Vulnerabilities > CVE-2004-0760 - Multiple vulnerability Fixed in SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released -
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Mozilla Browser 0.9/1.x Cache File Multiple Vulnerabilities. CVE-2004-0760 . Remote exploit for windows platform |
id | EDB-ID:24276 |
last seen | 2016-02-02 |
modified | 2004-07-13 |
published | 2004-07-13 |
reporter | Mind Warper |
source | https://www.exploit-db.com/download/24276/ |
title | Mozilla Browser 0.9/1.x Cache File Multiple Vulnerabilities |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-421.NASL description Updated mozilla packages based on version 1.4.3 that fix a number of security issues for Red Hat Enterprise Linux are now available. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A number of flaws have been found in Mozilla 1.4 that have been fixed in the Mozilla 1.4.3 release : Zen Parse reported improper input validation to the SOAPParameter object constructor leading to an integer overflow and controllable heap corruption. Malicious JavaScript could be written to utilize this flaw and could allow arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0722 to this issue. During a source code audit, Chris Evans discovered a buffer overflow and integer overflows which affect the libpng code inside Mozilla. An attacker could create a carefully crafted PNG file in such a way that it would cause Mozilla to crash or execute arbitrary code when the image was viewed. (CVE-2004-0597, CVE-2004-0599) Zen Parse reported a flaw in the POP3 capability. A malicious POP3 server could send a carefully crafted response that would cause a heap overflow and potentially allow execution of arbitrary code as the user running Mozilla. (CVE-2004-0757) Marcel Boesch found a flaw that allows a CA certificate to be imported with a DN the same as that of the built-in CA root certificates, which can cause a denial of service to SSL pages, as the malicious certificate is treated as invalid. (CVE-2004-0758) Met - Martin Hassman reported a flaw in Mozilla that could allow malicious JavaScript code to upload local files from a users machine without requiring confirmation. (CVE-2004-0759) Mindlock Security reported a flaw in ftp URI handling. By using a NULL character (%00) in a ftp URI, Mozilla can be confused into opening a resource as a different MIME type. (CVE-2004-0760) Mozilla does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates website spoofing and other attacks, also known as the frame injection vulnerability. (CVE-2004-0718) Tolga Tarhan reported a flaw that can allow a malicious webpage to use a redirect sequence to spoof the security lock icon that makes a webpage appear to be encrypted. (CVE-2004-0761) Jesse Ruderman reported a security issue that affects a number of browsers including Mozilla that could allow malicious websites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box. (CVE-2004-0762) Emmanouel Kellinis discovered a caching flaw in Mozilla which allows malicious websites to spoof certificates of trusted websites via redirects and JavaScript that uses the last seen 2020-06-01 modified 2020-06-02 plugin id 14214 published 2004-08-05 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14214 title RHEL 2.1 / 3 : mozilla (RHSA-2004:421) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2004:421. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(14214); script_version ("1.35"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2004-0597", "CVE-2004-0599", "CVE-2004-0718", "CVE-2004-0722", "CVE-2004-0757", "CVE-2004-0758", "CVE-2004-0759", "CVE-2004-0760", "CVE-2004-0761", "CVE-2004-0762", "CVE-2004-0763", "CVE-2004-0764", "CVE-2004-0765"); script_xref(name:"RHSA", value:"2004:421"); script_name(english:"RHEL 2.1 / 3 : mozilla (RHSA-2004:421)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated mozilla packages based on version 1.4.3 that fix a number of security issues for Red Hat Enterprise Linux are now available. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A number of flaws have been found in Mozilla 1.4 that have been fixed in the Mozilla 1.4.3 release : Zen Parse reported improper input validation to the SOAPParameter object constructor leading to an integer overflow and controllable heap corruption. Malicious JavaScript could be written to utilize this flaw and could allow arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0722 to this issue. During a source code audit, Chris Evans discovered a buffer overflow and integer overflows which affect the libpng code inside Mozilla. An attacker could create a carefully crafted PNG file in such a way that it would cause Mozilla to crash or execute arbitrary code when the image was viewed. (CVE-2004-0597, CVE-2004-0599) Zen Parse reported a flaw in the POP3 capability. A malicious POP3 server could send a carefully crafted response that would cause a heap overflow and potentially allow execution of arbitrary code as the user running Mozilla. (CVE-2004-0757) Marcel Boesch found a flaw that allows a CA certificate to be imported with a DN the same as that of the built-in CA root certificates, which can cause a denial of service to SSL pages, as the malicious certificate is treated as invalid. (CVE-2004-0758) Met - Martin Hassman reported a flaw in Mozilla that could allow malicious JavaScript code to upload local files from a users machine without requiring confirmation. (CVE-2004-0759) Mindlock Security reported a flaw in ftp URI handling. By using a NULL character (%00) in a ftp URI, Mozilla can be confused into opening a resource as a different MIME type. (CVE-2004-0760) Mozilla does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates website spoofing and other attacks, also known as the frame injection vulnerability. (CVE-2004-0718) Tolga Tarhan reported a flaw that can allow a malicious webpage to use a redirect sequence to spoof the security lock icon that makes a webpage appear to be encrypted. (CVE-2004-0761) Jesse Ruderman reported a security issue that affects a number of browsers including Mozilla that could allow malicious websites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box. (CVE-2004-0762) Emmanouel Kellinis discovered a caching flaw in Mozilla which allows malicious websites to spoof certificates of trusted websites via redirects and JavaScript that uses the 'onunload' method. (CVE-2004-0763) Mozilla allowed malicious websites to hijack the user interface via the 'chrome' flag and XML User Interface Language (XUL) files. (CVE-2004-0764) The cert_TestHostName function in Mozilla only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN). This flaw could be used for spoofing if an attacker had control of machines on a default DNS search path. (CVE-2004-0765) All users are advised to update to these erratum packages which contain a snapshot of Mozilla 1.4.3 including backported fixes and are not vulnerable to these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0597" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0599" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0718" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0722" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0757" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0758" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0759" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0760" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0761" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0762" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0763" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0764" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0765" ); # http://bugzilla.mozilla.org/show_bug.cgi?id=236618 script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=236618" ); # http://bugzilla.mozilla.org/show_bug.cgi?id=251381 script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=251381" ); # http://bugzilla.mozilla.org/show_bug.cgi?id=229374 script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=229374" ); # http://bugzilla.mozilla.org/show_bug.cgi?id=249004 script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=249004" ); # http://bugzilla.mozilla.org/show_bug.cgi?id=241924 script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=241924" ); # http://bugzilla.mozilla.org/show_bug.cgi?id=250906 script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=250906" ); # http://bugzilla.mozilla.org/show_bug.cgi?id=246448 script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=246448" ); # http://bugzilla.mozilla.org/show_bug.cgi?id=240053 script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=240053" ); # http://bugzilla.mozilla.org/show_bug.cgi?id=162020 script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=162020" ); # http://bugzilla.mozilla.org/show_bug.cgi?id=253121 script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=253121" ); # http://bugzilla.mozilla.org/show_bug.cgi?id=244965 script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=244965" ); # http://bugzilla.mozilla.org/show_bug.cgi?id=234058 script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=234058" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2004:421" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:galeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-chat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-js-debugger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-mail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nss-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/07/27"); script_set_attribute(attribute:"patch_publication_date", value:"2004/08/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2004:421"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"galeon-1.2.13-3.2.1")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-1.4.3-2.1.2")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-chat-1.4.3-2.1.2")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-devel-1.4.3-2.1.2")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-dom-inspector-1.4.3-2.1.2")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-js-debugger-1.4.3-2.1.2")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-mail-1.4.3-2.1.2")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nspr-1.4.3-2.1.2")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nspr-devel-1.4.3-2.1.2")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nss-1.4.3-2.1.2")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nss-devel-1.4.3-2.1.2")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-1.4.3-3.0.2")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-chat-1.4.3-3.0.2")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-devel-1.4.3-3.0.2")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-dom-inspector-1.4.3-3.0.2")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-js-debugger-1.4.3-3.0.2")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-mail-1.4.3-3.0.2")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-nspr-1.4.3-3.0.2")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-nspr-devel-1.4.3-3.0.2")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-nss-1.4.3-3.0.2")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-nss-devel-1.4.3-3.0.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "galeon / mozilla / mozilla-chat / mozilla-devel / etc"); } }
NASL family Windows NASL id MOZILLA_FIREFOX_CACHE_FILE.NASL description The installed version of Firefox is earlier than 0.9.3. Such versions may allow arbitrary code execution. The security vulnerability is due to the fact that Firefox stores cached HTML documents with a known file name, and to the fact that it last seen 2020-06-01 modified 2020-06-02 plugin id 14197 published 2004-08-03 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14197 title Firefox < 0.9.3 Null Character MIME Type Spoofing Arbitrary Code Execution code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(14197); script_version("1.21"); script_cve_id("CVE-2004-0760"); script_bugtraq_id(10709); script_name(english:"Firefox < 0.9.3 Null Character MIME Type Spoofing Arbitrary Code Execution"); script_summary(english:"Determines the version of Firefox"); script_set_attribute( attribute:"synopsis", value: "The remote Windows host contains a web browser that has a code execution vulnerability." ); script_set_attribute( attribute:"description", value: "The installed version of Firefox is earlier than 0.9.3. Such versions may allow arbitrary code execution. The security vulnerability is due to the fact that Firefox stores cached HTML documents with a known file name, and to the fact that it's possible to force Firefox to open cached files as HTML documents by appending a NULL byte after the file name. A remote attacker may combine these two flaws to execute arbitrary code on the remote host." ); script_set_attribute( attribute:"solution", value:"Upgrade to Firefox 0.9.3 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/08/03"); script_set_attribute(attribute:"vuln_publication_date", value: "2004/08/03"); script_set_attribute(attribute:"patch_publication_date", value: "2004/08/04"); script_cvs_date("Date: 2018/07/16 14:09:15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_family(english:"Windows"); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Firefox/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item_or_exit("SMB/transport"); installs = get_kb_list("SMB/Mozilla/Firefox/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, 'Firefox'); mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'0.9.2', severity:SECURITY_HOLE);
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-082.NASL description A number of security vulnerabilities in mozilla are addressed by this update for Mandrakelinux 10.0 users, including a fix for frame spoofing, a fixed popup XPInstall/security dialog bug, a fix for untrusted chrome calls, a fix for SSL certificate spoofing, a fix for stealing secure HTTP Auth passwords via DNS spoofing, a fix for insecure matching of cert names for non-FQDNs, a fix for focus redefinition from another domain, a fix for a SOAP parameter overflow, a fix for text drag on file entry, a fix for certificate DoS, and a fix for lock icon and cert spoofing. Additionally, mozilla for both Mandrakelinux 9.2 and 10.0 have been rebuilt to use the system libjpeg and libpng which addresses vulnerabilities discovered in libpng (ref: MDKSA-2004:079). last seen 2020-06-01 modified 2020-06-02 plugin id 14331 published 2004-08-22 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14331 title Mandrake Linux Security Advisory : mozilla (MDKSA-2004:082) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2004:082. # The text itself is copyright (C) Mandriva S.A. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(14331); script_version ("1.20"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2004-0597", "CVE-2004-0598", "CVE-2004-0599", "CVE-2004-0718", "CVE-2004-0722", "CVE-2004-0757", "CVE-2004-0758", "CVE-2004-0759", "CVE-2004-0760", "CVE-2004-0761", "CVE-2004-0762", "CVE-2004-0763", "CVE-2004-0764", "CVE-2004-0765", "CVE-2004-0779", "CVE-2004-1449", "CVE-2005-1937"); script_xref(name:"MDKSA", value:"2004:082"); script_name(english:"Mandrake Linux Security Advisory : mozilla (MDKSA-2004:082)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A number of security vulnerabilities in mozilla are addressed by this update for Mandrakelinux 10.0 users, including a fix for frame spoofing, a fixed popup XPInstall/security dialog bug, a fix for untrusted chrome calls, a fix for SSL certificate spoofing, a fix for stealing secure HTTP Auth passwords via DNS spoofing, a fix for insecure matching of cert names for non-FQDNs, a fix for focus redefinition from another domain, a fix for a SOAP parameter overflow, a fix for text drag on file entry, a fix for certificate DoS, and a fix for lock icon and cert spoofing. Additionally, mozilla for both Mandrakelinux 9.2 and 10.0 have been rebuilt to use the system libjpeg and libpng which addresses vulnerabilities discovered in libpng (ref: MDKSA-2004:079)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=149478" ); script_set_attribute( attribute:"see_also", value:"http://bugzilla.mozilla.org/show_bug.cgi?id=162020" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=206859" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=226278" ); script_set_attribute( attribute:"see_also", value:"http://bugzilla.mozilla.org/show_bug.cgi?id=229374" ); script_set_attribute( attribute:"see_also", value:"http://bugzilla.mozilla.org/show_bug.cgi?id=234058" ); script_set_attribute( attribute:"see_also", value:"http://bugzilla.mozilla.org/show_bug.cgi?id=236618" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=239580" ); script_set_attribute( attribute:"see_also", value:"http://bugzilla.mozilla.org/show_bug.cgi?id=240053" ); script_set_attribute( attribute:"see_also", value:"http://bugzilla.mozilla.org/show_bug.cgi?id=244965" ); script_set_attribute( attribute:"see_also", value:"http://bugzilla.mozilla.org/show_bug.cgi?id=246448" ); script_set_attribute( attribute:"see_also", value:"http://bugzilla.mozilla.org/show_bug.cgi?id=249004" ); script_set_attribute( attribute:"see_also", value:"http://bugzilla.mozilla.org/show_bug.cgi?id=253121" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=86028" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nspr4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nspr4-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nss3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nss3-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnspr4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnspr4-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnss3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnss3-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-enigmail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-enigmime"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-irc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-js-debugger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-mail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-spellchecker"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2"); script_set_attribute(attribute:"patch_publication_date", value:"2004/08/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64nspr4-1.6-12.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64nspr4-devel-1.6-12.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64nss3-1.6-12.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64nss3-devel-1.6-12.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libnspr4-1.6-12.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libnspr4-devel-1.6-12.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libnss3-1.6-12.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libnss3-devel-1.6-12.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"mozilla-1.6-12.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"mozilla-devel-1.6-12.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"mozilla-dom-inspector-1.6-12.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"mozilla-enigmail-1.6-12.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"mozilla-enigmime-1.6-12.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"mozilla-irc-1.6-12.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"mozilla-js-debugger-1.6-12.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"mozilla-mail-1.6-12.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"mozilla-spellchecker-1.6-12.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64nspr4-1.4-13.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64nspr4-devel-1.4-13.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64nss3-1.4-13.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64nss3-devel-1.4-13.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libnspr4-1.4-13.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libnspr4-devel-1.4-13.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libnss3-1.4-13.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libnss3-devel-1.4-13.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"mozilla-1.4-13.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"mozilla-devel-1.4-13.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"mozilla-dom-inspector-1.4-13.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"mozilla-enigmail-1.4-13.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"mozilla-enigmime-1.4-13.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"mozilla-irc-1.4-13.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"mozilla-js-debugger-1.4-13.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"mozilla-mail-1.4-13.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"mozilla-spellchecker-1.4-13.3.92mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2004-223-01.NASL description New Mozilla packages are available for Slackware 9.1, 10.0, and -current to fix a number of security issues. Slackware 10.0 and -current were upgraded to Mozilla 1.7.2, and Slackware 9.1 was upgraded to Mozilla 1.4.3. As usual, new versions of Mozilla require new versions of things that link with the Mozilla libraries, so for Slackware 10.0 and -current new versions of epiphany, galeon, gaim, and mozilla-plugins have also been provided. There don last seen 2020-06-01 modified 2020-06-02 plugin id 18794 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18794 title Slackware 10.0 / 9.1 / current : Mozilla (SSA:2004-223-01) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2004-223-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(18794); script_version("1.17"); script_cvs_date("Date: 2019/10/25 13:36:20"); script_cve_id("CVE-2004-0597", "CVE-2004-0598", "CVE-2004-0599", "CVE-2004-0718", "CVE-2004-0722", "CVE-2004-0757", "CVE-2004-0758", "CVE-2004-0759", "CVE-2004-0760", "CVE-2004-0761", "CVE-2004-0762", "CVE-2004-0763", "CVE-2004-0764", "CVE-2004-0765"); script_xref(name:"SSA", value:"2004-223-01"); script_name(english:"Slackware 10.0 / 9.1 / current : Mozilla (SSA:2004-223-01)"); script_summary(english:"Checks for updated packages in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New Mozilla packages are available for Slackware 9.1, 10.0, and -current to fix a number of security issues. Slackware 10.0 and -current were upgraded to Mozilla 1.7.2, and Slackware 9.1 was upgraded to Mozilla 1.4.3. As usual, new versions of Mozilla require new versions of things that link with the Mozilla libraries, so for Slackware 10.0 and -current new versions of epiphany, galeon, gaim, and mozilla-plugins have also been provided. There don't appear to be epiphany and galeon versions that are compatible with Mozilla 1.4.3 and the GNOME in Slackware 9.1, so these are not provided and Epiphany and Galeon will be broken on Slackware 9.1 if the new Mozilla package is installed. Furthermore, earlier versions of Mozilla (such as the 1.3 series) were not fixed upstream, so versions of Slackware earlier than 9.1 will remain vulnerable to these browser issues. If you still use Slackware 9.0 or earlier, you may want to consider removing Mozilla or upgrading to a newer version." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.667659 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?38dd43e4" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:epiphany"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:gaim"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:galeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:mozilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:mozilla-plugins"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/07/27"); script_set_attribute(attribute:"patch_publication_date", value:"2004/08/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"9.1", pkgname:"mozilla", pkgver:"1.4.3", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"9.1", pkgname:"mozilla-plugins", pkgver:"1.4.3", pkgarch:"noarch", pkgnum:"1")) flag++; if (slackware_check(osver:"10.0", pkgname:"epiphany", pkgver:"1.2.7", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"10.0", pkgname:"gaim", pkgver:"0.81", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"10.0", pkgname:"galeon", pkgver:"1.3.17", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"10.0", pkgname:"mozilla", pkgver:"1.7.2", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"10.0", pkgname:"mozilla-plugins", pkgver:"1.7.2", pkgarch:"noarch", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"epiphany", pkgver:"1.2.7", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"gaim", pkgver:"0.81", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"galeon", pkgver:"1.3.17", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"mozilla", pkgver:"1.7.2", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"mozilla-plugins", pkgver:"1.7.2", pkgarch:"noarch", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_7C188C550CB011D98A8A000C41E2CDAD.NASL description When handling FTP URLs containing NULL bytes, Mozilla will interpret the file content as HTML. This may allow unexpected execution of JavaScript when viewing plain text or other file types via FTP. last seen 2020-06-01 modified 2020-06-02 plugin id 18996 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18996 title FreeBSD : mozilla -- NULL bytes in FTP URLs (7c188c55-0cb0-11d9-8a8a-000c41e2cdad) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(18996); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:36"); script_cve_id("CVE-2004-0760"); script_name(english:"FreeBSD : mozilla -- NULL bytes in FTP URLs (7c188c55-0cb0-11d9-8a8a-000c41e2cdad)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "When handling FTP URLs containing NULL bytes, Mozilla will interpret the file content as HTML. This may allow unexpected execution of JavaScript when viewing plain text or other file types via FTP." ); # http://bugzilla.mozilla.org/show_bug.cgi?id=250906 script_set_attribute( attribute:"see_also", value:"https://bugzilla.mozilla.org/show_bug.cgi?id=250906" ); # https://vuxml.freebsd.org/freebsd/7c188c55-0cb0-11d9-8a8a-000c41e2cdad.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e5d452cb" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-mozilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-mozilla-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mozilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mozilla-gtk1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/07/11"); script_set_attribute(attribute:"patch_publication_date", value:"2004/09/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"firefox<0.9.3")) flag++; if (pkg_test(save_report:TRUE, pkg:"linux-mozilla<1.7.2")) flag++; if (pkg_test(save_report:TRUE, pkg:"linux-mozilla-devel<1.7.2")) flag++; if (pkg_test(save_report:TRUE, pkg:"mozilla<1.7.2,2")) flag++; if (pkg_test(save_report:TRUE, pkg:"mozilla>=1.8.a,2")) flag++; if (pkg_test(save_report:TRUE, pkg:"mozilla-gtk1<1.7.2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Oval
accepted 2013-04-29T04:11:25.159-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651
description Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI. family unix id oval:org.mitre.oval:def:11090 status accepted submitted 2010-07-09T03:56:16-04:00 title Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI. version 26 accepted 2005-03-09T07:56:00.000-04:00 class vulnerability contributors name Brian Soby organization The MITRE Corporation description Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI. family unix id oval:org.mitre.oval:def:1227 status accepted submitted 2005-01-19T12:00:00.000-04:00 title Mozilla FTP URI MIME Type Exploit Vulnerability version 34
Redhat
advisories |
|
References
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
- http://bugzilla.mozilla.org/show_bug.cgi?id=250906
- http://marc.info/?l=bugtraq&m=109900315219363&w=2
- http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
- http://www.redhat.com/support/errata/RHSA-2004-421.html
- http://www.securityfocus.com/bid/15495
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16691
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11090
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1227