when triggered. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-bez4-avz6-ske4
Aliases:
CVE-2016-1969
Security researcher James Clawson used the Address Sanitizer tool to discover an out-of-bounds write in the Graphite 2 library when loading a crafted Graphite font file. This results in a potentially exploitable crash.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-bwg8-x5ue-a3dc
Aliases:
CVE-2016-1952
Mozilla developers fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-czgu-dxgs-dyg8
Aliases:
CVE-2015-4521
Security researcher Ronald Crane reported eight vulnerabilities affecting released code that were found through code inspection. These included several potential memory safety issues resulting from the use of snprintf, one use of unowned memory, one use of a string without overflow checks, and five memory safety bugs. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-ddum-taaj-2kdx
Aliases:
CVE-2015-2710
Using the Address Sanitizer tool, security researcher Atte Kettunen found a buffer overflow during the rendering of SVG format graphics when combined with specific CSS properties on a page. This results in a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
31.8.0esr-1~deb7u1
Affected by 97 other vulnerabilities.
VCID-dwe4-y9ka-6qby
Aliases:
CVE-2015-2716
Security researcher Ucha Gobejishvili used the Address Sanitizer tool to find a buffer overflow while parsing compressed XML content. This was due to an error in how buffer space is created and modified when handling large amounts of XML data. This results in a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
31.8.0esr-1~deb7u1
Affected by 97 other vulnerabilities.
VCID-e3u7-eyhx-nqf3
Aliases:
CVE-2015-0801
Mozilla developer Olli Pettay reported that while investigating Mozilla Foundation Security Advisory 2015-28, he and Mozilla developer Boris Zbarsky found an alternate way to trigger a similar vulnerability. The previously reported flaw used an issue with SVG content navigation to bypass same-origin policy protections to run scripts in a privileged context. This newer variant found that the same flaw could be used during anchor navigation of a page, allowing bypassing of same-origin policy protections. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
31.6.0esr-1
Affected by 103 other vulnerabilities.
VCID-e9km-d4gr-9yds
Aliases:
CVE-2014-8638
Security researcher Muneaki Nishimura reported that navigator.sendBeacon() does not follow the cross-origin resource sharing (CORS) specification. This results in the request from sendBeacon() lacking an origin header in violation of the W3C Beacon specification and not being treated as a CORS request. This allows for a potential Cross-site request forgery (XSRF) attack from malicious websites. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
31.6.0esr-1
Affected by 103 other vulnerabilities.
VCID-e9nx-vbp7-mbbh
Aliases:
CVE-2015-7201
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-esvq-px6q-uubw
Aliases:
CVE-2015-7181
Mozilla engineers Tyson Smith and David Keeler reported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security Services (NSS). These issues were in octet string parsing and were found through fuzzing and code inspection. If these issues were triggered, they would lead to a potentially exploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in Firefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in the Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation. This leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-fbup-v86f-97ex
Aliases:
CVE-2016-2801
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-ffdk-g5vp-fya8
Aliases:
CVE-2015-4511
Using the Address Sanitizer tool, security researcher Atte Kettunen discovered a buffer overflow in the nestegg library when decoding a WebM format video with maliciously formatted headers. This leads to a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-fgfx-47ad-6fda
Aliases:
CVE-2014-1594
Security researchers Byoungyoung Lee, Chengyu Song, and Taesoo Kim at the Georgia Tech Information Security Center (GTISC) reported a bad casting from the BasicThebesLayer to BasicContainerLayer, resulting in undefined behavior. This behavior is potentially exploitable with some compilers but no clear mechanism to trigger it through web content was identified.
31.6.0esr-1
Affected by 103 other vulnerabilities.
VCID-fms6-tbu7-ybg5
Aliases:
CVE-2015-0822
Security researcher Armin Ebert reported that a user readable file in a known local path could be uploaded to a malicious site. This was done by manipulating the autocomplete feature in a form and user interaction with it. While the local file is not visibly uploaded through the form, its contents are made available through the Document Object Model (DOM) to script content on the attacking page, leading to information disclosure. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
31.6.0esr-1
Affected by 103 other vulnerabilities.
VCID-fydh-5vcp-tfd6
Aliases:
CVE-2016-1935
Security researcher Aki Helin used the Address Sanitizer tool to find a buffer overflow write when rendering some WebGL content. This leads to a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-fysn-7wu8-t3df
Aliases:
CVE-2015-0817
Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation (JIT) and its management of bounds checking for heap access. This flaw can be leveraged into the reading and writing of memory allowing for arbitary code execution on the local system.
31.6.0esr-1
Affected by 103 other vulnerabilities.
VCID-gbxv-bdeg-77d2
Aliases:
CVE-2015-4513
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-gsx6-4dvx-4ya7
Aliases:
CVE-2014-1583
Mozilla developer Boris Zbarsky reported that a malicious app could use the AlarmAPI to read the values of cross-origin references, such as an iframe's location object, as part of an alarm's JSON data. This allows a malicious app to bypass same-origin policy. Users are only at risk for this issue if a web app has been installed.
31.6.0esr-1
Affected by 103 other vulnerabilities.
VCID-h5yu-dhjs-jfhh
Aliases:
CVE-2015-4489
Security researcher Ronald Crane reported three vulnerabilities affecting released code that were found through code inspection. These included one use of unowned memory, one use of a deleted object, and one memory safety bug. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-he65-1wc6-hkf2
Aliases:
CVE-2015-7176
Security researcher Ronald Crane reported eight vulnerabilities affecting released code that were found through code inspection. These included several potential memory safety issues resulting from the use of snprintf, one use of unowned memory, one use of a string without overflow checks, and five memory safety bugs. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-hggy-wmkk-3udj
Aliases:
CVE-2015-2735
Security researcher Ronald Crane reported seven vulnerabilities affecting released code that he found through code inspection. These included three uses of uninitialized memory, one poor validation leading to an exploitable crash, one read of unowned memory in zip files, and two buffer overflows. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them.
31.8.0esr-1~deb7u1
Affected by 97 other vulnerabilities.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-hhuc-sqft-byfe
Aliases:
CVE-2015-2740
Security researcher Ronald Crane reported seven vulnerabilities affecting released code that he found through code inspection. These included three uses of uninitialized memory, one poor validation leading to an exploitable crash, one read of unowned memory in zip files, and two buffer overflows. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them.
31.8.0esr-1~deb7u1
Affected by 97 other vulnerabilities.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-hpa9-njdx-5bch
Aliases:
CVE-2015-2736
Security researcher Ronald Crane reported seven vulnerabilities affecting released code that he found through code inspection. These included three uses of uninitialized memory, one poor validation leading to an exploitable crash, one read of unowned memory in zip files, and two buffer overflows. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them.
31.8.0esr-1~deb7u1
Affected by 97 other vulnerabilities.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-hrwg-335p-kqbs
Aliases:
CVE-2015-7198
Security researcher Ronald Crane reported three vulnerabilities affecting released code that were found through code inspection. These included a buffer overflow in the ANGLE graphics library and two issues of missing status checks in SVG rendering and during cryptographic key manipulation. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-j7dr-d5kk-4kdt
Aliases:
CVE-2016-2798
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-jjf8-bfjp-d7fk
Aliases:
CVE-2014-8639
Security researcher Xiaofeng Zheng of the Blue Lotus Team at Tsinghua University reported reported that a Web Proxy returning a 407 Proxy Authentication response with a Set-Cookie header could inject cookies into the originally requested domain. This could be used for session-fixation attacks. This attack only allows cookies to be written but does not allow them to be read. In general this flaw cannot be exploited through email in the Thunderbird product, but is potentially a risk in browser or browser-like contexts.
31.6.0esr-1
Affected by 103 other vulnerabilities.
VCID-jxju-q8ue-r7g7
Aliases:
CVE-2016-2793
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-kbfp-dnry-duez
Aliases:
CVE-2015-2731
Security researcher Herre reported a use-after-free vulnerability when a Content Policy modifies the Document Object Model to remove a DOM object, which is then used afterwards due to an error in microtask implementation. This leads to an exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
31.8.0esr-1~deb7u1
Affected by 97 other vulnerabilities.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-kq9k-xvkp-cyg8
Aliases:
CVE-2015-4492
Security researcher Looben Yang discovered a use-after-free vulnerability when recursively calling .open() on an XMLHttpRequest in a SharedWorker.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-kxsu-7d8e-akcy
Aliases:
CVE-2015-0827
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to report an out-of-bounds read and an out-of-bounds write when rendering an improperly formatted SVG graphic. This could potentially allow the attacker to read uninitialized memory. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
31.6.0esr-1
Affected by 103 other vulnerabilities.
VCID-m93g-8dbv-dueb
Aliases:
CVE-2011-3079
Mozilla Developer Jed Davis and Mozilla security engineer Christoph Diehl reported that Mozilla had inherited a Inter-process Communication (IPC) vulnerability when IPC was introduced into Mozilla products through third-party code. This could allow for privilege escalation through IPC channels due to lack of message validation in the listener process. This issue only affects systems running Windows, leaving Linux and OS X unaffected.
31.8.0esr-1~deb7u1
Affected by 97 other vulnerabilities.
VCID-mx87-qd7k-y7aw
Aliases:
CVE-2014-1586
Mozilla developers Eric Shepherd and Jan-Ivar Bruaroey reported issues with privacy and video sharing using WebRTC. Once video sharing has started within a WebRTC session running within an <iframe>, video will continue to be shared even if the user selects the &quote;Stop Sharing" button in the controls. The camera will also remain on even if the user navigates to another site and will begin streaming again if the user returns to the original site. This is a privacy problem and can lead to inadvertent video streaming. This does not affect implementations that are not within an <iframe>. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
31.6.0esr-1
Affected by 103 other vulnerabilities.
VCID-n28y-9aw4-z3dq
Aliases:
CVE-2016-1962
Security researcher Dominique Hazaël-Massieux reported a use-after-free issue when using multiple WebRTC data channel connections. This causes a potentially exploitable crash when a data channel connection is freed from within a call through it.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-n7zq-kjfr-kfd3
Aliases:
CVE-2016-1950
Security researcher Francis Gabriel of Quarkslab reported a heap-based buffer overflow in the way the Network Security Services (NSS) libraries parsed certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause it to crash or execute arbitrary code with the permissions of the user. This issue has been addressed in the NSS releases shipping on affected Mozilla products:
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-ndf2-cp9s-c3cz
Aliases:
CVE-2016-1960
Security researcher ca0nguyen, working with HP's Zero Day Initiative, reported a use-after-free issue in the HTML5 string parser when parsing a particular set of table-related tags in a foreign fragment context such as SVG. This results in a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-nsws-w4pf-ruah
Aliases:
CVE-2015-4493
An anonymous researcher reported, via TippingPoint's Zero Day Initiative, two integer overflows in the libstagefright library that could be triggered by a malicious 'saio' chunk in an MPEG4 video. These overflows allowed for potential arbitrary code execution. This issue was independently reported by security researcher laf.intel.Security researcher Massimiliano Tomassoli also discovered an integer overflow issue when parsing an invalid MPEG4 video.Mozilla security engineers Tyson Smith and Christoph Diehl used the Address Sanitizer to find a buffer overflow when parsing an MPEG4 video with an invalid size in an ESDS chunk lead to memory corruption.Each of these reported issues result in potentially exploitable crashes that could allow for remote code execution.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-nwk4-r82n-mufd
Aliases:
CVE-2015-4487
Security researcher Ronald Crane reported three vulnerabilities affecting released code that were found through code inspection. These included one use of unowned memory, one use of a deleted object, and one memory safety bug. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-p7ny-wkrx-17e5
Aliases:
CVE-2015-0831
Security researcher Paul Bandha used the used the Address Sanitizer tool to discover a use-after-free vulnerability when running specific web content with IndexedDB to create an index. This leads to a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
31.6.0esr-1
Affected by 103 other vulnerabilities.
VCID-pcf5-552p-27gd
Aliases:
CVE-2015-4498
Security researcher Bas Venis reported a mechanism where add-ons could be installed from a different source than user expectations. Normally, when a user enters the URL to an add-on directly in the addressbar, warning prompts are bypassed because it is the result of direct user action. He discovered that a data: URL could be manipulated on a loaded page to simulate this direct user input of the add-on's URL, which would result in a bypassing of the install permission prompt. He also reported that in the absence of the permission prompt, it is possible to cause the actual installation prompt to appear above another site's location by causing a page navigation immediately after triggering add-on installation. This could manipulate a user into falsely believing a trusted site (such as addons.mozilla.org) has initiated the installation. This could lead to users installing an add-on from a malicious source.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-pgzb-622e-cyfw
Aliases:
CVE-2015-4519
Security researcher Mario Gomes reported that when a previously loaded image on a page is drag and dropped into content after a redirect, the redirected URL is available to scripts. This is a violation of the Fetch specification's defined behavior for "Atomic HTTP redirect handling" which states that redirected URLs are not exposed to any APIs. This can allow for information leakage. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-pnzg-ep3p-pbbn
Aliases:
CVE-2014-1585
Mozilla developers Eric Shepherd and Jan-Ivar Bruaroey reported issues with privacy and video sharing using WebRTC. Once video sharing has started within a WebRTC session running within an <iframe>, video will continue to be shared even if the user selects the &quote;Stop Sharing" button in the controls. The camera will also remain on even if the user navigates to another site and will begin streaming again if the user returns to the original site. This is a privacy problem and can lead to inadvertent video streaming. This does not affect implementations that are not within an <iframe>. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
31.6.0esr-1
Affected by 103 other vulnerabilities.
VCID-pr7m-6n68-5yb6
Aliases:
CVE-2015-4484
Security researcher Jukka Jylänki reported a crash that occurs because JavaScript, when using shared memory, does not properly gate access to Atomics or SharedArrayBuffer views in some contexts. This leads to a non-exploitable crash.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-pujn-ybay-m7gw
Aliases:
CVE-2015-0818
Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, a method to run arbitrary scripts in a privileged context. This bypassed the same-origin policy protections by using a flaw in the processing of SVG format content navigation. An incomplete version of this fix was shipped in Firefox 36.0.3 and Firefox ESR 31.5.2.
31.6.0esr-1
Affected by 103 other vulnerabilities.
VCID-q635-eehf-bkdg
Aliases:
CVE-2015-2743
Mozilla community member Jonas Jenwald reported broken behavior in Mozilla's PDF.js PDF file viewer which led to the discovery that internal Workers were incorrectly executed with high privilege. If this flaw were combined with a separate vulnerability allowing for same-origin policy violation, it could be used to run arbitrary code.
31.8.0esr-1~deb7u1
Affected by 97 other vulnerabilities.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-qq41-ja86-2ya2
Aliases:
CVE-2015-7212
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an integer overflow when when allocating textures of extremely larges sizes during graphics operations. This results in a potentially exploitable crash when triggered. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-qw8k-uaj6-pqgk
Aliases:
CVE-2015-4473
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-ravu-wrs4-pfb5
Aliases:
CVE-2015-2728
Security researcher Paul Bandha reported a type confusion error where part of IDBDatabase is read by the Indexed Database Manager and incorrectly used as a pointer when it shouldn't be used as such. This leads to memory corruption and the possibility of an exploitable crash.
31.8.0esr-1~deb7u1
Affected by 97 other vulnerabilities.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-rnq7-9xzc-zfcv
Aliases:
CVE-2015-0797
Security researcher Aki Helin used the Address Sanitizer tool to find a buffer overflow during video playback on Linux systems. This was due to a problem in older versions of the Gstreamer plugin during the parsing of H.264 formatted video. This issue could be used to induce a possibly exploitable crash. This issue does not affect the current 1.0 version of Gstreamer and does not affect Windows or OS X systems.
31.8.0esr-1~deb7u1
Affected by 97 other vulnerabilities.
VCID-rzxy-2ndy-wbes
Aliases:
CVE-2016-1958
Security researcher Abdulrahman Alqabandi reported an issue where an attacker can load an arbitrary web page but the addressbar's displayed URL will be blank or filled with page defined content. This can be used to obfuscate which page is currently loaded and allows for an attacker to spoof an existing page without the malicious page's address being displayed correctly.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-sgjb-7vua-xyhk
Aliases:
CVE-2014-8641
Security researcher Mitchell Harper discovered a read-after-free in WebRTC due to the way tracks are handled. This results in a either a potentially exploitable crash or incorrect WebRTC behavior.
31.6.0esr-1
Affected by 103 other vulnerabilities.
VCID-sq4k-ravc-27fr
Aliases:
CVE-2015-4480
An anonymous researcher reported, via TippingPoint's Zero Day Initiative, two integer overflows in the libstagefright library that could be triggered by a malicious 'saio' chunk in an MPEG4 video. These overflows allowed for potential arbitrary code execution. This issue was independently reported by security researcher laf.intel.Security researcher Massimiliano Tomassoli also discovered an integer overflow issue when parsing an invalid MPEG4 video.Mozilla security engineers Tyson Smith and Christoph Diehl used the Address Sanitizer to find a buffer overflow when parsing an MPEG4 video with an invalid size in an ESDS chunk lead to memory corruption.Each of these reported issues result in potentially exploitable crashes that could allow for remote code execution.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-sv59-6e26-bbgc
Aliases:
CVE-2015-2713
Security researcher Scott Bell used the Address Sanitizer tool to discover a use-after-free error during the processing of text when vertical text is enabled. This leads to a potentially exploitable crash.
31.8.0esr-1~deb7u1
Affected by 97 other vulnerabilities.
VCID-t4qy-pne2-tfg8
Aliases:
CVE-2016-2807
Mozilla developers fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-tekz-b2u3-8fcs
Aliases:
CVE-2016-1523
Security researcher Holger Fuhrmannek reported that a malicious Graphite "smart font" could circumvent the validation of internal instruction parameters in the Graphite 2 library using special CNTXT_ITEM instructions. This could result in arbitrary code execution. This issue affected Graphite 2 version 1.3.4, which was used in the Firefox ESR branch. To address this issue and other security vulnerabilities recently disclosed by Cisco Talos affecting this version of the library, Firefox ESR has been updated to version 1.3.5, the same one used in Firefox 44. In general this flaw cannot be exploited through email in the Thunderbird product, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-tpju-q2sh-rbck
Aliases:
CVE-2015-4000
Security researcher Matthew Green reported a Diffie–Hellman (DHE) key processing issue in Network Security Services (NSS) where a man-in-the-middle (MITM) attacker can force a server to downgrade TLS connections to 512-bit export-grade cryptography by modifying client requests to include only export-grade cipher suites. The resulting weak key can then be leveraged to impersonate the server. This attack is detailed in the "Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice" paper and is known as the "Logjam Attack."This issue was fixed in NSS version 3.19.1 by limiting the lower strength of supported DHE keys to use 1023 bit primes.
31.8.0esr-1~deb7u1
Affected by 97 other vulnerabilities.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-tsaz-z2hg-9bcw
Aliases:
CVE-2016-1965
Security researcher Tsubasa Iinuma reported a mechanism where the displayed addressbar can be spoofed to users. This issue involves using history navigation in concert with the Location protocol property. After navigating from a malicious page to another, if the user navigates back to the initial page, the displayed URL will not reflect the reloaded page. This could be used to trick users into potentially treating the page as a different and trusted site.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-tyk6-m1s7-7fcu
Aliases:
CVE-2015-7199
Security researcher Ronald Crane reported three vulnerabilities affecting released code that were found through code inspection. These included a buffer overflow in the ANGLE graphics library and two issues of missing status checks in SVG rendering and during cryptographic key manipulation. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-u62c-xz51-fbd4
Aliases:
CVE-2016-2790
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-u7ae-pca4-j7fp
Aliases:
CVE-2016-2795
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-uqhq-r8p1-k7fn
Aliases:
CVE-2016-2797
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-uu1s-gq4b-9fg2
Aliases:
CVE-2015-7194
Security researcher Gustavo Grieco reported a buffer underflow in libjar triggered through a maliciously crafted ZIP format file. This results in a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-uwy4-4nv5-q3ap
Aliases:
CVE-2015-4497
Mozilla community member Jean-Max Reymond discovered a use-after-free vulnerability with a <canvas> element on a page. This occurs when a resize event is triggered in concert with style changes but the canvas references have been recreated in the meantime, destroying the originally referenced context. This results in an exploitable crash.Ucha Gobejishvili, working with HP's Zero Day Initiative, subsequently reported this same issue.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-uz8d-y5tg-mkbj
Aliases:
CVE-2015-4488
Security researcher Ronald Crane reported three vulnerabilities affecting released code that were found through code inspection. These included one use of unowned memory, one use of a deleted object, and one memory safety bug. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-v3y1-1jnd-qkb7
Aliases:
CVE-2015-2739
Security researcher Ronald Crane reported seven vulnerabilities affecting released code that he found through code inspection. These included three uses of uninitialized memory, one poor validation leading to an exploitable crash, one read of unowned memory in zip files, and two buffer overflows. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them.
31.8.0esr-1~deb7u1
Affected by 97 other vulnerabilities.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-vf4x-44t6-13dz
Aliases:
CVE-2016-1961
Security researcher lokihardt, working with HP's Zero Day Initiative, reported a use-after-free issue in the SetBody function of HTMLDocument. This results in a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-vg39-zu3z-8yge
Aliases:
CVE-2016-1957
Security researchers Jose Martinez and Romina Santillan reported a memory leak in the libstagefright library when array destruction occurs during MPEG4 video file processing. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-vqr6-2f9b-p3gs
Aliases:
CVE-2015-4517
Security researcher Ronald Crane reported eight vulnerabilities affecting released code that were found through code inspection. These included several potential memory safety issues resulting from the use of snprintf, one use of unowned memory, one use of a string without overflow checks, and five memory safety bugs. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-vwf9-pj2p-hqat
Aliases:
CVE-2015-4478
Security researcher André Bargull reported non-configurable properties on JavaScript objects can be redefined while parsing JSON in violation of the ECMAScript 6 standard. This allows malicious web content to bypass same-origin policy by editing these properties to arbitrary values.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-w2n7-49dv-6ba3
Aliases:
CVE-2015-7188
Security researcher Michał Bentkowski reported that adding white-space characters to hostnames that are IP addresses can bypass same-origin policy. This flaw was caused by trailing whitespaces being evaluated differently when parsing IP addresses instead of alphanumeric hostnames. This could lead to a cross-site script (XSS) attack. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-w7aj-jn2q-juf3
Aliases:
CVE-2016-2814
Using Address Sanitizer, security researcher Sascha Just reported a buffer overflow in the libstagefright library due to issues with the handling of CENC offsets and the sizes table. This results in a potentially exploitable crash triggerable through web content.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-wh2u-5ttv-tbez
Aliases:
CVE-2015-7183
Mozilla engineers Tyson Smith and David Keeler reported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security Services (NSS). These issues were in octet string parsing and were found through fuzzing and code inspection. If these issues were triggered, they would lead to a potentially exploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in Firefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in the Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation. This leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-wmdm-wzx4-nkhr
Aliases:
CVE-2016-2794
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-wnpc-64sr-e7fq
Aliases:
CVE-2015-7193
Security researcher Shinto K Anto reported an issue with cross-origin resource sharing (CORS) "preflight" requests when receiving certain Content-Type headers. This is due to an error in implementation resulting in trying to process multiple media types when they are returned in the Content-Type headers from a server. This is disallowed in the CORS specification and results in a simple instead of a "preflight" request, leading to potential same-origin policy violation. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-wsup-bb2y-k3cs
Aliases:
CVE-2014-1581
Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free during text layout when interacting with text direction. This results in a crash which can lead to arbitrary code execution. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
31.6.0esr-1
Affected by 103 other vulnerabilities.
VCID-wywz-9zta-efdm
Aliases:
CVE-2015-0816
Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, that documents loaded though a resource: URL, such as Mozilla's PDF.js PDF file viewer, were able to subsequently load privileged chrome pages. The privilege restrictions on resource: URLs was handled incorrectly and these restrictions could be bypassed if this flaw was combined with a separate vulnerability allowing for same-origin policy violation, it could be used to run arbitrary code. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
31.6.0esr-1
Affected by 103 other vulnerabilities.
VCID-wzy1-nhp7-kfgk
Aliases:
CVE-2015-4479
An anonymous researcher reported, via TippingPoint's Zero Day Initiative, two integer overflows in the libstagefright library that could be triggered by a malicious 'saio' chunk in an MPEG4 video. These overflows allowed for potential arbitrary code execution. This issue was independently reported by security researcher laf.intel.Security researcher Massimiliano Tomassoli also discovered an integer overflow issue when parsing an invalid MPEG4 video.Mozilla security engineers Tyson Smith and Christoph Diehl used the Address Sanitizer to find a buffer overflow when parsing an MPEG4 video with an invalid size in an ESDS chunk lead to memory corruption.Each of these reported issues result in potentially exploitable crashes that could allow for remote code execution.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-x6eg-dt6c-cucv
Aliases:
CVE-2014-1593
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a buffer overflow during the parsing of media content. This leads to a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
31.6.0esr-1
Affected by 103 other vulnerabilities.
VCID-xm29-gc3a-23cg
Aliases:
CVE-2015-7196
Mozilla community member Vytautas Staraitis reported an issue with the interaction of Java applets and JavaScript. The Java plugin can deallocate a JavaScript wrapper when it is still in use, which leads to a JavaScript garbage collection crash. This crash is potentially exploitable. This issue only affects systems where Java is installed and enabled as a browser plugin. Other systems are unaffected.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-xmuc-c5b6-a3ab
Aliases:
CVE-2015-7214
Security researcher Tsubasa Iinuma reported a mechanism to violate same-origin policy to content using data: and view-source: URIs to confuse protections and bypass restrictions. This resulted in the ability to read data from cross-site URLs and local files. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-ybsg-p8wx-sqam
Aliases:
CVE-2016-1930
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-yqd8-64h2-ekcc
Aliases:
CVE-2015-7205
Security researcher Ronald Crane reported an underflow found through code inspection. This does not all have a clear mechanism to be exploited through web content but could be vulnerable if a means can be found to trigger it.In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-yrhc-hchg-7kf3
Aliases:
CVE-2016-2796
Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been updated to Graphite 2 version 1.3.6.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-ys4v-5s62-1yfq
Aliases:
DSA-3523-1 iceweasel
security update
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-yt4r-4gez-gfgc
Aliases:
CVE-2016-1526
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-yvmp-jgtb-bfcy
Aliases:
CVE-2015-2708
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts.
31.8.0esr-1~deb7u1
Affected by 97 other vulnerabilities.
VCID-z31y-mcqb-6kfn
Aliases:
CVE-2015-7177
Security researcher Ronald Crane reported eight vulnerabilities affecting released code that were found through code inspection. These included several potential memory safety issues resulting from the use of snprintf, one use of unowned memory, one use of a string without overflow checks, and five memory safety bugs. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-zcny-hn57-tqhu
Aliases:
CVE-2014-1577
Security researcher Holger Fuhrmannek used the used the Address Sanitizer tool to discover an out-of-bounds read issue with Web Audio when interacting with custom waveforms with invalid values. This results in a crash and could allow for the reading of random memory which may contain sensitive data, or of memory addresses that could be used in combination with another bug. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.
31.6.0esr-1
Affected by 103 other vulnerabilities.
VCID-zcv1-v457-37g8
Aliases:
CVE-2015-4475
Security researcher Aki Helin used the Address Sanitizer tool to discover an out-of-bounds read during playback of a malformed MP3 format audio file which switches sample formats. This could trigger a potentially exploitable crash or the reading of out-of-bounds memory content in some circumstances.
38.8.0esr-1~deb7u1
Affected by 4 other vulnerabilities.
VCID-zd36-7c8s-tych
Aliases:
CVE-2014-1587
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts.
31.6.0esr-1
Affected by 103 other vulnerabilities.
Vulnerabilities fixed by this package (12)
Vulnerability Summary Aliases
VCID-8k4x-p39x-p3hm Developer Patrick Cozzi reported a crash in some circumstances when using the Cesium JavaScript library to generate WebGL content. Mozilla developers determined that this crash is potentially exploitable. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. CVE-2014-1556
VCID-98gx-zzje-cfhx Security researcher Jethro Beekman of the University of California, Berkeley reported a crash when the FireOnStateChange event is triggered in some circumstances. This leads to a use-after-free and a potentially exploitable crash when it occurs. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. CVE-2014-1555
VCID-aacf-9zz5-bfag Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. CVE-2014-1533
VCID-cua7-h6xk-b7e6 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team reported an out of bounds write in the Netscape Portable Runtime (NSPR) leading to a potentially exploitable crash or code execution. This issue is fixed in NSPR version 4.10.6. This NSPR flaw was not exposed to web content in any shipped version of Firefox. CVE-2014-1545
VCID-cwa3-wrxa-8ff7 Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts. CVE-2014-1547
VCID-f1t3-3c36-bbh2 Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free during text layout when interacting with the setting of text direction. This results in a use-after-free which can lead to arbitrary code execution. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. CVE-2014-1567
VCID-grsd-14b8-5ydq Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts. CVE-2014-1562
VCID-kae4-f2ku-4fa4 Security researcher Nils used the Address Sanitizer to discover a use-after-free problem with the SMIL Animation Controller when interacting with and rendering improperly formed web content. This causes a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird and Seamonky products because scripting is disabled, but is potentially a risk in browser or browser-like contexts. CVE-2014-1541
VCID-mpbx-48aw-rbh2 Security researchers Tyson Smith and Jesse Schwartzentruber used the Address Sanitizer tool while fuzzing to discover a use-after-free error resulting in a crash. This is a result of a pair of NSSCertificate structures being added to a trust domain and then one of them is removed while they are still in use by the trusted cache. This crash is potentially exploitable. This issue was addressed in the Network Security Services (NSS) library in version 3.16.2, shipping on affected platforms.In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. CVE-2014-1544
VCID-s8v6-d8yn-u7bj Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a number of use-after-free and out of bounds read issues using the Address Sanitizer tool. These issues are potentially exploitable, allowing for remote code execution. In general this flaw cannot be exploited through email in the Thunderbird and Seamonky products because scripting is disabled, but is potentially a risk in browser or browser-like contexts. CVE-2014-1538
VCID-u6nu-186u-auh1 Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates.The Advanced Threat Research team at Intel Security also independently discovered and reported this issue.These have been addressed in the NSS releases shipping on affected Mozilla products: CVE-2014-1568
VCID-xepx-ajgs-43bz Mozilla community member John reported a crash in the Skia library when scaling high quality images if the scaling operation takes too long. This is caused by the image data being discarded while still in use by the scaling operation. This crash is potentially exploitable on some systems. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. CVE-2014-1557

Date Actor Action Vulnerability Source VulnerableCode Version
2025-08-01T10:34:54.212755+00:00 Debian Oval Importer Affected by VCID-xmuc-c5b6-a3ab https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:34:08.755878+00:00 Debian Oval Importer Affected by VCID-7xvr-jqtj-a3c7 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:33:22.750989+00:00 Debian Oval Importer Affected by VCID-w2n7-49dv-6ba3 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:33:13.434137+00:00 Debian Oval Importer Affected by VCID-9ufv-gdzx-m7gt https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:33:08.893892+00:00 Debian Oval Importer Affected by VCID-vqr6-2f9b-p3gs https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:32:58.854495+00:00 Debian Oval Importer Affected by VCID-tekz-b2u3-8fcs https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:31:54.535793+00:00 Debian Oval Importer Affected by VCID-asfc-cmcs-b7hm https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:31:43.828837+00:00 Debian Oval Importer Affected by VCID-wh2u-5ttv-tbez https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:31:04.525745+00:00 Debian Oval Importer Affected by VCID-29cd-ee2e-eudd https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:30:38.523220+00:00 Debian Oval Importer Affected by VCID-awjf-692c-dubk https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:30:27.123606+00:00 Debian Oval Importer Affected by VCID-pcf5-552p-27gd https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:29:26.389115+00:00 Debian Oval Importer Affected by VCID-kbfp-dnry-duez https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:26:27.701509+00:00 Debian Oval Importer Affected by VCID-7mjw-rf57-rugg https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:24:42.590667+00:00 Debian Oval Importer Affected by VCID-vf4x-44t6-13dz https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:24:20.503512+00:00 Debian Oval Importer Affected by VCID-uu1s-gq4b-9fg2 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:23:38.661287+00:00 Debian Oval Importer Affected by VCID-wnpc-64sr-e7fq https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:22:25.833195+00:00 Debian Oval Importer Affected by VCID-xm29-gc3a-23cg https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:22:04.608911+00:00 Debian Oval Importer Affected by VCID-wmdm-wzx4-nkhr https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:22:01.612645+00:00 Debian Oval Importer Affected by VCID-3725-z3mj-jubv https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:21:42.680439+00:00 Debian Oval Importer Affected by VCID-gbxv-bdeg-77d2 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:20:21.721307+00:00 Debian Oval Importer Affected by VCID-pgzb-622e-cyfw https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:20:14.951320+00:00 Debian Oval Importer Affected by VCID-hggy-wmkk-3udj https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:19:57.168899+00:00 Debian Oval Importer Affected by VCID-m93g-8dbv-dueb https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:19:30.837563+00:00 Debian Oval Importer Affected by VCID-ndf2-cp9s-c3cz https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:19:09.779957+00:00 Debian Oval Importer Affected by VCID-yt4r-4gez-gfgc https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:18:45.368703+00:00 Debian Oval Importer Affected by VCID-2nux-rchb-k3fq https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:18:36.017211+00:00 Debian Oval Importer Affected by VCID-sv59-6e26-bbgc https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:17:40.659544+00:00 Debian Oval Importer Affected by VCID-tyk6-m1s7-7fcu https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:17:01.898121+00:00 Debian Oval Importer Affected by VCID-q635-eehf-bkdg https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:16:50.522455+00:00 Debian Oval Importer Affected by VCID-1stj-xuxd-ykbt https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:16:38.216022+00:00 Debian Oval Importer Affected by VCID-czgu-dxgs-dyg8 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:16:33.712780+00:00 Debian Oval Importer Affected by VCID-h5yu-dhjs-jfhh https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:15:50.180848+00:00 Debian Oval Importer Affected by VCID-yqd8-64h2-ekcc https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:15:03.741264+00:00 Debian Oval Importer Affected by VCID-ddum-taaj-2kdx https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:14:52.138538+00:00 Debian Oval Importer Affected by VCID-7svy-v5cp-u3fd https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:14:25.088852+00:00 Debian Oval Importer Affected by VCID-j7dr-d5kk-4kdt https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:13:53.269327+00:00 Debian Oval Importer Affected by VCID-uqhq-r8p1-k7fn https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:13:52.531534+00:00 Debian Oval Importer Affected by VCID-he65-1wc6-hkf2 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:12:56.481457+00:00 Debian Oval Importer Affected by VCID-ab54-wdtp-33ea https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:11:52.922158+00:00 Debian Oval Importer Affected by VCID-fbup-v86f-97ex https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:11:38.146650+00:00 Debian Oval Importer Affected by VCID-t4qy-pne2-tfg8 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:11:29.957867+00:00 Debian Oval Importer Affected by VCID-bez4-avz6-ske4 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:10:34.132171+00:00 Debian Oval Importer Affected by VCID-z31y-mcqb-6kfn https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:10:01.662798+00:00 Debian Oval Importer Affected by VCID-bwg8-x5ue-a3dc https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:09:27.994336+00:00 Debian Oval Importer Affected by VCID-uz8d-y5tg-mkbj https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:09:10.355868+00:00 Debian Oval Importer Affected by VCID-rzxy-2ndy-wbes https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:07:55.335448+00:00 Debian Oval Importer Affected by VCID-n7zq-kjfr-kfd3 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:07:23.842364+00:00 Debian Oval Importer Affected by VCID-hhuc-sqft-byfe https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:06:40.835335+00:00 Debian Oval Importer Affected by VCID-ravu-wrs4-pfb5 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:06:36.477947+00:00 Debian Oval Importer Affected by VCID-9dq3-sh61-s3h9 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:06:24.418391+00:00 Debian Oval Importer Affected by VCID-dwe4-y9ka-6qby https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:06:23.018197+00:00 Debian Oval Importer Affected by VCID-arv7-nfbr-dfc1 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:06:21.595216+00:00 Debian Oval Importer Affected by VCID-fydh-5vcp-tfd6 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:05:29.907531+00:00 Debian Oval Importer Affected by VCID-w7aj-jn2q-juf3 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:05:22.319541+00:00 Debian Oval Importer Affected by VCID-tpju-q2sh-rbck https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:05:16.084692+00:00 Debian Oval Importer Affected by VCID-adqx-5gbp-pkbg https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:05:04.010660+00:00 Debian Oval Importer Affected by VCID-4ar5-4gpb-2qba https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:04:37.489312+00:00 Debian Oval Importer Affected by VCID-96kj-we17-vkd2 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:03:46.808103+00:00 Debian Oval Importer Affected by VCID-e9nx-vbp7-mbbh https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:03:40.542526+00:00 Debian Oval Importer Affected by VCID-hpa9-njdx-5bch https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:03:29.730543+00:00 Debian Oval Importer Affected by VCID-2bx8-2dn3-zyhv https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:03:20.860503+00:00 Debian Oval Importer Affected by VCID-sq4k-ravc-27fr https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:02:39.810282+00:00 Debian Oval Importer Affected by VCID-4thd-5556-b3gc https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:02:22.701807+00:00 Debian Oval Importer Affected by VCID-u62c-xz51-fbd4 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:02:21.256881+00:00 Debian Oval Importer Affected by VCID-kq9k-xvkp-cyg8 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:02:16.292638+00:00 Debian Oval Importer Affected by VCID-jxju-q8ue-r7g7 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:02:15.543718+00:00 Debian Oval Importer Affected by VCID-21wp-eycu-kbfu https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:02:02.487388+00:00 Debian Oval Importer Affected by VCID-zcv1-v457-37g8 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:01:32.533371+00:00 Debian Oval Importer Affected by VCID-3nmw-zq4v-ebgc https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:01:30.232628+00:00 Debian Oval Importer Affected by VCID-nwk4-r82n-mufd https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:01:24.361238+00:00 Debian Oval Importer Affected by VCID-uwy4-4nv5-q3ap https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:00:30.463129+00:00 Debian Oval Importer Affected by VCID-tsaz-z2hg-9bcw https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:00:17.193434+00:00 Debian Oval Importer Affected by VCID-vg39-zu3z-8yge https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:00:10.040708+00:00 Debian Oval Importer Affected by VCID-1msn-8tvt-ekhd https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:00:08.581153+00:00 Debian Oval Importer Affected by VCID-yvmp-jgtb-bfcy https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T10:00:05.533836+00:00 Debian Oval Importer Affected by VCID-24dk-u885-wuc4 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:59:53.007647+00:00 Debian Oval Importer Affected by VCID-9pm7-9tph-f3fz https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:59:22.232723+00:00 Debian Oval Importer Affected by VCID-6nes-q68w-ebgt https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:59:04.501774+00:00 Debian Oval Importer Affected by VCID-5hjp-yuf4-dqd6 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:59:00.144017+00:00 Debian Oval Importer Affected by VCID-3zm4-kw65-5khp https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:58:48.409398+00:00 Debian Oval Importer Affected by VCID-9kxm-srck-suga https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:58:43.226343+00:00 Debian Oval Importer Affected by VCID-esvq-px6q-uubw https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:58:20.961992+00:00 Debian Oval Importer Affected by VCID-rnq7-9xzc-zfcv https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:58:03.470736+00:00 Debian Oval Importer Affected by VCID-pr7m-6n68-5yb6 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:57:39.459921+00:00 Debian Oval Importer Affected by VCID-age6-jr9v-2qcq https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:57:15.170175+00:00 Debian Oval Importer Affected by VCID-8pk6-9wzx-47da https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:56:34.957603+00:00 Debian Oval Importer Affected by VCID-8n69-wvzb-4kf9 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:55:33.352268+00:00 Debian Oval Importer Affected by VCID-abc6-u8w3-mfdw https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:55:28.730038+00:00 Debian Oval Importer Affected by VCID-n28y-9aw4-z3dq https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:55:23.597131+00:00 Debian Oval Importer Affected by VCID-u7ae-pca4-j7fp https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:55:17.569799+00:00 Debian Oval Importer Affected by VCID-qw8k-uaj6-pqgk https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:54:53.986019+00:00 Debian Oval Importer Affected by VCID-3mbe-grmk-nybd https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:54:06.276079+00:00 Debian Oval Importer Affected by VCID-ffdk-g5vp-fya8 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:53:10.099862+00:00 Debian Oval Importer Affected by VCID-vwf9-pj2p-hqat https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:53:02.792644+00:00 Debian Oval Importer Affected by VCID-wzy1-nhp7-kfgk https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:52:30.762372+00:00 Debian Oval Importer Affected by VCID-nsws-w4pf-ruah https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:51:47.477819+00:00 Debian Oval Importer Affected by VCID-yrhc-hchg-7kf3 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:51:25.628702+00:00 Debian Oval Importer Affected by VCID-qq41-ja86-2ya2 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:51:20.589459+00:00 Debian Oval Importer Affected by VCID-ys4v-5s62-1yfq https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:51:07.875910+00:00 Debian Oval Importer Affected by VCID-v3y1-1jnd-qkb7 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:51:01.362814+00:00 Debian Oval Importer Affected by VCID-hrwg-335p-kqbs https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:50:34.013252+00:00 Debian Oval Importer Affected by VCID-ybsg-p8wx-sqam https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:50:32.611619+00:00 Debian Oval Importer Affected by VCID-bexe-a2pb-8ubp https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0
2025-08-01T09:50:18.533483+00:00 Debian Oval Importer Affected by VCID-sq4k-ravc-27fr https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:50:08.755896+00:00 Debian Oval Importer Affected by VCID-qq41-ja86-2ya2 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:49:55.210419+00:00 Debian Oval Importer Affected by VCID-he65-1wc6-hkf2 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:49:26.649569+00:00 Debian Oval Importer Affected by VCID-9pm7-9tph-f3fz https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:49:16.814389+00:00 Debian Oval Importer Affected by VCID-rzxy-2ndy-wbes https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:49:11.088744+00:00 Debian Oval Importer Fixing VCID-s8v6-d8yn-u7bj https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:48:51.822190+00:00 Debian Oval Importer Affected by VCID-x6eg-dt6c-cucv https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:48:25.789025+00:00 Debian Oval Importer Affected by VCID-mx87-qd7k-y7aw https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:48:13.795842+00:00 Debian Oval Importer Affected by VCID-3mbe-grmk-nybd https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:48:06.585684+00:00 Debian Oval Importer Affected by VCID-czgu-dxgs-dyg8 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:47:54.716195+00:00 Debian Oval Importer Affected by VCID-tsaz-z2hg-9bcw https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:47:20.861211+00:00 Debian Oval Importer Affected by VCID-9kxm-srck-suga https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:47:10.295678+00:00 Debian Oval Importer Affected by VCID-8pk6-9wzx-47da https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:46:58.240274+00:00 Debian Oval Importer Affected by VCID-7xvr-jqtj-a3c7 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:46:32.452224+00:00 Debian Oval Importer Affected by VCID-fysn-7wu8-t3df https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:46:31.737960+00:00 Debian Oval Importer Affected by VCID-uu1s-gq4b-9fg2 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:46:31.017018+00:00 Debian Oval Importer Affected by VCID-hggy-wmkk-3udj https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:46:21.244617+00:00 Debian Oval Importer Affected by VCID-z31y-mcqb-6kfn https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:46:04.396784+00:00 Debian Oval Importer Affected by VCID-pcf5-552p-27gd https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:45:27.472442+00:00 Debian Oval Importer Affected by VCID-5arh-jpfa-aya9 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:45:21.044227+00:00 Debian Oval Importer Affected by VCID-8n69-wvzb-4kf9 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:45:17.495850+00:00 Debian Oval Importer Affected by VCID-4ymv-58y7-kybh https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:45:06.204961+00:00 Debian Oval Importer Affected by VCID-hhuc-sqft-byfe https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:45:04.085167+00:00 Debian Oval Importer Affected by VCID-nsws-w4pf-ruah https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:44:37.781410+00:00 Debian Oval Importer Affected by VCID-awjf-692c-dubk https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:44:31.267619+00:00 Debian Oval Importer Affected by VCID-u62c-xz51-fbd4 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:44:22.657272+00:00 Debian Oval Importer Fixing VCID-f1t3-3c36-bbh2 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:44:10.427662+00:00 Debian Oval Importer Affected by VCID-adqx-5gbp-pkbg https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:44:02.137776+00:00 Debian Oval Importer Affected by VCID-4ar5-4gpb-2qba https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:44:00.660595+00:00 Debian Oval Importer Affected by VCID-5hjp-yuf4-dqd6 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:43:44.703086+00:00 Debian Oval Importer Affected by VCID-rnq7-9xzc-zfcv https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:42:58.077650+00:00 Debian Oval Importer Affected by VCID-u7ae-pca4-j7fp https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:42:56.678317+00:00 Debian Oval Importer Affected by VCID-21wp-eycu-kbfu https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:42:33.157948+00:00 Debian Oval Importer Affected by VCID-vwf9-pj2p-hqat https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:41:57.197867+00:00 Debian Oval Importer Affected by VCID-vg39-zu3z-8yge https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:41:47.896235+00:00 Debian Oval Importer Affected by VCID-j7dr-d5kk-4kdt https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:41:10.783042+00:00 Debian Oval Importer Affected by VCID-7svy-v5cp-u3fd https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:41:04.430247+00:00 Debian Oval Importer Affected by VCID-sv59-6e26-bbgc https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:40:26.473493+00:00 Debian Oval Importer Affected by VCID-6nes-q68w-ebgt https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:40:23.601899+00:00 Debian Oval Importer Affected by VCID-w7aj-jn2q-juf3 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:40:08.169339+00:00 Debian Oval Importer Affected by VCID-pujn-ybay-m7gw https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:39:58.952984+00:00 Debian Oval Importer Affected by VCID-ddum-taaj-2kdx https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:39:49.654944+00:00 Debian Oval Importer Affected by VCID-ab54-wdtp-33ea https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:39:41.197040+00:00 Debian Oval Importer Affected by VCID-tyk6-m1s7-7fcu https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:39:30.707959+00:00 Debian Oval Importer Affected by VCID-2nux-rchb-k3fq https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:39:23.796653+00:00 Debian Oval Importer Affected by VCID-9g92-xeur-sue1 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:38:51.077219+00:00 Debian Oval Importer Affected by VCID-jxju-q8ue-r7g7 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:38:48.238890+00:00 Debian Oval Importer Affected by VCID-bexe-a2pb-8ubp https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:38:44.578781+00:00 Debian Oval Importer Affected by VCID-pnzg-ep3p-pbbn https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:38:34.672327+00:00 Debian Oval Importer Affected by VCID-age6-jr9v-2qcq https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:38:06.284816+00:00 Debian Oval Importer Affected by VCID-uqhq-r8p1-k7fn https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:38:04.804648+00:00 Debian Oval Importer Affected by VCID-24dk-u885-wuc4 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:37:48.381347+00:00 Debian Oval Importer Affected by VCID-w2n7-49dv-6ba3 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:37:32.200477+00:00 Debian Oval Importer Affected by VCID-wywz-9zta-efdm https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:37:27.902088+00:00 Debian Oval Importer Affected by VCID-gbxv-bdeg-77d2 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:37:19.390758+00:00 Debian Oval Importer Affected by VCID-vf4x-44t6-13dz https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:37:16.539404+00:00 Debian Oval Importer Affected by VCID-kq9k-xvkp-cyg8 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:36:52.556372+00:00 Debian Oval Importer Fixing VCID-kae4-f2ku-4fa4 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:36:29.051652+00:00 Debian Oval Importer Affected by VCID-asfc-cmcs-b7hm https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:36:24.711196+00:00 Debian Oval Importer Affected by VCID-27bs-ub3m-7fcx https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:36:16.255392+00:00 Debian Oval Importer Affected by VCID-yt4r-4gez-gfgc https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:36:13.339297+00:00 Debian Oval Importer Affected by VCID-ndf2-cp9s-c3cz https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:35:50.882618+00:00 Debian Oval Importer Affected by VCID-kbfp-dnry-duez https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:35:35.451060+00:00 Debian Oval Importer Affected by VCID-1msn-8tvt-ekhd https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:35:29.697749+00:00 Debian Oval Importer Affected by VCID-pr7m-6n68-5yb6 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:34:38.912746+00:00 Debian Oval Importer Fixing VCID-aacf-9zz5-bfag https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:34:16.161440+00:00 Debian Oval Importer Affected by VCID-h5yu-dhjs-jfhh https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:34:07.063801+00:00 Debian Oval Importer Affected by VCID-jjf8-bfjp-d7fk https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:33:46.453805+00:00 Debian Oval Importer Affected by VCID-vqr6-2f9b-p3gs https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:33:36.421015+00:00 Debian Oval Importer Affected by VCID-bez4-avz6-ske4 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:33:31.468602+00:00 Debian Oval Importer Fixing VCID-mpbx-48aw-rbh2 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:33:27.252766+00:00 Debian Oval Importer Affected by VCID-uz8d-y5tg-mkbj https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:33:23.699799+00:00 Debian Oval Importer Affected by VCID-zd36-7c8s-tych https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:33:16.600019+00:00 Debian Oval Importer Affected by VCID-ys4v-5s62-1yfq https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:33:14.475136+00:00 Debian Oval Importer Fixing VCID-98gx-zzje-cfhx https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:33:05.826204+00:00 Debian Oval Importer Affected by VCID-m93g-8dbv-dueb https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:33:03.671061+00:00 Debian Oval Importer Affected by VCID-n7zq-kjfr-kfd3 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:32:57.971417+00:00 Debian Oval Importer Fixing VCID-xepx-ajgs-43bz https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:32:56.584578+00:00 Debian Oval Importer Affected by VCID-q635-eehf-bkdg https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:32:27.476065+00:00 Debian Oval Importer Affected by VCID-e3u7-eyhx-nqf3 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:32:18.200993+00:00 Debian Oval Importer Affected by VCID-2bx8-2dn3-zyhv https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:32:13.193828+00:00 Debian Oval Importer Affected by VCID-wmdm-wzx4-nkhr https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:32:08.890807+00:00 Debian Oval Importer Fixing VCID-cwa3-wrxa-8ff7 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:32:06.043291+00:00 Debian Oval Importer Affected by VCID-xm29-gc3a-23cg https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:31:57.574537+00:00 Debian Oval Importer Affected by VCID-yvmp-jgtb-bfcy https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:31:54.066111+00:00 Debian Oval Importer Affected by VCID-pgzb-622e-cyfw https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:31:34.290398+00:00 Debian Oval Importer Affected by VCID-wsup-bb2y-k3cs https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:31:18.666217+00:00 Debian Oval Importer Affected by VCID-3nmw-zq4v-ebgc https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:31:05.842805+00:00 Debian Oval Importer Affected by VCID-tpju-q2sh-rbck https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:30:57.148223+00:00 Debian Oval Importer Affected by VCID-yrhc-hchg-7kf3 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:30:54.253346+00:00 Debian Oval Importer Affected by VCID-7mjw-rf57-rugg https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:30:39.096701+00:00 Debian Oval Importer Affected by VCID-9ufv-gdzx-m7gt https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:30:29.015501+00:00 Debian Oval Importer Affected by VCID-1atw-2txv-jydj https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:30:02.662153+00:00 Debian Oval Importer Affected by VCID-96kj-we17-vkd2 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:29:55.460992+00:00 Debian Oval Importer Affected by VCID-fgfx-47ad-6fda https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:29:31.878088+00:00 Debian Oval Importer Affected by VCID-p7ny-wkrx-17e5 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:29:24.804076+00:00 Debian Oval Importer Fixing VCID-grsd-14b8-5ydq https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:29:00.035312+00:00 Debian Oval Importer Affected by VCID-hrwg-335p-kqbs https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:28:57.715653+00:00 Debian Oval Importer Affected by VCID-tekz-b2u3-8fcs https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:28:40.955150+00:00 Debian Oval Importer Affected by VCID-t4qy-pne2-tfg8 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:28:22.177359+00:00 Debian Oval Importer Affected by VCID-6929-dm6j-ufgv https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:27:32.508253+00:00 Debian Oval Importer Affected by VCID-9dhq-vhpf-eqg3 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:27:15.913754+00:00 Debian Oval Importer Affected by VCID-nwk4-r82n-mufd https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:27:06.686734+00:00 Debian Oval Importer Affected by VCID-yqd8-64h2-ekcc https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:26:58.167786+00:00 Debian Oval Importer Affected by VCID-hpa9-njdx-5bch https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:26:27.093104+00:00 Debian Oval Importer Affected by VCID-9dq3-sh61-s3h9 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:26:26.361981+00:00 Debian Oval Importer Affected by VCID-29cd-ee2e-eudd https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:26:06.205715+00:00 Debian Oval Importer Affected by VCID-v3y1-1jnd-qkb7 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:26:02.574280+00:00 Debian Oval Importer Fixing VCID-8k4x-p39x-p3hm https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:25:59.708602+00:00 Debian Oval Importer Affected by VCID-wh2u-5ttv-tbez https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:25:06.271102+00:00 Debian Oval Importer Affected by VCID-e9nx-vbp7-mbbh https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:24:41.854768+00:00 Debian Oval Importer Affected by VCID-arv7-nfbr-dfc1 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:24:02.921779+00:00 Debian Oval Importer Affected by VCID-n28y-9aw4-z3dq https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:23:59.309776+00:00 Debian Oval Importer Affected by VCID-fydh-5vcp-tfd6 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:23:57.880825+00:00 Debian Oval Importer Affected by VCID-uwy4-4nv5-q3ap https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:23:37.791079+00:00 Debian Oval Importer Affected by VCID-wzy1-nhp7-kfgk https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:23:27.176739+00:00 Debian Oval Importer Affected by VCID-fms6-tbu7-ybg5 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:23:24.415103+00:00 Debian Oval Importer Affected by VCID-zcv1-v457-37g8 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:23:22.279774+00:00 Debian Oval Importer Affected by VCID-esvq-px6q-uubw https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:23:21.542868+00:00 Debian Oval Importer Affected by VCID-abc6-u8w3-mfdw https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:23:04.774372+00:00 Debian Oval Importer Affected by VCID-bwg8-x5ue-a3dc https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:22:32.805370+00:00 Debian Oval Importer Fixing VCID-u6nu-186u-auh1 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:22:22.116663+00:00 Debian Oval Importer Affected by VCID-4thd-5556-b3gc https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:22:12.691173+00:00 Debian Oval Importer Affected by VCID-43hc-6n9u-7yer https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:22:04.968970+00:00 Debian Oval Importer Affected by VCID-ravu-wrs4-pfb5 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:22:00.711451+00:00 Debian Oval Importer Affected by VCID-dwe4-y9ka-6qby https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:21:47.816145+00:00 Debian Oval Importer Affected by VCID-zcny-hn57-tqhu https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:21:38.366061+00:00 Debian Oval Importer Affected by VCID-fbup-v86f-97ex https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:21:23.457433+00:00 Debian Oval Importer Affected by VCID-e9km-d4gr-9yds https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:21:05.480573+00:00 Debian Oval Importer Affected by VCID-3725-z3mj-jubv https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:20:28.748023+00:00 Debian Oval Importer Affected by VCID-gsx6-4dvx-4ya7 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:20:23.733924+00:00 Debian Oval Importer Affected by VCID-1stj-xuxd-ykbt https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:20:07.219529+00:00 Debian Oval Importer Affected by VCID-ybsg-p8wx-sqam https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:19:51.709683+00:00 Debian Oval Importer Affected by VCID-11n2-z2te-8uhz https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:19:48.040237+00:00 Debian Oval Importer Affected by VCID-xmuc-c5b6-a3ab https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:19:16.003293+00:00 Debian Oval Importer Affected by VCID-b6p1-6aza-due3 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:19:15.305645+00:00 Debian Oval Importer Affected by VCID-kxsu-7d8e-akcy https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:19:02.680734+00:00 Debian Oval Importer Affected by VCID-sgjb-7vua-xyhk https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:19:00.620153+00:00 Debian Oval Importer Affected by VCID-3zm4-kw65-5khp https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:18:47.122720+00:00 Debian Oval Importer Affected by VCID-wnpc-64sr-e7fq https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:18:42.163214+00:00 Debian Oval Importer Affected by VCID-qw8k-uaj6-pqgk https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:18:40.069104+00:00 Debian Oval Importer Affected by VCID-ffdk-g5vp-fya8 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0
2025-08-01T09:18:36.519142+00:00 Debian Oval Importer Fixing VCID-cua7-h6xk-b7e6 https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 37.0.0