Vulnerabilities > CVE-2004-0722

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
netscape
mozilla
nessus
exploit available

Summary

Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.

Vulnerable Configurations

Part Description Count
Application
Netscape
2
Application
Mozilla
1

Exploit-Db

descriptionMozilla 1.x and Netscape 7.0/7.1 SOAPParameter Integer Overflow Vulnerability. CVE-2004-0722. Dos exploit for linux platform
idEDB-ID:24346
last seen2016-02-02
modified2004-08-02
published2004-08-02
reporterzen-parse
sourcehttps://www.exploit-db.com/download/24346/
titleMozilla 1.x and Netscape 7.0/7.1 SOAPParameter Integer Overflow Vulnerability

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-421.NASL
    descriptionUpdated mozilla packages based on version 1.4.3 that fix a number of security issues for Red Hat Enterprise Linux are now available. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A number of flaws have been found in Mozilla 1.4 that have been fixed in the Mozilla 1.4.3 release : Zen Parse reported improper input validation to the SOAPParameter object constructor leading to an integer overflow and controllable heap corruption. Malicious JavaScript could be written to utilize this flaw and could allow arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0722 to this issue. During a source code audit, Chris Evans discovered a buffer overflow and integer overflows which affect the libpng code inside Mozilla. An attacker could create a carefully crafted PNG file in such a way that it would cause Mozilla to crash or execute arbitrary code when the image was viewed. (CVE-2004-0597, CVE-2004-0599) Zen Parse reported a flaw in the POP3 capability. A malicious POP3 server could send a carefully crafted response that would cause a heap overflow and potentially allow execution of arbitrary code as the user running Mozilla. (CVE-2004-0757) Marcel Boesch found a flaw that allows a CA certificate to be imported with a DN the same as that of the built-in CA root certificates, which can cause a denial of service to SSL pages, as the malicious certificate is treated as invalid. (CVE-2004-0758) Met - Martin Hassman reported a flaw in Mozilla that could allow malicious JavaScript code to upload local files from a users machine without requiring confirmation. (CVE-2004-0759) Mindlock Security reported a flaw in ftp URI handling. By using a NULL character (%00) in a ftp URI, Mozilla can be confused into opening a resource as a different MIME type. (CVE-2004-0760) Mozilla does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates website spoofing and other attacks, also known as the frame injection vulnerability. (CVE-2004-0718) Tolga Tarhan reported a flaw that can allow a malicious webpage to use a redirect sequence to spoof the security lock icon that makes a webpage appear to be encrypted. (CVE-2004-0761) Jesse Ruderman reported a security issue that affects a number of browsers including Mozilla that could allow malicious websites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box. (CVE-2004-0762) Emmanouel Kellinis discovered a caching flaw in Mozilla which allows malicious websites to spoof certificates of trusted websites via redirects and JavaScript that uses the
    last seen2020-06-01
    modified2020-06-02
    plugin id14214
    published2004-08-05
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/14214
    titleRHEL 2.1 / 3 : mozilla (RHSA-2004:421)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2004:421. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(14214);
      script_version ("1.35");
      script_cvs_date("Date: 2019/10/25 13:36:10");
    
      script_cve_id("CVE-2004-0597", "CVE-2004-0599", "CVE-2004-0718", "CVE-2004-0722", "CVE-2004-0757", "CVE-2004-0758", "CVE-2004-0759", "CVE-2004-0760", "CVE-2004-0761", "CVE-2004-0762", "CVE-2004-0763", "CVE-2004-0764", "CVE-2004-0765");
      script_xref(name:"RHSA", value:"2004:421");
    
      script_name(english:"RHEL 2.1 / 3 : mozilla (RHSA-2004:421)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated mozilla packages based on version 1.4.3 that fix a number of
    security issues for Red Hat Enterprise Linux are now available.
    
    Mozilla is an open source Web browser, advanced email and newsgroup
    client, IRC chat client, and HTML editor.
    
    A number of flaws have been found in Mozilla 1.4 that have been fixed
    in the Mozilla 1.4.3 release :
    
    Zen Parse reported improper input validation to the SOAPParameter
    object constructor leading to an integer overflow and controllable
    heap corruption. Malicious JavaScript could be written to utilize this
    flaw and could allow arbitrary code execution. The Common
    Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
    name CVE-2004-0722 to this issue.
    
    During a source code audit, Chris Evans discovered a buffer overflow
    and integer overflows which affect the libpng code inside Mozilla. An
    attacker could create a carefully crafted PNG file in such a way that
    it would cause Mozilla to crash or execute arbitrary code when the
    image was viewed. (CVE-2004-0597, CVE-2004-0599)
    
    Zen Parse reported a flaw in the POP3 capability. A malicious POP3
    server could send a carefully crafted response that would cause a heap
    overflow and potentially allow execution of arbitrary code as the user
    running Mozilla. (CVE-2004-0757)
    
    Marcel Boesch found a flaw that allows a CA certificate to be imported
    with a DN the same as that of the built-in CA root certificates, which
    can cause a denial of service to SSL pages, as the malicious
    certificate is treated as invalid. (CVE-2004-0758)
    
    Met - Martin Hassman reported a flaw in Mozilla that could allow
    malicious JavaScript code to upload local files from a users machine
    without requiring confirmation. (CVE-2004-0759)
    
    Mindlock Security reported a flaw in ftp URI handling. By using a NULL
    character (%00) in a ftp URI, Mozilla can be confused into opening a
    resource as a different MIME type. (CVE-2004-0760)
    
    Mozilla does not properly prevent a frame in one domain from injecting
    content into a frame that belongs to another domain, which facilitates
    website spoofing and other attacks, also known as the frame injection
    vulnerability. (CVE-2004-0718)
    
    Tolga Tarhan reported a flaw that can allow a malicious webpage to use
    a redirect sequence to spoof the security lock icon that makes a
    webpage appear to be encrypted. (CVE-2004-0761)
    
    Jesse Ruderman reported a security issue that affects a number of
    browsers including Mozilla that could allow malicious websites to
    install arbitrary extensions by using interactive events to manipulate
    the XPInstall Security dialog box. (CVE-2004-0762)
    
    Emmanouel Kellinis discovered a caching flaw in Mozilla which allows
    malicious websites to spoof certificates of trusted websites via
    redirects and JavaScript that uses the 'onunload' method.
    (CVE-2004-0763)
    
    Mozilla allowed malicious websites to hijack the user interface via
    the 'chrome' flag and XML User Interface Language (XUL) files.
    (CVE-2004-0764)
    
    The cert_TestHostName function in Mozilla only checks the hostname
    portion of a certificate when the hostname portion of the URI is not a
    fully qualified domain name (FQDN). This flaw could be used for
    spoofing if an attacker had control of machines on a default DNS
    search path. (CVE-2004-0765)
    
    All users are advised to update to these erratum packages which
    contain a snapshot of Mozilla 1.4.3 including backported fixes and are
    not vulnerable to these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0597"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0599"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0718"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0757"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0758"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0759"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0760"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0761"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0762"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0763"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0764"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0765"
      );
      # http://bugzilla.mozilla.org/show_bug.cgi?id=236618
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=236618"
      );
      # http://bugzilla.mozilla.org/show_bug.cgi?id=251381
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=251381"
      );
      # http://bugzilla.mozilla.org/show_bug.cgi?id=229374
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=229374"
      );
      # http://bugzilla.mozilla.org/show_bug.cgi?id=249004
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=249004"
      );
      # http://bugzilla.mozilla.org/show_bug.cgi?id=241924
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=241924"
      );
      # http://bugzilla.mozilla.org/show_bug.cgi?id=250906
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=250906"
      );
      # http://bugzilla.mozilla.org/show_bug.cgi?id=246448
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=246448"
      );
      # http://bugzilla.mozilla.org/show_bug.cgi?id=240053
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=240053"
      );
      # http://bugzilla.mozilla.org/show_bug.cgi?id=162020
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=162020"
      );
      # http://bugzilla.mozilla.org/show_bug.cgi?id=253121
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=253121"
      );
      # http://bugzilla.mozilla.org/show_bug.cgi?id=244965
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=244965"
      );
      # http://bugzilla.mozilla.org/show_bug.cgi?id=234058
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=234058"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2004:421"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:galeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-chat");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-js-debugger");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-mail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nss-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/07/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2004/08/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2004:421";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"galeon-1.2.13-3.2.1")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-1.4.3-2.1.2")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-chat-1.4.3-2.1.2")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-devel-1.4.3-2.1.2")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-dom-inspector-1.4.3-2.1.2")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-js-debugger-1.4.3-2.1.2")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-mail-1.4.3-2.1.2")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nspr-1.4.3-2.1.2")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nspr-devel-1.4.3-2.1.2")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nss-1.4.3-2.1.2")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nss-devel-1.4.3-2.1.2")) flag++;
    
      if (rpm_check(release:"RHEL3", reference:"mozilla-1.4.3-3.0.2")) flag++;
      if (rpm_check(release:"RHEL3", reference:"mozilla-chat-1.4.3-3.0.2")) flag++;
      if (rpm_check(release:"RHEL3", reference:"mozilla-devel-1.4.3-3.0.2")) flag++;
      if (rpm_check(release:"RHEL3", reference:"mozilla-dom-inspector-1.4.3-3.0.2")) flag++;
      if (rpm_check(release:"RHEL3", reference:"mozilla-js-debugger-1.4.3-3.0.2")) flag++;
      if (rpm_check(release:"RHEL3", reference:"mozilla-mail-1.4.3-3.0.2")) flag++;
      if (rpm_check(release:"RHEL3", reference:"mozilla-nspr-1.4.3-3.0.2")) flag++;
      if (rpm_check(release:"RHEL3", reference:"mozilla-nspr-devel-1.4.3-3.0.2")) flag++;
      if (rpm_check(release:"RHEL3", reference:"mozilla-nss-1.4.3-3.0.2")) flag++;
      if (rpm_check(release:"RHEL3", reference:"mozilla-nss-devel-1.4.3-3.0.2")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "galeon / mozilla / mozilla-chat / mozilla-devel / etc");
      }
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_MOZILLA_SOAP_172.NASL
    descriptionThe following package needs to be updated: firefox
    last seen2016-09-26
    modified2004-09-16
    plugin id14757
    published2004-09-16
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=14757
    titleFreeBSD : mozilla -- SOAPParameter integer overflow (117)
    code
    #%NASL_MIN_LEVEL 999999
    
    # @DEPRECATED@
    #
    # This script has been deprecated by freebsd_pkg_a4fd8f5305eb11d9b45d000c41e2cdad.nasl.
    #
    # Disabled on 2011/10/02.
    #
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # This script contains information extracted from VuXML :
    #
    # Copyright 2003-2006 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #   copyright notice, this list of conditions and the following
    #   disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #   published online in any format, converted to PDF, PostScript,
    #   RTF and other formats) must reproduce the above copyright
    #   notice, this list of conditions and the following disclaimer
    #   in the documentation and/or other materials provided with the
    #   distribution.
    #
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    #
    #
    
    include('compat.inc');
    
    if ( description )
    {
     script_id(14757);
     script_version("1.8");
     script_cve_id("CVE-2004-0722");
    
     script_name(english:"FreeBSD : mozilla -- SOAPParameter integer overflow (117)");
    
    script_set_attribute(attribute:'synopsis', value: 'The remote host is missing a security update');
    script_set_attribute(attribute:'description', value:'The following package needs to be updated: firefox');
    script_set_attribute(attribute: 'cvss_vector', value: 'CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C');
    script_set_attribute(attribute:'solution', value: 'Update the package on the remote host');
    script_set_attribute(attribute: 'see_also', value: 'http://bugzilla.mozilla.org/show_bug.cgi?id=236618
    http://coppermine-gallery.net/forum/index.php?topic=48106.0
    http://drupal.org/node/184315
    http://drupal.org/node/184316
    http://drupal.org/node/184320
    http://drupal.org/node/184348
    http://drupal.org/node/184354
    http://secunia.com/advisories/27292
    http://secunia.com/advisories/27292
    http://secunia.com/advisories/27407
    http://www.mozilla.org/security/announce/2006/mfsa2006-09.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-10.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-11.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-12.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-13.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-14.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-15.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-16.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-17.html');
    script_set_attribute(attribute:'see_also', value: 'http://www.FreeBSD.org/ports/portaudit/a4fd8f53-05eb-11d9-b45d-000c41e2cdad.html');
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2004/09/16");
     script_end_attributes();
     script_summary(english:"Check for firefox");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
     family["english"] = "FreeBSD Local Security Checks";
     script_family(english:family["english"]);
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/FreeBSD/pkg_info");
     exit(0);
    }
    
    # Deprecated.
    exit(0, "This plugin has been deprecated. Refer to plugin #36922 (freebsd_pkg_a4fd8f5305eb11d9b45d000c41e2cdad.nasl) instead.");
    
    global_var cvss_score;
    cvss_score=10;
    include('freebsd_package.inc');
    
    
    pkg_test(pkg:"firefox<0.9");
    
    pkg_test(pkg:"linux-mozilla<1.7");
    
    pkg_test(pkg:"linux-mozilla-devel<1.7");
    
    pkg_test(pkg:"mozilla-gtk1<1.7");
    
    pkg_test(pkg:"mozilla<1.7,2");
    
    pkg_test(pkg:"netscape7<7.2");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-082.NASL
    descriptionA number of security vulnerabilities in mozilla are addressed by this update for Mandrakelinux 10.0 users, including a fix for frame spoofing, a fixed popup XPInstall/security dialog bug, a fix for untrusted chrome calls, a fix for SSL certificate spoofing, a fix for stealing secure HTTP Auth passwords via DNS spoofing, a fix for insecure matching of cert names for non-FQDNs, a fix for focus redefinition from another domain, a fix for a SOAP parameter overflow, a fix for text drag on file entry, a fix for certificate DoS, and a fix for lock icon and cert spoofing. Additionally, mozilla for both Mandrakelinux 9.2 and 10.0 have been rebuilt to use the system libjpeg and libpng which addresses vulnerabilities discovered in libpng (ref: MDKSA-2004:079).
    last seen2020-06-01
    modified2020-06-02
    plugin id14331
    published2004-08-22
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14331
    titleMandrake Linux Security Advisory : mozilla (MDKSA-2004:082)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2004:082. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(14331);
      script_version ("1.20");
      script_cvs_date("Date: 2019/08/02 13:32:47");
    
      script_cve_id("CVE-2004-0597", "CVE-2004-0598", "CVE-2004-0599", "CVE-2004-0718", "CVE-2004-0722", "CVE-2004-0757", "CVE-2004-0758", "CVE-2004-0759", "CVE-2004-0760", "CVE-2004-0761", "CVE-2004-0762", "CVE-2004-0763", "CVE-2004-0764", "CVE-2004-0765", "CVE-2004-0779", "CVE-2004-1449", "CVE-2005-1937");
      script_xref(name:"MDKSA", value:"2004:082");
    
      script_name(english:"Mandrake Linux Security Advisory : mozilla (MDKSA-2004:082)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A number of security vulnerabilities in mozilla are addressed by this
    update for Mandrakelinux 10.0 users, including a fix for frame
    spoofing, a fixed popup XPInstall/security dialog bug, a fix for
    untrusted chrome calls, a fix for SSL certificate spoofing, a fix for
    stealing secure HTTP Auth passwords via DNS spoofing, a fix for
    insecure matching of cert names for non-FQDNs, a fix for focus
    redefinition from another domain, a fix for a SOAP parameter overflow,
    a fix for text drag on file entry, a fix for certificate DoS, and a
    fix for lock icon and cert spoofing.
    
    Additionally, mozilla for both Mandrakelinux 9.2 and 10.0 have been
    rebuilt to use the system libjpeg and libpng which addresses
    vulnerabilities discovered in libpng (ref: MDKSA-2004:079)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=149478"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugzilla.mozilla.org/show_bug.cgi?id=162020"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=206859"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=226278"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugzilla.mozilla.org/show_bug.cgi?id=229374"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugzilla.mozilla.org/show_bug.cgi?id=234058"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugzilla.mozilla.org/show_bug.cgi?id=236618"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=239580"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugzilla.mozilla.org/show_bug.cgi?id=240053"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugzilla.mozilla.org/show_bug.cgi?id=244965"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugzilla.mozilla.org/show_bug.cgi?id=246448"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugzilla.mozilla.org/show_bug.cgi?id=249004"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugzilla.mozilla.org/show_bug.cgi?id=253121"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=86028"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nspr4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nspr4-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nss3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nss3-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnspr4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnspr4-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnss3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnss3-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-enigmail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-enigmime");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-irc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-js-debugger");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-mail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-spellchecker");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/08/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64nspr4-1.6-12.1.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64nspr4-devel-1.6-12.1.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64nss3-1.6-12.1.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64nss3-devel-1.6-12.1.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libnspr4-1.6-12.1.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libnspr4-devel-1.6-12.1.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libnss3-1.6-12.1.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libnss3-devel-1.6-12.1.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"mozilla-1.6-12.1.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"mozilla-devel-1.6-12.1.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"mozilla-dom-inspector-1.6-12.1.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"mozilla-enigmail-1.6-12.1.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"mozilla-enigmime-1.6-12.1.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"mozilla-irc-1.6-12.1.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"mozilla-js-debugger-1.6-12.1.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"mozilla-mail-1.6-12.1.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"mozilla-spellchecker-1.6-12.1.100mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64nspr4-1.4-13.3.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64nspr4-devel-1.4-13.3.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64nss3-1.4-13.3.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64nss3-devel-1.4-13.3.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libnspr4-1.4-13.3.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libnspr4-devel-1.4-13.3.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libnss3-1.4-13.3.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libnss3-devel-1.4-13.3.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", reference:"mozilla-1.4-13.3.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", reference:"mozilla-devel-1.4-13.3.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", reference:"mozilla-dom-inspector-1.4-13.3.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", reference:"mozilla-enigmail-1.4-13.3.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", reference:"mozilla-enigmime-1.4-13.3.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", reference:"mozilla-irc-1.4-13.3.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", reference:"mozilla-js-debugger-1.4-13.3.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", reference:"mozilla-mail-1.4-13.3.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", reference:"mozilla-spellchecker-1.4-13.3.92mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_A4FD8F5305EB11D9B45D000C41E2CDAD.NASL
    descriptionzen-parse discovered and iDEFENSE reported an exploitable integer overflow in a scriptable Mozilla component `SOAPParameter
    last seen2020-06-01
    modified2020-06-02
    plugin id36922
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36922
    titleFreeBSD : mozilla -- SOAPParameter integer overflow (a4fd8f53-05eb-11d9-b45d-000c41e2cdad)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(36922);
      script_version("1.11");
      script_cvs_date("Date: 2019/08/02 13:32:36");
    
      script_cve_id("CVE-2004-0722");
    
      script_name(english:"FreeBSD : mozilla -- SOAPParameter integer overflow (a4fd8f53-05eb-11d9-b45d-000c41e2cdad)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "zen-parse discovered and iDEFENSE reported an exploitable integer
    overflow in a scriptable Mozilla component `SOAPParameter' :
    
    Improper input validation to the SOAPParameter object constructor in
    Netscape and Mozilla allows execution of arbitrary code. The
    SOAPParameter object's constructor contains an integer overflow which
    allows controllable heap corruption. A web page can be constructed to
    leverage this into remote execution of arbitrary code."
      );
      # http://bugzilla.mozilla.org/show_bug.cgi?id=236618
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.mozilla.org/show_bug.cgi?id=236618"
      );
      # https://vuxml.freebsd.org/freebsd/a4fd8f53-05eb-11d9-b45d-000c41e2cdad.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e05d14ae"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-mozilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-mozilla-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mozilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mozilla-gtk1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:netscape7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/08/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2004/09/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"firefox<0.9")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-mozilla<1.7")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-mozilla-devel<1.7")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"mozilla-gtk1<1.7")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"mozilla<1.7,2")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"netscape7<7.2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2004-223-01.NASL
    descriptionNew Mozilla packages are available for Slackware 9.1, 10.0, and -current to fix a number of security issues. Slackware 10.0 and -current were upgraded to Mozilla 1.7.2, and Slackware 9.1 was upgraded to Mozilla 1.4.3. As usual, new versions of Mozilla require new versions of things that link with the Mozilla libraries, so for Slackware 10.0 and -current new versions of epiphany, galeon, gaim, and mozilla-plugins have also been provided. There don
    last seen2020-06-01
    modified2020-06-02
    plugin id18794
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18794
    titleSlackware 10.0 / 9.1 / current : Mozilla (SSA:2004-223-01)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2004-223-01. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(18794);
      script_version("1.17");
      script_cvs_date("Date: 2019/10/25 13:36:20");
    
      script_cve_id("CVE-2004-0597", "CVE-2004-0598", "CVE-2004-0599", "CVE-2004-0718", "CVE-2004-0722", "CVE-2004-0757", "CVE-2004-0758", "CVE-2004-0759", "CVE-2004-0760", "CVE-2004-0761", "CVE-2004-0762", "CVE-2004-0763", "CVE-2004-0764", "CVE-2004-0765");
      script_xref(name:"SSA", value:"2004-223-01");
    
      script_name(english:"Slackware 10.0 / 9.1 / current : Mozilla (SSA:2004-223-01)");
      script_summary(english:"Checks for updated packages in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New Mozilla packages are available for Slackware 9.1, 10.0, and
    -current to fix a number of security issues. Slackware 10.0 and
    -current were upgraded to Mozilla 1.7.2, and Slackware 9.1 was
    upgraded to Mozilla 1.4.3. As usual, new versions of Mozilla require
    new versions of things that link with the Mozilla libraries, so for
    Slackware 10.0 and -current new versions of epiphany, galeon, gaim,
    and mozilla-plugins have also been provided. There don't appear to be
    epiphany and galeon versions that are compatible with Mozilla 1.4.3
    and the GNOME in Slackware 9.1, so these are not provided and Epiphany
    and Galeon will be broken on Slackware 9.1 if the new Mozilla package
    is installed. Furthermore, earlier versions of Mozilla (such as the
    1.3 series) were not fixed upstream, so versions of Slackware earlier
    than 9.1 will remain vulnerable to these browser issues. If you still
    use Slackware 9.0 or earlier, you may want to consider removing
    Mozilla or upgrading to a newer version."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.667659
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?38dd43e4"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:epiphany");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:gaim");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:galeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:mozilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:mozilla-plugins");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/07/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2004/08/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"9.1", pkgname:"mozilla", pkgver:"1.4.3", pkgarch:"i486", pkgnum:"1")) flag++;
    if (slackware_check(osver:"9.1", pkgname:"mozilla-plugins", pkgver:"1.4.3", pkgarch:"noarch", pkgnum:"1")) flag++;
    
    if (slackware_check(osver:"10.0", pkgname:"epiphany", pkgver:"1.2.7", pkgarch:"i486", pkgnum:"1")) flag++;
    if (slackware_check(osver:"10.0", pkgname:"gaim", pkgver:"0.81", pkgarch:"i486", pkgnum:"1")) flag++;
    if (slackware_check(osver:"10.0", pkgname:"galeon", pkgver:"1.3.17", pkgarch:"i486", pkgnum:"1")) flag++;
    if (slackware_check(osver:"10.0", pkgname:"mozilla", pkgver:"1.7.2", pkgarch:"i486", pkgnum:"1")) flag++;
    if (slackware_check(osver:"10.0", pkgname:"mozilla-plugins", pkgver:"1.7.2", pkgarch:"noarch", pkgnum:"1")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"epiphany", pkgver:"1.2.7", pkgarch:"i486", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", pkgname:"gaim", pkgver:"0.81", pkgarch:"i486", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", pkgname:"galeon", pkgver:"1.3.17", pkgarch:"i486", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", pkgname:"mozilla", pkgver:"1.7.2", pkgarch:"i486", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", pkgname:"mozilla-plugins", pkgver:"1.7.2", pkgarch:"noarch", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyWindows
    NASL idMOZILLA_SOAPPARAMETER_OVERFLOW.NASL
    descriptionThe Mozilla web browser is installed on the remote host. The remote version of this software has an integer overflow vulnerability in the SOAPParameter object constructor. This could result in arbitrary code execution. A remote attacker could exploit this flaw by tricking a user into viewing a maliciously crafted web page.
    last seen2020-06-01
    modified2020-06-02
    plugin id14192
    published2004-08-02
    reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14192
    titleMozilla SOAPParameter Object Constructor Overlow
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    
    if(description)
    {
     script_id(14192);
     script_version("1.20");
    
     script_cve_id("CVE-2004-0722");
     script_bugtraq_id(10843);
    
     script_name(english:"Mozilla SOAPParameter Object Constructor Overlow");
     script_summary(english:"Determines the version of Mozilla");
     
     script_set_attribute( attribute:"synopsis", value:
    "The remote Windows host contains a web browser that is affected by
    an integer overflow vulnerability." );
     script_set_attribute( attribute:"description",  value:
    "The Mozilla web browser is installed on the remote host.
    
    The remote version of this software has an integer overflow
    vulnerability in the SOAPParameter object constructor. This could
    result in arbitrary code execution.
    
    A remote attacker could exploit this flaw by tricking a user into
    viewing a maliciously crafted web page." );
     script_set_attribute(
       attribute:"solution", 
       value:"Upgrade to Mozilla 1.7.1 or later."
     );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"true");
     script_set_attribute(attribute:"plugin_publication_date", value: "2004/08/02");
     script_set_attribute(attribute:"vuln_publication_date", value: "2004/08/02");
     script_set_attribute(attribute:"patch_publication_date", value: "2004/08/02");
     script_cvs_date("Date: 2018/07/16 14:09:15");
     script_set_attribute(attribute:"plugin_type", value:"local");
     script_set_attribute(attribute:"cpe",value:"cpe:/a:mozilla:mozilla");
     script_end_attributes();
    
     script_category(ACT_GATHER_INFO);
     script_family(english:"Windows");
     script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
     script_dependencies("mozilla_org_installed.nasl");
     script_require_keys("Mozilla/Version");
     exit(0);
    }
    
    include("mozilla_version.inc");
    port = get_kb_item_or_exit("SMB/transport");
    
    installs = get_kb_list("SMB/Mozilla/Firefox/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, 'Firefox');
    
    mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'1.7.1', severity:SECURITY_HOLE);
    

Oval

  • accepted2005-03-09T07:56:00.000-04:00
    classvulnerability
    contributors
    nameBrian Soby
    organizationThe MITRE Corporation
    descriptionInteger overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.
    familyunix
    idoval:org.mitre.oval:def:4629
    statusaccepted
    submitted2005-01-19T12:00:00.000-04:00
    titleMozilla, Netscape SOAPParameter Integer Overflow
    version35
  • accepted2013-04-29T04:19:03.190-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    descriptionInteger overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.
    familyunix
    idoval:org.mitre.oval:def:9378
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleInteger overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.
    version26

Redhat

advisories
rhsa
idRHSA-2004:421