Vulnerabilities > CVE-2004-0906 - Unspecified vulnerability in Mozilla and Thunderbird

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

mozilla

nessus

NVD

Published: 2004-12-31

Updated: 2017-10-11

Summary

The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.

Vulnerable Configurations

Part	Description	Count
Application	Mozilla Mozilla Mozilla 0.8 Mozilla Mozilla 0.9.2 Mozilla Mozilla 0.9.2.1 Mozilla Mozilla 0.9.3 Mozilla Mozilla 0.9.4 Mozilla Mozilla 0.9.4.1 Mozilla Mozilla 0.9.5 Mozilla Mozilla 0.9.6 Mozilla Mozilla 0.9.7 Mozilla Mozilla 0.9.8 Mozilla Mozilla 0.9.9 Mozilla Mozilla 0.9.35 Mozilla Mozilla 0.9.48 Mozilla Mozilla 1.0 Mozilla Mozilla 1.0.1 Mozilla Mozilla 1.0.2 Mozilla Mozilla 1.1 Mozilla Mozilla 1.2 Mozilla Mozilla 1.2.1 Mozilla Mozilla 1.3 Mozilla Mozilla 1.3.1 Mozilla Mozilla 1.4 Mozilla Mozilla 1.4.1 Mozilla Mozilla 1.4.2 Mozilla Mozilla 1.4.4 Mozilla Mozilla 1.5 Mozilla Mozilla 1.5.1 Mozilla Mozilla 1.6 Mozilla Mozilla 1.7 Mozilla Mozilla 1.7.1 Mozilla Mozilla 1.7.2 Mozilla Thunderbird 0.1 Mozilla Thunderbird 0.2 Mozilla Thunderbird 0.3 Mozilla Thunderbird 0.4 Mozilla Thunderbird 0.5 Mozilla Thunderbird 0.6 Mozilla Thunderbird 0.7 Mozilla Thunderbird 0.7.1 Mozilla Thunderbird 0.7.2 Mozilla Thunderbird 0.7.3	54

Nessus

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2005-323.NASL
description	Updated mozilla packages that fix various bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A buffer overflow bug was found in the way Mozilla processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0399 to this issue. A bug was found in the way Mozilla displays dialog windows. It is possible that a malicious web page which is being displayed in a background tab could present the user with a dialog window appearing to come from the active page. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1380 to this issue. A bug was found in the way Mozilla allowed plug-ins to load privileged content into a frame. It is possible that a malicious webpage could trick a user into clicking in certain places to modify configuration settings or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0232 to this issue. A bug was found in the way Mozilla Mail handles cookies when loading content over HTTP regardless of the user
last seen	2020-06-01
modified	2020-06-02
plugin id	17624
published	2005-03-25
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/17624
title	RHEL 2.1 / 3 : mozilla (RHSA-2005:323)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:323. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(17624); script_version ("1.23"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2004-0906", "CVE-2004-1380", "CVE-2004-1613", "CVE-2005-0141", "CVE-2005-0144", "CVE-2005-0147", "CVE-2005-0149", "CVE-2005-0232", "CVE-2005-0399"); script_xref(name:"RHSA", value:"2005:323"); script_name(english:"RHEL 2.1 / 3 : mozilla (RHSA-2005:323)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated mozilla packages that fix various bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A buffer overflow bug was found in the way Mozilla processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0399 to this issue. A bug was found in the way Mozilla displays dialog windows. It is possible that a malicious web page which is being displayed in a background tab could present the user with a dialog window appearing to come from the active page. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1380 to this issue. A bug was found in the way Mozilla allowed plug-ins to load privileged content into a frame. It is possible that a malicious webpage could trick a user into clicking in certain places to modify configuration settings or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0232 to this issue. A bug was found in the way Mozilla Mail handles cookies when loading content over HTTP regardless of the user's preference. It is possible that a particular user could be tracked through the use of malicious mail messages which load content over HTTP. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0149 to this issue. A bug was found in the way Mozilla responds to proxy auth requests. It is possible for a malicious webserver to steal credentials from a victims browser by issuing a 407 proxy authentication request. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0147 to this issue. A bug was found in the way Mozilla handles certain start tags followed by a NULL character. A malicious web page could cause Mozilla to crash when viewed by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1613 to this issue. A bug was found in the way Mozilla sets file permissions when installing XPI packages. It is possible for an XPI package to install some files world readable or writable, allowing a malicious local user to steal information or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0906 to this issue. A bug was found in the way Mozilla loads links in a new tab which are middle clicked. A malicious web page could read local files or modify privileged chrom settings. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0141 to this issue. A bug was found in the way Mozilla displays the secure site icon. A malicious web page can use a view-source URL targetted at a secure page, while loading an insecure page, yet the secure site icon shows the previous secure state. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0144 to this issue. Users of Mozilla are advised to upgrade to this updated package which contains Mozilla version 1.4.4 and additional backported patches to correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0906" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-1380" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-1613" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0141" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0144" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0147" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0149" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0232" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0399" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:323" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:galeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-chat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-js-debugger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-mail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nss-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/10/18"); script_set_attribute(attribute:"patch_publication_date", value:"2005/03/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(2\.1\|3)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:323"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"galeon-1.2.13-6.2.1")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-1.4.4-1.2.3")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-chat-1.4.4-1.2.3")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-devel-1.4.4-1.2.3")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-dom-inspector-1.4.4-1.2.3")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-js-debugger-1.4.4-1.2.3")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-mail-1.4.4-1.2.3")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nspr-1.4.4-1.2.3")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nspr-devel-1.4.4-1.2.3")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nss-1.4.4-1.2.3")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nss-devel-1.4.4-1.2.3")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-1.4.4-1.3.5")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-chat-1.4.4-1.3.5")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-devel-1.4.4-1.3.5")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-dom-inspector-1.4.4-1.3.5")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-js-debugger-1.4.4-1.3.5")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-mail-1.4.4-1.3.5")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-nspr-1.4.4-1.3.5")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-nspr-devel-1.4.4-1.3.5")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-nss-1.4.4-1.3.5")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-nss-devel-1.4.4-1.3.5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "galeon / mozilla / mozilla-chat / mozilla-devel / etc"); } }

NASL family	Windows
NASL id	MOZILLA_MULTIPLE_FLAWS.NASL
description	The remote host is using Mozilla and/or Firefox, a web browser. The remote version of this software is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host, get access to content of the user clipboard or, perform a cross-domain cross-site scripting attack. A remote attacker could exploit these issues by tricking a user into viewing a malicious web page.
last seen	2020-06-01
modified	2020-06-02
plugin id	14728
published	2004-09-15
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14728
title	Mozilla Browsers Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(14728); script_version("1.24"); script_cve_id( "CVE-2004-0904", "CVE-2004-0905", "CVE-2004-0906", "CVE-2004-0908" ); script_bugtraq_id( 11194, 11192, 11169, 11171, 11177, 11179 ); script_name(english:"Mozilla Browsers Multiple Vulnerabilities"); script_summary(english:"Determines the version of Mozilla"); script_set_attribute( attribute:"synopsis", value: "The remote Windows host contains a web browser that is affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "The remote host is using Mozilla and/or Firefox, a web browser. The remote version of this software is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host, get access to content of the user clipboard or, perform a cross-domain cross-site scripting attack. A remote attacker could exploit these issues by tricking a user into viewing a malicious web page." ); script_set_attribute( attribute:"solution", value:"Upgrade to Mozilla 1.7.3 / Firefox 0.10.0 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/09/15"); script_set_attribute(attribute:"vuln_publication_date", value: "2004/08/31"); script_set_attribute(attribute:"patch_publication_date", value: "2004/09/14"); script_cvs_date("Date: 2018/07/16 14:09:15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe",value:"cpe:/a:mozilla:mozilla"); script_set_attribute(attribute:"cpe",value:"cpe:/a:mozilla:firefox"); script_set_attribute(attribute:"cpe",value:"cpe:/a:mozilla:thunderbird"); script_set_attribute(attribute:"cpe",value:"cpe:/a:netscape:navigator"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_dependencies("mozilla_org_installed.nasl"); if ( NASL_LEVEL >= 3206 ) script_require_ports("Mozilla/Version", "Mozilla/Firefox/Version"); exit(0); } # include("misc_func.inc"); ver = read_version_in_kb("Mozilla/Version"); if (!isnull(ver)) { if ( ver[0] < 1 \|\| ( ver[0] == 1 && ( ver[1] < 7 \|\| (ver[1] == 7 && ver[2] < 3) ) ) ) security_hole(get_kb_item("SMB/transport")); } ver = read_version_in_kb("Mozilla/Firefox/Version"); if (!isnull(ver)) { if (ver[0] == 0 && ver[1] < 10) security_hole(get_kb_item("SMB/transport")); }

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2004-107.NASL
description	A number of vulnerabilities were fixed in mozilla 1.7.3, the following of which have been backported to mozilla packages for Mandrakelinux 10.0 : -
last seen	2020-06-01
modified	2020-06-02
plugin id	15521
published	2004-10-20
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15521
title	Mandrake Linux Security Advisory : mozilla (MDKSA-2004:107)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2004:107. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(15521); script_version ("1.18"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2004-0902", "CVE-2004-0903", "CVE-2004-0904", "CVE-2004-0905", "CVE-2004-0906", "CVE-2004-0908", "CVE-2004-0909"); script_xref(name:"MDKSA", value:"2004:107"); script_name(english:"Mandrake Linux Security Advisory : mozilla (MDKSA-2004:107)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A number of vulnerabilities were fixed in mozilla 1.7.3, the following of which have been backported to mozilla packages for Mandrakelinux 10.0 : - 'Send page' heap overrun - JavaScript clipboard access - buffer overflow when displaying VCard - BMP integer overflow - javascript: link dragging - Malicious POP3 server III The details of all of these vulnerabilities are available from the Mozilla website." ); # http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e445b231" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nspr4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nspr4-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nss3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nss3-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnspr4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnspr4-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnss3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnss3-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-enigmail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-enigmime"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-irc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-js-debugger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-mail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-spellchecker"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"patch_publication_date", value:"2004/10/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64\|i[3-6]86\|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64nspr4-1.6-12.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64nspr4-devel-1.6-12.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64nss3-1.6-12.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64nss3-devel-1.6-12.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libnspr4-1.6-12.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libnspr4-devel-1.6-12.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libnss3-1.6-12.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libnss3-devel-1.6-12.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"mozilla-1.6-12.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"mozilla-devel-1.6-12.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"mozilla-dom-inspector-1.6-12.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"mozilla-enigmail-1.6-12.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"mozilla-enigmime-1.6-12.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"mozilla-irc-1.6-12.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"mozilla-js-debugger-1.6-12.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"mozilla-mail-1.6-12.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"mozilla-spellchecker-1.6-12.2.100mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Windows
NASL id	MOZILLA_DEFAULT_PERMS.NASL
description	The remote host is using Mozilla and/or Firefox, an alternative web browser. The version of this software is prone to an improper file permission setting. This flaw only exists if the browser is installed by the Mozilla Foundation package management, therefore, this alert might be a false positive. A local attacker could overwrite arbitrary files or execute arbitrary code in the context of the user running the browser.
last seen	2020-06-01
modified	2020-06-02
plugin id	15432
published	2004-10-08
reporter	This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/15432
title	Mozilla Multiple Products XPInstall Arbitrary File Overwrite
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(15432); script_version("1.23"); script_cve_id("CVE-2004-0906"); script_bugtraq_id(11166); script_name(english:"Mozilla Multiple Products XPInstall Arbitrary File Overwrite"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has a web browser installed that has file permissions set incorrectly." ); script_set_attribute(attribute:"description", value: "The remote host is using Mozilla and/or Firefox, an alternative web browser. The version of this software is prone to an improper file permission setting. This flaw only exists if the browser is installed by the Mozilla Foundation package management, therefore, this alert might be a false positive. A local attacker could overwrite arbitrary files or execute arbitrary code in the context of the user running the browser." ); # http://web.archive.org/web/20050404025219/http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:107 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?25f8ca14" ); # http://web.archive.org/web/20041013064553/http://www.suse.de/de/security/2004_36_mozilla.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2b64dd06" ); script_set_attribute(attribute:"solution", value: "Upgrade to Mozilla 1.7.3 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/10/08"); script_set_attribute(attribute:"vuln_publication_date", value: "2004/09/14"); script_set_attribute(attribute:"patch_publication_date", value: "2004/09/13"); script_cvs_date("Date: 2018/08/22 16:49:14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe",value:"cpe:/a:mozilla:mozilla"); script_set_attribute(attribute:"cpe",value:"cpe:/a:mozilla:firefox"); script_end_attributes(); script_summary(english:"Determines the version of Mozilla/Firefox"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Windows"); script_dependencies("mozilla_org_installed.nasl"); if ( NASL_LEVEL >= 3206 )script_require_ports("Mozilla/Version", "Mozilla/Firefox/Version"); exit(0); } # include("misc_func.inc"); ver = read_version_in_kb("Mozilla/Version"); if (!isnull(ver)) { if ( ver[0] < 1 \|\| ( ver[0] == 1 && ( ver[1] < 7 \|\| (ver[1] == 7 && ver[2] < 3) ) ) ) security_hole(get_kb_item("SMB/transport")); } ver = read_version_in_kb("Mozilla/Firefox/Version"); if (!isnull(ver)) { if (ver[0] == 0)security_hole(get_kb_item("SMB/transport")); }

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200409-26.NASL
description	The remote host is affected by the vulnerability described in GLSA-200409-26 (Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities) Mozilla-based products are vulnerable to multiple security issues. Firstly, routines handling the display of BMP images and VCards contain an integer overflow and a stack buffer overrun. Specific pages with long links, when sent using the
last seen	2020-06-01
modified	2020-06-02
plugin id	14781
published	2004-09-21
reporter	This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/14781
title	GLSA-200409-26 : Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200409-26. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(14781); script_version("1.19"); script_cvs_date("Date: 2019/08/02 13:32:41"); script_cve_id("CVE-2004-0902", "CVE-2004-0903", "CVE-2004-0904", "CVE-2004-0905", "CVE-2004-0906", "CVE-2004-0907", "CVE-2004-0908", "CVE-2004-0909"); script_xref(name:"GLSA", value:"200409-26"); script_name(english:"GLSA-200409-26 : Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200409-26 (Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities) Mozilla-based products are vulnerable to multiple security issues. Firstly, routines handling the display of BMP images and VCards contain an integer overflow and a stack buffer overrun. Specific pages with long links, when sent using the 'Send Page' function, and links with non-ASCII hostnames could both cause heap buffer overruns. Several issues were found and fixed in JavaScript rights handling: untrusted script code could read and write to the clipboard, signed scripts could build confusing grant privileges dialog boxes, and when dragged onto trusted frames or windows, JavaScript links could access information and rights of the target frame or window. Finally, Mozilla-based mail clients (Mozilla and Mozilla Thunderbird) are vulnerable to a heap overflow caused by invalid POP3 mail server responses. Impact : An attacker might be able to run arbitrary code with the rights of the user running the software by enticing the user to perform one of the following actions: view a specially crafted BMP image or VCard, use the 'Send Page' function on a malicious page, follow links with malicious hostnames, drag multiple JavaScript links in a row to another window, or connect to an untrusted POP3 mail server. An attacker could also use a malicious page with JavaScript to disclose clipboard contents or abuse previously-given privileges to request XPI installation privileges through a confusing dialog. Workaround : There is no known workaround covering all vulnerabilities." ); # http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e445b231" ); # http://www.us-cert.gov/cas/techalerts/TA04-261A.html script_set_attribute( attribute:"see_also", value:"https://www.us-cert.gov/ncas/alerts/ta04-261a" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200409-26" ); script_set_attribute( attribute:"solution", value: "All users should upgrade to the latest stable version: # emerge sync # emerge -pv your-version # emerge your-version" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:epiphany"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-firefox-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-thunderbird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-thunderbird-bin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/09/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-client/mozilla-firefox-bin", unaffected:make_list("ge 1.0_pre"), vulnerable:make_list("lt 1.0_pre"))) flag++; if (qpkg_check(package:"mail-client/mozilla-thunderbird-bin", unaffected:make_list("ge 0.8"), vulnerable:make_list("lt 0.8"))) flag++; if (qpkg_check(package:"www-client/mozilla", unaffected:make_list("ge 1.7.3"), vulnerable:make_list("lt 1.7.3"))) flag++; if (qpkg_check(package:"www-client/epiphany", unaffected:make_list("ge 1.2.9-r1"), vulnerable:make_list("lt 1.2.9-r1"))) flag++; if (qpkg_check(package:"www-client/mozilla-bin", unaffected:make_list("ge 1.7.3"), vulnerable:make_list("lt 1.7.3"))) flag++; if (qpkg_check(package:"mail-client/mozilla-thunderbird", unaffected:make_list("ge 0.8"), vulnerable:make_list("lt 0.8"))) flag++; if (qpkg_check(package:"www-client/mozilla-firefox", unaffected:make_list("ge 1.0_pre"), vulnerable:make_list("lt 1.0_pre"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla / Firefox / Thunderbird / Epiphany"); }

Oval

accepted

2013-04-29T04:15:16.411-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651

description

family

unix

oval:org.mitre.oval:def:11668

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

rhsa

id	RHSA-2005:323

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

References