Vulnerabilities > CVE-2005-1531 - Script Manager Security Bypass vulnerability in Mozilla Suite And Firefox
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."
Vulnerable Configurations
Nessus
NASL family Windows NASL id MOZILLA_FIREFOX_104.NASL description The installed version of Firefox is earlier than 1.0.4. Such versions have multiple vulnerabilities that may allow arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 18243 published 2005-05-12 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18243 title Firefox < 1.0.4 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(18243); script_version("1.28"); script_cve_id( "CVE-2005-1476", "CVE-2005-1477", "CVE-2005-1531", "CVE-2005-1532" ); script_bugtraq_id(13544, 13641, 13645); script_name(english:"Firefox < 1.0.4 Multiple Vulnerabilities"); script_summary(english:"Determines the version of Firefox"); script_set_attribute( attribute:"synopsis", value: "The remote Windows host contains a web browser that is affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "The installed version of Firefox is earlier than 1.0.4. Such versions have multiple vulnerabilities that may allow arbitrary code execution." ); script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2005-42/" ); script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2005-43/" ); script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2005-44/" ); script_set_attribute( attribute:"solution", value:"Upgrade to Firefox 1.0.4 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2005/05/12"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/05/07"); script_set_attribute(attribute:"patch_publication_date", value: "2005/05/11"); script_cvs_date("Date: 2018/07/16 14:09:14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"Windows"); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Firefox/Version"); exit(0); } # include("mozilla_version.inc"); port = get_kb_item_or_exit("SMB/transport"); installs = get_kb_list("SMB/Mozilla/Firefox/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox"); mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'1.0.4', severity:SECURITY_HOLE);
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-435.NASL description Updated mozilla packages that fix various security bugs are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 24 May 2005] This erratum now includes updated devhelp packages which are required to satisfy a dependency on systems that have devhelp packages installed. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several bugs were found in the way Mozilla executes JavaScript code. JavaScript executed from a web page should run with a restricted access level, preventing dangerous actions. It is possible that a malicious web page could execute JavaScript code with elevated privileges, allowing access to protected data and functions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and CVE-2005-1532 to these issues. Users of Mozilla are advised to upgrade to this updated package, which contains Mozilla version 1.7.8 to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 18388 published 2005-05-28 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18388 title RHEL 2.1 / 3 / 4 : mozilla (RHSA-2005:435) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:435. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(18388); script_version ("1.29"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2005-1476", "CVE-2005-1477", "CVE-2005-1531", "CVE-2005-1532"); script_xref(name:"RHSA", value:"2005:435"); script_name(english:"RHEL 2.1 / 3 / 4 : mozilla (RHSA-2005:435)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated mozilla packages that fix various security bugs are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 24 May 2005] This erratum now includes updated devhelp packages which are required to satisfy a dependency on systems that have devhelp packages installed. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several bugs were found in the way Mozilla executes JavaScript code. JavaScript executed from a web page should run with a restricted access level, preventing dangerous actions. It is possible that a malicious web page could execute JavaScript code with elevated privileges, allowing access to protected data and functions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and CVE-2005-1532 to these issues. Users of Mozilla are advised to upgrade to this updated package, which contains Mozilla version 1.7.8 to correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-1476" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-1477" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-1531" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-1532" ); # http://www.mozilla.org/projects/security/known-vulnerabilities.html# script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/known-vulnerabilities/" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:435" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:devhelp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:devhelp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:galeon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-chat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-js-debugger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-mail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nss-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/09"); script_set_attribute(attribute:"patch_publication_date", value:"2005/05/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/05/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(2\.1|3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x / 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:435"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"galeon-1.2.14-1.2.5")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-1.7.8-1.1.2.1")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-chat-1.7.8-1.1.2.1")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-devel-1.7.8-1.1.2.1")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-dom-inspector-1.7.8-1.1.2.1")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-js-debugger-1.7.8-1.1.2.1")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-mail-1.7.8-1.1.2.1")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nspr-1.7.8-1.1.2.1")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nspr-devel-1.7.8-1.1.2.1")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nss-1.7.8-1.1.2.1")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nss-devel-1.7.8-1.1.2.1")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-1.7.8-1.1.3.1")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-chat-1.7.8-1.1.3.1")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-devel-1.7.8-1.1.3.1")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-dom-inspector-1.7.8-1.1.3.1")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-js-debugger-1.7.8-1.1.3.1")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-mail-1.7.8-1.1.3.1")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-nspr-1.7.8-1.1.3.1")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-nspr-devel-1.7.8-1.1.3.1")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-nss-1.7.8-1.1.3.1")) flag++; if (rpm_check(release:"RHEL3", reference:"mozilla-nss-devel-1.7.8-1.1.3.1")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"devhelp-0.9.2-2.4.5")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"devhelp-0.9.2-2.4.5")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"devhelp-devel-0.9.2-2.4.5")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"devhelp-devel-0.9.2-2.4.5")) flag++; if (rpm_check(release:"RHEL4", reference:"mozilla-1.7.8-1.4.1")) flag++; if (rpm_check(release:"RHEL4", reference:"mozilla-chat-1.7.8-1.4.1")) flag++; if (rpm_check(release:"RHEL4", reference:"mozilla-devel-1.7.8-1.4.1")) flag++; if (rpm_check(release:"RHEL4", reference:"mozilla-dom-inspector-1.7.8-1.4.1")) flag++; if (rpm_check(release:"RHEL4", reference:"mozilla-js-debugger-1.7.8-1.4.1")) flag++; if (rpm_check(release:"RHEL4", reference:"mozilla-mail-1.7.8-1.4.1")) flag++; if (rpm_check(release:"RHEL4", reference:"mozilla-nspr-1.7.8-1.4.1")) flag++; if (rpm_check(release:"RHEL4", reference:"mozilla-nspr-devel-1.7.8-1.4.1")) flag++; if (rpm_check(release:"RHEL4", reference:"mozilla-nss-1.7.8-1.4.1")) flag++; if (rpm_check(release:"RHEL4", reference:"mozilla-nss-devel-1.7.8-1.4.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "devhelp / devhelp-devel / galeon / mozilla / mozilla-chat / etc"); } }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-134-1.NASL description It was discovered that a malicious website could inject arbitrary scripts into a target site by loading it into a frame and navigating back to a previous JavaScript URL that contained an eval() call. This could be used to steal cookies or other confidential data from the target site. If the target site is allowed to raise the install confirmation dialog in Firefox then this flaw even allowed the malicious site to execute arbitrary code with the privileges of the Firefox user. By default only the Mozilla Update site is allowed to attempt software installation; however, users can permit this for additional sites. (MFSA 2005-42) Michael Krax, Georgi Guninski, and L. David Baron found that the security checks that prevent script injection could be bypassed by wrapping a javascript: url in another pseudo-protocol like last seen 2020-06-01 modified 2020-06-02 plugin id 20525 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20525 title Ubuntu 5.04 : mozilla-firefox vulnerabilities (USN-134-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-134-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(20525); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:33:00"); script_cve_id("CVE-2005-1160", "CVE-2005-1531", "CVE-2005-1532"); script_xref(name:"USN", value:"134-1"); script_name(english:"Ubuntu 5.04 : mozilla-firefox vulnerabilities (USN-134-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that a malicious website could inject arbitrary scripts into a target site by loading it into a frame and navigating back to a previous JavaScript URL that contained an eval() call. This could be used to steal cookies or other confidential data from the target site. If the target site is allowed to raise the install confirmation dialog in Firefox then this flaw even allowed the malicious site to execute arbitrary code with the privileges of the Firefox user. By default only the Mozilla Update site is allowed to attempt software installation; however, users can permit this for additional sites. (MFSA 2005-42) Michael Krax, Georgi Guninski, and L. David Baron found that the security checks that prevent script injection could be bypassed by wrapping a javascript: url in another pseudo-protocol like 'view-source:' or 'jar:'. (CAN-2005-1531) A variant of the attack described in CAN-2005-1160 (see USN-124-1) was discovered. Additional checks were added to make sure JavaScript eval and Script objects are run with the privileges of the context that created them, not the potentially elevated privilege of the context calling them. (CAN-2005-1532) Note: These flaws also apply to Ubuntu 5.04's Mozilla, and to the Ubuntu 4.10 versions of Firefox and Mozilla. These will be fixed soon. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-gnome-support"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04"); script_set_attribute(attribute:"patch_publication_date", value:"2005/05/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(5\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 5.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"5.04", pkgname:"mozilla-firefox", pkgver:"1.0.2-0ubuntu5.3")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"mozilla-firefox-dev", pkgver:"1.0.2-0ubuntu5.3")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"mozilla-firefox-dom-inspector", pkgver:"1.0.2-0ubuntu5.3")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"mozilla-firefox-gnome-support", pkgver:"1.0.2-0ubuntu5.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mozilla-firefox / mozilla-firefox-dev / etc"); }
NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_030.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:030 (MozillaFirefox). This update upgrades Mozilla Firefox to version 1.0.4, fixing the following security problems: MFSA 2005-42: A problem in the install confirmation dialog together with a bad fix for MFSA 2005-41 allowed a remote attacker to execute arbitrary code with the help of a cross site scripting problem on the Mozilla website. The Mozilla website has been fixed so this is no real problem anymore. MFSA 2005-43/CVE-2005-1531: By causing a frame to navigate back to a previous javascript: URL an attacker can inject script into the forward site. This site can be controlled by the attacker allowing them to steal cookies or sensitive data from that page or to perform actions on behalf of that user. MFSA 2005-44/CVE-2005-1532: A variant of MFSA 2005-41 overrides properties on a non-DOM node and then substitutes that object for one chrome script will access. Most examples involved the attacker synthesizing an event targeted at a non-DOM node, and overriding standard DOM node properties such as type with references to eval() calls or Script() objects. The MFSA-2005-43 and MFSA-2005-44 flaws also affect the Mozilla Suite browsers. We are working on updates for those. Updated packages were already released on May 20th. We wanted to postpone the advisory until we have fixed packages for the Mozilla Suite, but these will take some more time. last seen 2019-10-28 modified 2005-06-10 plugin id 18463 published 2005-06-10 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18463 title SUSE-SA:2005:030: MozillaFirefox code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:030 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(18463); script_version ("1.8"); name["english"] = "SUSE-SA:2005:030: MozillaFirefox"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2005:030 (MozillaFirefox). This update upgrades Mozilla Firefox to version 1.0.4, fixing the following security problems: MFSA 2005-42: A problem in the install confirmation dialog together with a bad fix for MFSA 2005-41 allowed a remote attacker to execute arbitrary code with the help of a cross site scripting problem on the Mozilla website. The Mozilla website has been fixed so this is no real problem anymore. MFSA 2005-43/CVE-2005-1531: By causing a frame to navigate back to a previous javascript: URL an attacker can inject script into the forward site. This site can be controlled by the attacker allowing them to steal cookies or sensitive data from that page or to perform actions on behalf of that user. MFSA 2005-44/CVE-2005-1532: A variant of MFSA 2005-41 overrides properties on a non-DOM node and then substitutes that object for one chrome script will access. Most examples involved the attacker synthesizing an event targeted at a non-DOM node, and overriding standard DOM node properties such as type with references to eval() calls or Script() objects. The MFSA-2005-43 and MFSA-2005-44 flaws also affect the Mozilla Suite browsers. We are working on updates for those. Updated packages were already released on May 20th. We wanted to postpone the advisory until we have fixed packages for the Mozilla Suite, but these will take some more time." ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/advisories/2005_30_mozilla_firefox.html" ); script_set_attribute(attribute:"risk_factor", value:"High" ); script_set_attribute(attribute:"plugin_publication_date", value: "2005/06/10"); script_end_attributes(); summary["english"] = "Check for the version of the MozillaFirefox package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"MozillaFirebird-1.0.4-2", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"MozillaFirefox-1.0.4-0.3", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"MozillaFirefox-1.0.4-1.1", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"MozillaFirefox-1.0.4-1.1", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"MozillaFirefox-translations-1.0.4-1.1", release:"SUSE9.3") ) { security_hole(0); exit(0); }
NASL family Windows NASL id MOZILLA_178.NASL description The remote version of Mozilla contains various security issues that may allow an attacker to execute arbitrary code on the remote host. last seen 2020-06-01 modified 2020-06-02 plugin id 18244 published 2005-05-12 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18244 title Mozilla Browser < 1.7.8 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(18244); script_version("1.28"); script_cve_id( "CVE-2005-1476", "CVE-2005-1477", "CVE-2005-1531", "CVE-2005-1532" ); script_bugtraq_id(13544, 13641, 13645); script_name(english:"Mozilla Browser < 1.7.8 Multiple Vulnerabilities"); script_set_attribute(attribute:"synopsis", value: "A web browser installed on the remote host contains multiple vulnerabilities." ); script_set_attribute(attribute:"description", value: "The remote version of Mozilla contains various security issues that may allow an attacker to execute arbitrary code on the remote host." ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2005-43/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2005-44/" ); script_set_attribute(attribute:"solution", value: "Upgrade to Mozilla 1.7.8 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2005/05/12"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/05/07"); script_set_attribute(attribute:"patch_publication_date", value: "2005/05/11"); script_cvs_date("Date: 2018/07/16 14:09:14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe",value:"cpe:/a:mozilla:mozilla"); script_end_attributes(); script_summary(english:"Determines the version of Mozilla"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"Windows"); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Version"); exit(0); } # include("misc_func.inc"); ver = read_version_in_kb("Mozilla/Version"); if (isnull(ver)) exit(0); if ( ver[0] < 1 || ( ver[0] == 1 && ( ver[1] < 7 || (ver[1] == 7 && ver[2] < 8) ) ) ) security_hole(get_kb_item("SMB/transport"));
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-149-3.NASL description USN-149-1 fixed some vulnerabilities in the Ubuntu 5.04 (Hoary Hedgehog) version of Firefox. The version shipped with Ubuntu 4.10 (Warty Warthog) is also vulnerable to these flaws, so it needs to be upgraded as well. Please see http://www.ubuntulinux.org/support/documentation/usn/usn-149-1 for the original advisory. This update also fixes several older vulnerabilities; Some of them could be exploited to execute arbitrary code with full user privileges if the user visited a malicious website. (MFSA-2005-01 to MFSA-2005-44; please see the following website for details: http://www.mozilla.org/projects/security/known-vulnerabilities.html) Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20546 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2018 Canonical, Inc. / NASL script (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20546 title Ubuntu 4.10 : mozilla-firefox vulnerabilities (USN-149-3) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-149-3. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(20546); script_version("1.21"); script_cvs_date("Date: 2019/08/02 13:33:00"); script_cve_id("CVE-2004-1156", "CVE-2004-1381", "CVE-2005-0141", "CVE-2005-0142", "CVE-2005-0143", "CVE-2005-0144", "CVE-2005-0145", "CVE-2005-0146", "CVE-2005-0147", "CVE-2005-0150", "CVE-2005-0230", "CVE-2005-0231", "CVE-2005-0232", "CVE-2005-0233", "CVE-2005-0255", "CVE-2005-0399", "CVE-2005-0401", "CVE-2005-0402", "CVE-2005-0578", "CVE-2005-0584", "CVE-2005-0585", "CVE-2005-0586", "CVE-2005-0587", "CVE-2005-0588", "CVE-2005-0589", "CVE-2005-0590", "CVE-2005-0591", "CVE-2005-0592", "CVE-2005-0593", "CVE-2005-0752", "CVE-2005-0989", "CVE-2005-1153", "CVE-2005-1154", "CVE-2005-1155", "CVE-2005-1156", "CVE-2005-1157", "CVE-2005-1158", "CVE-2005-1159", "CVE-2005-1160", "CVE-2005-1531", "CVE-2005-1532", "CVE-2005-1937", "CVE-2005-2260", "CVE-2005-2261", "CVE-2005-2262", "CVE-2005-2263", "CVE-2005-2264", "CVE-2005-2265", "CVE-2005-2266", "CVE-2005-2267", "CVE-2005-2268", "CVE-2005-2269", "CVE-2005-2270"); script_xref(name:"USN", value:"149-3"); script_name(english:"Ubuntu 4.10 : mozilla-firefox vulnerabilities (USN-149-3)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "USN-149-1 fixed some vulnerabilities in the Ubuntu 5.04 (Hoary Hedgehog) version of Firefox. The version shipped with Ubuntu 4.10 (Warty Warthog) is also vulnerable to these flaws, so it needs to be upgraded as well. Please see http://www.ubuntulinux.org/support/documentation/usn/usn-149-1 for the original advisory. This update also fixes several older vulnerabilities; Some of them could be exploited to execute arbitrary code with full user privileges if the user visited a malicious website. (MFSA-2005-01 to MFSA-2005-44; please see the following website for details: http://www.mozilla.org/projects/security/known-vulnerabilities.html) Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Mozilla Suite/Firefox compareTo() Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-locale-ca"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-locale-de"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-locale-es"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-locale-fr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-locale-it"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-locale-ja"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-locale-nb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-locale-pl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-locale-tr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-locale-uk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10"); script_set_attribute(attribute:"patch_publication_date", value:"2005/07/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2005-2018 Canonical, Inc. / NASL script (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(4\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"4.10", pkgname:"mozilla-firefox", pkgver:"1.0.6-0ubuntu0.0.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"mozilla-firefox-dom-inspector", pkgver:"1.0.6-0ubuntu0.0.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"mozilla-firefox-locale-ca", pkgver:"1.0-0ubuntu0.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"mozilla-firefox-locale-de", pkgver:"1.0-0ubuntu0.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"mozilla-firefox-locale-es", pkgver:"1.0-0ubuntu0.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"mozilla-firefox-locale-fr", pkgver:"1.0-0ubuntu0.2")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"mozilla-firefox-locale-it", pkgver:"1.0-0ubuntu0.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"mozilla-firefox-locale-ja", pkgver:"1.0-0ubuntu0.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"mozilla-firefox-locale-nb", pkgver:"1.0-0ubuntu0.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"mozilla-firefox-locale-pl", pkgver:"1.0-0ubuntu0.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"mozilla-firefox-locale-tr", pkgver:"1.0-0ubuntu0.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"mozilla-firefox-locale-uk", pkgver:"1.0-0ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mozilla-firefox / mozilla-firefox-dom-inspector / etc"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-434.NASL description Updated firefox packages that fix various security bugs are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several bugs were found in the way Firefox executes JavaScript code. JavaScript executed from a web page should run with a restricted access level, preventing dangerous actions. It is possible that a malicious web page could execute JavaScript code with elevated privileges, allowing access to protected data and functions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and CVE-2005-1532 to these issues. Please note that the effects of CVE-2005-1477 are mitigated by the default setup, which allows only the Mozilla Update site to attempt installation of Firefox extensions. The Mozilla Update site has been modified to prevent this attack from working. If other URLs have been manually added to the whitelist, it may be possible to execute this attack. Users of Firefox are advised to upgrade to this updated package which contains Firefox version 1.0.4 which is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 18387 published 2005-05-28 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18387 title RHEL 4 : firefox (RHSA-2005:434) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:434. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(18387); script_version ("1.28"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2005-1476", "CVE-2005-1477", "CVE-2005-1531", "CVE-2005-1532"); script_xref(name:"RHSA", value:"2005:434"); script_name(english:"RHEL 4 : firefox (RHSA-2005:434)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated firefox packages that fix various security bugs are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several bugs were found in the way Firefox executes JavaScript code. JavaScript executed from a web page should run with a restricted access level, preventing dangerous actions. It is possible that a malicious web page could execute JavaScript code with elevated privileges, allowing access to protected data and functions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and CVE-2005-1532 to these issues. Please note that the effects of CVE-2005-1477 are mitigated by the default setup, which allows only the Mozilla Update site to attempt installation of Firefox extensions. The Mozilla Update site has been modified to prevent this attack from working. If other URLs have been manually added to the whitelist, it may be possible to execute this attack. Users of Firefox are advised to upgrade to this updated package which contains Firefox version 1.0.4 which is not vulnerable to these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-1476" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-1477" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-1531" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-1532" ); # http://www.mozilla.org/projects/security/known-vulnerabilities.html# script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/known-vulnerabilities/" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:434" ); script_set_attribute( attribute:"solution", value:"Update the affected firefox package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/09"); script_set_attribute(attribute:"patch_publication_date", value:"2005/05/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/05/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:434"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"firefox-1.0.4-1.4.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox"); } }
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-435.NASL description Updated mozilla packages that fix various security bugs are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 24 May 2005] This erratum now includes updated devhelp packages which are required to satisfy a dependency on systems that have devhelp packages installed. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several bugs were found in the way Mozilla executes JavaScript code. JavaScript executed from a web page should run with a restricted access level, preventing dangerous actions. It is possible that a malicious web page could execute JavaScript code with elevated privileges, allowing access to protected data and functions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and CVE-2005-1532 to these issues. Users of Mozilla are advised to upgrade to this updated package, which contains Mozilla version 1.7.8 to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21827 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21827 title CentOS 3 / 4 : mozilla (CESA-2005:435) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:435 and # CentOS Errata and Security Advisory 2005:435 respectively. # include("compat.inc"); if (description) { script_id(21827); script_version("1.23"); script_cvs_date("Date: 2019/10/25 13:36:02"); script_cve_id("CVE-2005-1476", "CVE-2005-1477", "CVE-2005-1531", "CVE-2005-1532"); script_xref(name:"RHSA", value:"2005:435"); script_name(english:"CentOS 3 / 4 : mozilla (CESA-2005:435)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated mozilla packages that fix various security bugs are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 24 May 2005] This erratum now includes updated devhelp packages which are required to satisfy a dependency on systems that have devhelp packages installed. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several bugs were found in the way Mozilla executes JavaScript code. JavaScript executed from a web page should run with a restricted access level, preventing dangerous actions. It is possible that a malicious web page could execute JavaScript code with elevated privileges, allowing access to protected data and functions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and CVE-2005-1532 to these issues. Users of Mozilla are advised to upgrade to this updated package, which contains Mozilla version 1.7.8 to correct these issues." ); # https://lists.centos.org/pipermail/centos-announce/2005-May/011738.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?355b36ce" ); # https://lists.centos.org/pipermail/centos-announce/2005-May/011739.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ad1530b3" ); # https://lists.centos.org/pipermail/centos-announce/2005-May/011743.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?408c0c61" ); # https://lists.centos.org/pipermail/centos-announce/2005-May/011744.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ff2a9392" ); # https://lists.centos.org/pipermail/centos-announce/2005-May/011750.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2fb16e5d" ); # https://lists.centos.org/pipermail/centos-announce/2005-May/011751.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?08b8ff13" ); script_set_attribute( attribute:"solution", value:"Update the affected mozilla packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:devhelp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:devhelp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla-chat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla-js-debugger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla-mail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla-nspr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla-nspr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla-nss-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/09"); script_set_attribute(attribute:"patch_publication_date", value:"2005/05/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"mozilla-1.7.8-1.1.3.1.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"mozilla-chat-1.7.8-1.1.3.1.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"mozilla-devel-1.7.8-1.1.3.1.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"mozilla-dom-inspector-1.7.8-1.1.3.1.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"mozilla-js-debugger-1.7.8-1.1.3.1.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"mozilla-mail-1.7.8-1.1.3.1.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"mozilla-nspr-1.7.8-1.1.3.1.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"mozilla-nspr-devel-1.7.8-1.1.3.1.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"mozilla-nss-1.7.8-1.1.3.1.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"mozilla-nss-devel-1.7.8-1.1.3.1.centos3")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"devhelp-0.9.2-2.4.4.centos4")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"devhelp-0.9.2-2.4.4.centos4")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"devhelp-devel-0.9.2-2.4.4.centos4")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"devhelp-devel-0.9.2-2.4.4.centos4")) flag++; if (rpm_check(release:"CentOS-4", reference:"mozilla-1.7.8-1.4.1.centos4")) flag++; if (rpm_check(release:"CentOS-4", reference:"mozilla-chat-1.7.8-1.4.1.centos4")) flag++; if (rpm_check(release:"CentOS-4", reference:"mozilla-devel-1.7.8-1.4.1.centos4")) flag++; if (rpm_check(release:"CentOS-4", reference:"mozilla-dom-inspector-1.7.8-1.4.1.centos4")) flag++; if (rpm_check(release:"CentOS-4", reference:"mozilla-js-debugger-1.7.8-1.4.1.centos4")) flag++; if (rpm_check(release:"CentOS-4", reference:"mozilla-mail-1.7.8-1.4.1.centos4")) flag++; if (rpm_check(release:"CentOS-4", reference:"mozilla-nspr-1.7.8-1.4.1.centos4")) flag++; if (rpm_check(release:"CentOS-4", reference:"mozilla-nspr-devel-1.7.8-1.4.1.centos4")) flag++; if (rpm_check(release:"CentOS-4", reference:"mozilla-nss-1.7.8-1.4.1.centos4")) flag++; if (rpm_check(release:"CentOS-4", reference:"mozilla-nss-devel-1.7.8-1.4.1.centos4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "devhelp / devhelp-devel / mozilla / mozilla-chat / mozilla-devel / etc"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-155-1.NASL description Secunia.com reported that one of the recent security patches in Firefox reintroduced the frame injection patch that was originally known as CAN-2004-0718. This allowed a malicious website to spoof the contents of other websites. (CAN-2005-1937) It was discovered that a malicious website could inject arbitrary scripts into a target site by loading it into a frame and navigating back to a previous JavaScript URL that contained an eval() call. This could be used to steal cookies or other confidential data from the target site. (MFSA 2005-42) Michael Krax, Georgi Guninski, and L. David Baron found that the security checks that prevent script injection could be bypassed by wrapping a javascript: url in another pseudo-protocol like last seen 2020-06-01 modified 2020-06-02 plugin id 20556 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2018 Canonical, Inc. / NASL script (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20556 title Ubuntu 4.10 / 5.04 : mozilla vulnerabilities (USN-155-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-155-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(20556); script_version("1.21"); script_cvs_date("Date: 2019/08/02 13:33:00"); script_cve_id("CVE-2004-0718", "CVE-2005-1160", "CVE-2005-1531", "CVE-2005-1532", "CVE-2005-1937", "CVE-2005-2260", "CVE-2005-2261", "CVE-2005-2263", "CVE-2005-2265", "CVE-2005-2266", "CVE-2005-2268", "CVE-2005-2269", "CVE-2005-2270"); script_xref(name:"USN", value:"155-1"); script_name(english:"Ubuntu 4.10 / 5.04 : mozilla vulnerabilities (USN-155-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Secunia.com reported that one of the recent security patches in Firefox reintroduced the frame injection patch that was originally known as CAN-2004-0718. This allowed a malicious website to spoof the contents of other websites. (CAN-2005-1937) It was discovered that a malicious website could inject arbitrary scripts into a target site by loading it into a frame and navigating back to a previous JavaScript URL that contained an eval() call. This could be used to steal cookies or other confidential data from the target site. (MFSA 2005-42) Michael Krax, Georgi Guninski, and L. David Baron found that the security checks that prevent script injection could be bypassed by wrapping a javascript: url in another pseudo-protocol like 'view-source:' or 'jar:'. (CAN-2005-1531) A variant of the attack described in CAN-2005-1160 (see USN-124-1) was discovered. Additional checks were added to make sure JavaScript eval and script objects are run with the privileges of the context that created them, not the potentially elevated privilege of the context calling them. (CAN-2005-1532) In several places the browser user interface did not correctly distinguish between true user events, such as mouse clicks or keystrokes, and synthetic events genenerated by web content. This could be exploited by malicious websites to generate e. g. mouse clicks that install malicious plugins. Synthetic events are now prevented from reaching the browser UI entirely. (CAN-2005-2260) Scripts in XBL controls from web content continued to be run even when JavaScript was disabled. This could be combined with most script-based exploits to attack people running vulnerable versions who thought disabling JavaScript would protect them. (CAN-2005-2261) Matthew Mastracci discovered a flaw in the addons installation launcher. By forcing a page navigation immediately after calling the install method a callback function could end up running in the context of the new page selected by the attacker. This callback script could steal data from the new page such as cookies or passwords, or perform actions on the user's behalf such as make a purchase if the user is already logged into the target site. However, the default settings allow only http://addons.mozilla.org to bring up this install dialog. This could only be exploited if users have added untrustworthy sites to the installation whitelist, and if a malicious site can convince you to install from their site. (CAN-2005-2263) The function for version comparison in the addons installer did not properly verify the type of its argument. By passing specially crafted JavaScript objects to it, a malicious website could crash the browser and possibly even execute arbitrary code with the privilege of the user account Firefox runs in. (CAN-2005-2265) A child frame can call top.focus() even if the framing page comes from a different origin and has overridden the focus() routine. Andreas Sandblad discovered that the call is made in the context of the child frame. This could be exploited to steal cookies and passwords from the framed page, or take actions on behalf of a signed-in user. However, websites with above properties are not very common. (CAN-2005-2266) Alerts and prompts created by scripts in web pages were presented with the generic title [Javascript Application] which sometimes made it difficult to know which site created them. A malicious page could exploit this by causing a prompt to appear in front of a trusted site in an attempt to extract information such as passwords from the user. In the fixed version these prompts contain the hostname of the page which created it. (CAN-2005-2268) The XHTML DOM node handler did not take namespaces into account when verifying node types based on their names. For example, an XHTML document could contain an <IMG> tag with malicious contents, which would then be processed as the standard trusted HTML <img> tag. By tricking an user to view malicious websites, this could be exploited to execute attacker-specified code with the full privileges of the user. (CAN-2005-2269) It was discovered that some objects were not created appropriately. This allowed malicious web content scripts to trace back the creation chain until they found a privileged object and execute code with higher privileges than allowed by the current site. (CAN-2005-2270) The update for Ubuntu 4.10 (Warty Warthog) also fixes several vulnerabilities which are not present in the Ubuntu 5.04 version. Some of them could be exploited to execute arbitrary code with full user privileges if the user visited a malicious website. (MFSA-2005-01 to MFSA-2005-41; please see the following website for details: http://www.mozilla.org/projects/security/known-vulnerabilities.html). We apologize for the huge delay of this update; we changed our update strategy for Mozilla products to make sure that such long delays will not happen again. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Mozilla Suite/Firefox compareTo() Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnspr-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnspr4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-browser"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-chatzilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-js-debugger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-mailnews"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-psm"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04"); script_set_attribute(attribute:"patch_publication_date", value:"2005/07/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2005-2018 Canonical, Inc. / NASL script (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(4\.10|5\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10 / 5.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"4.10", pkgname:"libnspr-dev", pkgver:"1.7.10-0ubuntu04.10")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"libnspr4", pkgver:"1.7.10-0ubuntu04.10")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"libnss-dev", pkgver:"1.7.10-0ubuntu04.10")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"libnss3", pkgver:"1.7.10-0ubuntu04.10")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"mozilla", pkgver:"1.7.10-0ubuntu04.10")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"mozilla-browser", pkgver:"1.7.10-0ubuntu04.10")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"mozilla-calendar", pkgver:"1.7.10-0ubuntu04.10")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"mozilla-chatzilla", pkgver:"1.7.10-0ubuntu04.10")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"mozilla-dev", pkgver:"1.7.10-0ubuntu04.10")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"mozilla-dom-inspector", pkgver:"1.7.10-0ubuntu04.10")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"mozilla-js-debugger", pkgver:"1.7.10-0ubuntu04.10")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"mozilla-mailnews", pkgver:"1.7.10-0ubuntu04.10")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"mozilla-psm", pkgver:"1.7.10-0ubuntu04.10")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libnspr-dev", pkgver:"1.7.10-0ubuntu05.04")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libnspr4", pkgver:"1.7.10-0ubuntu05.04")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libnss-dev", pkgver:"1.7.10-0ubuntu05.04")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libnss3", pkgver:"1.7.10-0ubuntu05.04")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"mozilla", pkgver:"1.7.10-0ubuntu05.04")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"mozilla-browser", pkgver:"1.7.10-0ubuntu05.04")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"mozilla-calendar", pkgver:"1.7.10-0ubuntu05.04")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"mozilla-chatzilla", pkgver:"1.7.10-0ubuntu05.04")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"mozilla-dev", pkgver:"1.7.10-0ubuntu05.04")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"mozilla-dom-inspector", pkgver:"1.7.10-0ubuntu05.04")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"mozilla-js-debugger", pkgver:"1.7.10-0ubuntu05.04")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"mozilla-mailnews", pkgver:"1.7.10-0ubuntu05.04")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"mozilla-psm", pkgver:"1.7.10-0ubuntu05.04")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libnspr-dev / libnspr4 / libnss-dev / libnss3 / mozilla / etc"); }
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-434.NASL description Updated firefox packages that fix various security bugs are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several bugs were found in the way Firefox executes JavaScript code. JavaScript executed from a web page should run with a restricted access level, preventing dangerous actions. It is possible that a malicious web page could execute JavaScript code with elevated privileges, allowing access to protected data and functions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and CVE-2005-1532 to these issues. Please note that the effects of CVE-2005-1477 are mitigated by the default setup, which allows only the Mozilla Update site to attempt installation of Firefox extensions. The Mozilla Update site has been modified to prevent this attack from working. If other URLs have been manually added to the whitelist, it may be possible to execute this attack. Users of Firefox are advised to upgrade to this updated package which contains Firefox version 1.0.4 which is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21939 published 2006-07-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21939 title CentOS 4 : firefox (CESA-2005:434) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:434 and # CentOS Errata and Security Advisory 2005:434 respectively. # include("compat.inc"); if (description) { script_id(21939); script_version("1.21"); script_cvs_date("Date: 2019/10/25 13:36:02"); script_cve_id("CVE-2005-1476", "CVE-2005-1477", "CVE-2005-1531", "CVE-2005-1532"); script_xref(name:"RHSA", value:"2005:434"); script_name(english:"CentOS 4 : firefox (CESA-2005:434)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated firefox packages that fix various security bugs are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several bugs were found in the way Firefox executes JavaScript code. JavaScript executed from a web page should run with a restricted access level, preventing dangerous actions. It is possible that a malicious web page could execute JavaScript code with elevated privileges, allowing access to protected data and functions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and CVE-2005-1532 to these issues. Please note that the effects of CVE-2005-1477 are mitigated by the default setup, which allows only the Mozilla Update site to attempt installation of Firefox extensions. The Mozilla Update site has been modified to prevent this attack from working. If other URLs have been manually added to the whitelist, it may be possible to execute this attack. Users of Firefox are advised to upgrade to this updated package which contains Firefox version 1.0.4 which is not vulnerable to these issues." ); # https://lists.centos.org/pipermail/centos-announce/2005-May/011737.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?017d4f4c" ); # https://lists.centos.org/pipermail/centos-announce/2005-May/011741.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2457c37c" ); # https://lists.centos.org/pipermail/centos-announce/2005-May/011742.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?570c7fad" ); script_set_attribute( attribute:"solution", value:"Update the affected firefox package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:firefox"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/09"); script_set_attribute(attribute:"patch_publication_date", value:"2005/05/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-4", reference:"firefox-1.0.4-1.4.1.centos4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox"); }
Oval
accepted 2007-03-21T16:16:23.920-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Jonathan Baker organization The MITRE Corporation name Matthew Wojcik organization The MITRE Corporation name Matthew Wojcik organization The MITRE Corporation name Anna Min organization BigFix, Inc name Daniel Tarnu organization GFI Software name Jonathan Baker organization The MITRE Corporation name Jonathan Baker organization The MITRE Corporation name Jonathan Baker organization The MITRE Corporation name Jonathan Baker organization The MITRE Corporation
description Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant." family windows id oval:org.mitre.oval:def:100015 status accepted submitted 2005-08-16T04:00:00.000-04:00 title Mozilla JavaScript Wrapping Vulnerability version 6 accepted 2013-04-29T04:04:54.204-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990
description Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant." family unix id oval:org.mitre.oval:def:10351 status accepted submitted 2010-07-09T03:56:16-04:00 title Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant." version 26
Redhat
advisories |
| ||||||||
rpms |
|
References
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
- http://securitytracker.com/id?1013962
- http://securitytracker.com/id?1013963
- http://www.mozilla.org/security/announce/mfsa2005-43.html
- http://www.redhat.com/support/errata/RHSA-2005-434.html
- http://www.redhat.com/support/errata/RHSA-2005-435.html
- http://www.securityfocus.com/bid/13641
- http://www.securityfocus.com/bid/15495
- http://www.vupen.com/english/advisories/2005/0530
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100015
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10351