Vulnerabilities > CVE-2005-1531 - Script Manager Security Bypass vulnerability in Mozilla Suite And Firefox

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
mozilla
nessus

Summary

Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."

Nessus

  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_104.NASL
    descriptionThe installed version of Firefox is earlier than 1.0.4. Such versions have multiple vulnerabilities that may allow arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id18243
    published2005-05-12
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18243
    titleFirefox < 1.0.4 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    include("compat.inc");
    
    
    if(description)
    {
     script_id(18243);
     script_version("1.28");
    
     script_cve_id(
      "CVE-2005-1476", 
      "CVE-2005-1477", 
      "CVE-2005-1531", 
      "CVE-2005-1532"
     );
     script_bugtraq_id(13544, 13641, 13645);
    
     script_name(english:"Firefox < 1.0.4 Multiple Vulnerabilities");
     script_summary(english:"Determines the version of Firefox");
    
     script_set_attribute( attribute:"synopsis", value:
    "The remote Windows host contains a web browser that is affected by
    multiple vulnerabilities." );
     script_set_attribute( attribute:"description",  value:
    "The installed version of Firefox is earlier than 1.0.4.  Such
    versions have multiple vulnerabilities that may allow arbitrary
    code execution." );
     script_set_attribute(
       attribute:"see_also",
       value:"https://www.mozilla.org/en-US/security/advisories/mfsa2005-42/"
     );
     script_set_attribute(
       attribute:"see_also",
       value:"https://www.mozilla.org/en-US/security/advisories/mfsa2005-43/"
     );
     script_set_attribute(
       attribute:"see_also",
       value:"https://www.mozilla.org/en-US/security/advisories/mfsa2005-44/"
     );
     script_set_attribute(
       attribute:"solution", 
       value:"Upgrade to Firefox 1.0.4 or later."
     );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
     script_set_attribute(attribute:"plugin_publication_date", value: "2005/05/12");
     script_set_attribute(attribute:"vuln_publication_date", value: "2005/05/07");
     script_set_attribute(attribute:"patch_publication_date", value: "2005/05/11");
     script_cvs_date("Date: 2018/07/16 14:09:14");
     script_set_attribute(attribute:"plugin_type", value:"local");
     script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox");
     script_end_attributes();
    
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
     script_family(english:"Windows");
     script_dependencies("mozilla_org_installed.nasl");
     script_require_keys("Mozilla/Firefox/Version");
     exit(0);
    }
    
    #
    include("mozilla_version.inc");
    port = get_kb_item_or_exit("SMB/transport"); 
    
    installs = get_kb_list("SMB/Mozilla/Firefox/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox");
    
    mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'1.0.4', severity:SECURITY_HOLE);
    
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-435.NASL
    descriptionUpdated mozilla packages that fix various security bugs are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 24 May 2005] This erratum now includes updated devhelp packages which are required to satisfy a dependency on systems that have devhelp packages installed. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several bugs were found in the way Mozilla executes JavaScript code. JavaScript executed from a web page should run with a restricted access level, preventing dangerous actions. It is possible that a malicious web page could execute JavaScript code with elevated privileges, allowing access to protected data and functions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and CVE-2005-1532 to these issues. Users of Mozilla are advised to upgrade to this updated package, which contains Mozilla version 1.7.8 to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id18388
    published2005-05-28
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18388
    titleRHEL 2.1 / 3 / 4 : mozilla (RHSA-2005:435)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2005:435. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(18388);
      script_version ("1.29");
      script_cvs_date("Date: 2019/10/25 13:36:11");
    
      script_cve_id("CVE-2005-1476", "CVE-2005-1477", "CVE-2005-1531", "CVE-2005-1532");
      script_xref(name:"RHSA", value:"2005:435");
    
      script_name(english:"RHEL 2.1 / 3 / 4 : mozilla (RHSA-2005:435)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated mozilla packages that fix various security bugs are now
    available.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    [Updated 24 May 2005] This erratum now includes updated devhelp
    packages which are required to satisfy a dependency on systems that
    have devhelp packages installed.
    
    Mozilla is an open source Web browser, advanced email and newsgroup
    client, IRC chat client, and HTML editor.
    
    Several bugs were found in the way Mozilla executes JavaScript code.
    JavaScript executed from a web page should run with a restricted
    access level, preventing dangerous actions. It is possible that a
    malicious web page could execute JavaScript code with elevated
    privileges, allowing access to protected data and functions. The
    Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and
    CVE-2005-1532 to these issues.
    
    Users of Mozilla are advised to upgrade to this updated package, which
    contains Mozilla version 1.7.8 to correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-1476"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-1477"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-1531"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-1532"
      );
      # http://www.mozilla.org/projects/security/known-vulnerabilities.html#
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/known-vulnerabilities/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2005:435"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:devhelp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:devhelp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:galeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-chat");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-js-debugger");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-mail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nss-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/05/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/05/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(2\.1|3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x / 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2005:435";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"galeon-1.2.14-1.2.5")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-1.7.8-1.1.2.1")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-chat-1.7.8-1.1.2.1")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-devel-1.7.8-1.1.2.1")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-dom-inspector-1.7.8-1.1.2.1")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-js-debugger-1.7.8-1.1.2.1")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-mail-1.7.8-1.1.2.1")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nspr-1.7.8-1.1.2.1")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nspr-devel-1.7.8-1.1.2.1")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nss-1.7.8-1.1.2.1")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nss-devel-1.7.8-1.1.2.1")) flag++;
    
      if (rpm_check(release:"RHEL3", reference:"mozilla-1.7.8-1.1.3.1")) flag++;
      if (rpm_check(release:"RHEL3", reference:"mozilla-chat-1.7.8-1.1.3.1")) flag++;
      if (rpm_check(release:"RHEL3", reference:"mozilla-devel-1.7.8-1.1.3.1")) flag++;
      if (rpm_check(release:"RHEL3", reference:"mozilla-dom-inspector-1.7.8-1.1.3.1")) flag++;
      if (rpm_check(release:"RHEL3", reference:"mozilla-js-debugger-1.7.8-1.1.3.1")) flag++;
      if (rpm_check(release:"RHEL3", reference:"mozilla-mail-1.7.8-1.1.3.1")) flag++;
      if (rpm_check(release:"RHEL3", reference:"mozilla-nspr-1.7.8-1.1.3.1")) flag++;
      if (rpm_check(release:"RHEL3", reference:"mozilla-nspr-devel-1.7.8-1.1.3.1")) flag++;
      if (rpm_check(release:"RHEL3", reference:"mozilla-nss-1.7.8-1.1.3.1")) flag++;
      if (rpm_check(release:"RHEL3", reference:"mozilla-nss-devel-1.7.8-1.1.3.1")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"devhelp-0.9.2-2.4.5")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"devhelp-0.9.2-2.4.5")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"devhelp-devel-0.9.2-2.4.5")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"devhelp-devel-0.9.2-2.4.5")) flag++;
      if (rpm_check(release:"RHEL4", reference:"mozilla-1.7.8-1.4.1")) flag++;
      if (rpm_check(release:"RHEL4", reference:"mozilla-chat-1.7.8-1.4.1")) flag++;
      if (rpm_check(release:"RHEL4", reference:"mozilla-devel-1.7.8-1.4.1")) flag++;
      if (rpm_check(release:"RHEL4", reference:"mozilla-dom-inspector-1.7.8-1.4.1")) flag++;
      if (rpm_check(release:"RHEL4", reference:"mozilla-js-debugger-1.7.8-1.4.1")) flag++;
      if (rpm_check(release:"RHEL4", reference:"mozilla-mail-1.7.8-1.4.1")) flag++;
      if (rpm_check(release:"RHEL4", reference:"mozilla-nspr-1.7.8-1.4.1")) flag++;
      if (rpm_check(release:"RHEL4", reference:"mozilla-nspr-devel-1.7.8-1.4.1")) flag++;
      if (rpm_check(release:"RHEL4", reference:"mozilla-nss-1.7.8-1.4.1")) flag++;
      if (rpm_check(release:"RHEL4", reference:"mozilla-nss-devel-1.7.8-1.4.1")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "devhelp / devhelp-devel / galeon / mozilla / mozilla-chat / etc");
      }
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-134-1.NASL
    descriptionIt was discovered that a malicious website could inject arbitrary scripts into a target site by loading it into a frame and navigating back to a previous JavaScript URL that contained an eval() call. This could be used to steal cookies or other confidential data from the target site. If the target site is allowed to raise the install confirmation dialog in Firefox then this flaw even allowed the malicious site to execute arbitrary code with the privileges of the Firefox user. By default only the Mozilla Update site is allowed to attempt software installation; however, users can permit this for additional sites. (MFSA 2005-42) Michael Krax, Georgi Guninski, and L. David Baron found that the security checks that prevent script injection could be bypassed by wrapping a javascript: url in another pseudo-protocol like
    last seen2020-06-01
    modified2020-06-02
    plugin id20525
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20525
    titleUbuntu 5.04 : mozilla-firefox vulnerabilities (USN-134-1)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-134-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(20525);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:33:00");
    
      script_cve_id("CVE-2005-1160", "CVE-2005-1531", "CVE-2005-1532");
      script_xref(name:"USN", value:"134-1");
    
      script_name(english:"Ubuntu 5.04 : mozilla-firefox vulnerabilities (USN-134-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that a malicious website could inject arbitrary
    scripts into a target site by loading it into a frame and navigating
    back to a previous JavaScript URL that contained an eval() call. This
    could be used to steal cookies or other confidential data from the
    target site. If the target site is allowed to raise the install
    confirmation dialog in Firefox then this flaw even allowed the
    malicious site to execute arbitrary code with the privileges of the
    Firefox user. By default only the Mozilla Update site is allowed to
    attempt software installation; however, users can permit this for
    additional sites. (MFSA 2005-42)
    
    Michael Krax, Georgi Guninski, and L. David Baron found that the
    security checks that prevent script injection could be bypassed by
    wrapping a javascript: url in another pseudo-protocol like
    'view-source:' or 'jar:'. (CAN-2005-1531)
    
    A variant of the attack described in CAN-2005-1160 (see USN-124-1) was
    discovered. Additional checks were added to make sure JavaScript eval
    and Script objects are run with the privileges of the context that
    created them, not the potentially elevated privilege of the context
    calling them. (CAN-2005-1532)
    
    Note: These flaws also apply to Ubuntu 5.04's Mozilla, and to the
    Ubuntu 4.10 versions of Firefox and Mozilla. These will be fixed soon.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-gnome-support");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/05/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(5\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 5.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"5.04", pkgname:"mozilla-firefox", pkgver:"1.0.2-0ubuntu5.3")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"mozilla-firefox-dev", pkgver:"1.0.2-0ubuntu5.3")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"mozilla-firefox-dom-inspector", pkgver:"1.0.2-0ubuntu5.3")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"mozilla-firefox-gnome-support", pkgver:"1.0.2-0ubuntu5.3")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mozilla-firefox / mozilla-firefox-dev / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2005_030.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2005:030 (MozillaFirefox). This update upgrades Mozilla Firefox to version 1.0.4, fixing the following security problems: MFSA 2005-42: A problem in the install confirmation dialog together with a bad fix for MFSA 2005-41 allowed a remote attacker to execute arbitrary code with the help of a cross site scripting problem on the Mozilla website. The Mozilla website has been fixed so this is no real problem anymore. MFSA 2005-43/CVE-2005-1531: By causing a frame to navigate back to a previous javascript: URL an attacker can inject script into the forward site. This site can be controlled by the attacker allowing them to steal cookies or sensitive data from that page or to perform actions on behalf of that user. MFSA 2005-44/CVE-2005-1532: A variant of MFSA 2005-41 overrides properties on a non-DOM node and then substitutes that object for one chrome script will access. Most examples involved the attacker synthesizing an event targeted at a non-DOM node, and overriding standard DOM node properties such as type with references to eval() calls or Script() objects. The MFSA-2005-43 and MFSA-2005-44 flaws also affect the Mozilla Suite browsers. We are working on updates for those. Updated packages were already released on May 20th. We wanted to postpone the advisory until we have fixed packages for the Mozilla Suite, but these will take some more time.
    last seen2019-10-28
    modified2005-06-10
    plugin id18463
    published2005-06-10
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18463
    titleSUSE-SA:2005:030: MozillaFirefox
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:030
    #
    
    
    if ( ! defined_func("bn_random") ) exit(0);
    
    include("compat.inc");
    
    if(description)
    {
     script_id(18463);
     script_version ("1.8");
     
     name["english"] = "SUSE-SA:2005:030: MozillaFirefox";
     
     script_name(english:name["english"]);
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a vendor-supplied security patch" );
     script_set_attribute(attribute:"description", value:
    "The remote host is missing the patch for the advisory SUSE-SA:2005:030 (MozillaFirefox).
    
    
    This update upgrades Mozilla Firefox to version 1.0.4, fixing the
    following security problems:
    
    MFSA 2005-42:
    A problem in the install confirmation dialog together with a bad fix
    for MFSA 2005-41 allowed a remote attacker to execute arbitrary code
    with the help of a cross site scripting problem on the Mozilla website.
    
    The Mozilla website has been fixed so this is no real problem anymore.
    
    MFSA 2005-43/CVE-2005-1531:
    By causing a frame to navigate back to a previous javascript: URL an
    attacker can inject script into the forward site. This site can be
    controlled by the attacker allowing them to steal cookies or sensitive
    data from that page or to perform actions on behalf of that user.
    
    MFSA 2005-44/CVE-2005-1532:
    A variant of MFSA 2005-41 overrides properties on a non-DOM node and
    then substitutes that object for one chrome script will access. Most
    examples involved the attacker synthesizing an event targeted at a
    non-DOM node, and overriding standard DOM node properties such as
    type with references to eval() calls or Script() objects.
    
    The MFSA-2005-43 and MFSA-2005-44 flaws also affect the Mozilla
    Suite browsers. We are working on updates for those.
    
    Updated packages were already released on May 20th. We wanted to
    postpone the advisory until we have fixed packages for the Mozilla
    Suite, but these will take some more time." );
     script_set_attribute(attribute:"solution", value:
    "http://www.suse.de/security/advisories/2005_30_mozilla_firefox.html" );
     script_set_attribute(attribute:"risk_factor", value:"High" );
    
    
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2005/06/10");
     script_end_attributes();
    
     
     summary["english"] = "Check for the version of the MozillaFirefox package";
     script_summary(english:summary["english"]);
     
     script_category(ACT_GATHER_INFO);
     
     script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
     family["english"] = "SuSE Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/SuSE/rpm-list");
     exit(0);
    }
    
    include("rpm.inc");
    if ( rpm_check( reference:"MozillaFirebird-1.0.4-2", release:"SUSE9.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"MozillaFirefox-1.0.4-0.3", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"MozillaFirefox-1.0.4-1.1", release:"SUSE9.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"MozillaFirefox-1.0.4-1.1", release:"SUSE9.3") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"MozillaFirefox-translations-1.0.4-1.1", release:"SUSE9.3") )
    {
     security_hole(0);
     exit(0);
    }
    
  • NASL familyWindows
    NASL idMOZILLA_178.NASL
    descriptionThe remote version of Mozilla contains various security issues that may allow an attacker to execute arbitrary code on the remote host.
    last seen2020-06-01
    modified2020-06-02
    plugin id18244
    published2005-05-12
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18244
    titleMozilla Browser < 1.7.8 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    include("compat.inc");
    
    if(description)
    {
     script_id(18244);
     script_version("1.28");
    
     script_cve_id(
       "CVE-2005-1476", 
       "CVE-2005-1477", 
       "CVE-2005-1531", 
       "CVE-2005-1532"
     );
     script_bugtraq_id(13544, 13641, 13645);
    
     script_name(english:"Mozilla Browser < 1.7.8 Multiple Vulnerabilities");
     
     script_set_attribute(attribute:"synopsis", value:
    "A web browser installed on the remote host contains multiple
    vulnerabilities." );
     script_set_attribute(attribute:"description", value:
    "The remote version of Mozilla contains various security issues that
    may allow an attacker to execute arbitrary code on the remote host." );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2005-43/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2005-44/" );
     script_set_attribute(attribute:"solution", value:
    "Upgrade to Mozilla 1.7.8 or later." );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2005/05/12");
     script_set_attribute(attribute:"vuln_publication_date", value: "2005/05/07");
     script_set_attribute(attribute:"patch_publication_date", value: "2005/05/11");
     script_cvs_date("Date: 2018/07/16 14:09:14");
    script_set_attribute(attribute:"plugin_type", value:"local");
    script_set_attribute(attribute:"cpe",value:"cpe:/a:mozilla:mozilla");
    script_end_attributes();
    
     script_summary(english:"Determines the version of Mozilla");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
     script_family(english:"Windows");
     script_dependencies("mozilla_org_installed.nasl");
     script_require_keys("Mozilla/Version");
     exit(0);
    }
    
    #
    
    include("misc_func.inc");
    
    
    ver = read_version_in_kb("Mozilla/Version");
    if (isnull(ver)) exit(0);
    
    if (
      ver[0] < 1 ||
      (
        ver[0] == 1 &&
        (
          ver[1] < 7 ||
          (ver[1] == 7 && ver[2] < 8)
        )
      )
    ) security_hole(get_kb_item("SMB/transport"));
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-149-3.NASL
    descriptionUSN-149-1 fixed some vulnerabilities in the Ubuntu 5.04 (Hoary Hedgehog) version of Firefox. The version shipped with Ubuntu 4.10 (Warty Warthog) is also vulnerable to these flaws, so it needs to be upgraded as well. Please see http://www.ubuntulinux.org/support/documentation/usn/usn-149-1 for the original advisory. This update also fixes several older vulnerabilities; Some of them could be exploited to execute arbitrary code with full user privileges if the user visited a malicious website. (MFSA-2005-01 to MFSA-2005-44; please see the following website for details: http://www.mozilla.org/projects/security/known-vulnerabilities.html) Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20546
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2018 Canonical, Inc. / NASL script (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20546
    titleUbuntu 4.10 : mozilla-firefox vulnerabilities (USN-149-3)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-149-3. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(20546);
      script_version("1.21");
      script_cvs_date("Date: 2019/08/02 13:33:00");
    
      script_cve_id("CVE-2004-1156", "CVE-2004-1381", "CVE-2005-0141", "CVE-2005-0142", "CVE-2005-0143", "CVE-2005-0144", "CVE-2005-0145", "CVE-2005-0146", "CVE-2005-0147", "CVE-2005-0150", "CVE-2005-0230", "CVE-2005-0231", "CVE-2005-0232", "CVE-2005-0233", "CVE-2005-0255", "CVE-2005-0399", "CVE-2005-0401", "CVE-2005-0402", "CVE-2005-0578", "CVE-2005-0584", "CVE-2005-0585", "CVE-2005-0586", "CVE-2005-0587", "CVE-2005-0588", "CVE-2005-0589", "CVE-2005-0590", "CVE-2005-0591", "CVE-2005-0592", "CVE-2005-0593", "CVE-2005-0752", "CVE-2005-0989", "CVE-2005-1153", "CVE-2005-1154", "CVE-2005-1155", "CVE-2005-1156", "CVE-2005-1157", "CVE-2005-1158", "CVE-2005-1159", "CVE-2005-1160", "CVE-2005-1531", "CVE-2005-1532", "CVE-2005-1937", "CVE-2005-2260", "CVE-2005-2261", "CVE-2005-2262", "CVE-2005-2263", "CVE-2005-2264", "CVE-2005-2265", "CVE-2005-2266", "CVE-2005-2267", "CVE-2005-2268", "CVE-2005-2269", "CVE-2005-2270");
      script_xref(name:"USN", value:"149-3");
    
      script_name(english:"Ubuntu 4.10 : mozilla-firefox vulnerabilities (USN-149-3)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-149-1 fixed some vulnerabilities in the Ubuntu 5.04 (Hoary
    Hedgehog) version of Firefox. The version shipped with Ubuntu 4.10
    (Warty Warthog) is also vulnerable to these flaws, so it needs to be
    upgraded as well. Please see
    
    http://www.ubuntulinux.org/support/documentation/usn/usn-149-1
    
    for the original advisory.
    
    This update also fixes several older vulnerabilities; Some of them
    could be exploited to execute arbitrary code with full user privileges
    if the user visited a malicious website. (MFSA-2005-01 to
    MFSA-2005-44; please see the following website for details:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Mozilla Suite/Firefox compareTo() Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-locale-ca");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-locale-de");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-locale-es");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-locale-fr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-locale-it");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-locale-ja");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-locale-nb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-locale-pl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-locale-tr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-locale-uk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/07/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2005-2018 Canonical, Inc. / NASL script (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(4\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"4.10", pkgname:"mozilla-firefox", pkgver:"1.0.6-0ubuntu0.0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"mozilla-firefox-dom-inspector", pkgver:"1.0.6-0ubuntu0.0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"mozilla-firefox-locale-ca", pkgver:"1.0-0ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"mozilla-firefox-locale-de", pkgver:"1.0-0ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"mozilla-firefox-locale-es", pkgver:"1.0-0ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"mozilla-firefox-locale-fr", pkgver:"1.0-0ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"mozilla-firefox-locale-it", pkgver:"1.0-0ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"mozilla-firefox-locale-ja", pkgver:"1.0-0ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"mozilla-firefox-locale-nb", pkgver:"1.0-0ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"mozilla-firefox-locale-pl", pkgver:"1.0-0ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"mozilla-firefox-locale-tr", pkgver:"1.0-0ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"mozilla-firefox-locale-uk", pkgver:"1.0-0ubuntu0.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mozilla-firefox / mozilla-firefox-dom-inspector / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-434.NASL
    descriptionUpdated firefox packages that fix various security bugs are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several bugs were found in the way Firefox executes JavaScript code. JavaScript executed from a web page should run with a restricted access level, preventing dangerous actions. It is possible that a malicious web page could execute JavaScript code with elevated privileges, allowing access to protected data and functions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and CVE-2005-1532 to these issues. Please note that the effects of CVE-2005-1477 are mitigated by the default setup, which allows only the Mozilla Update site to attempt installation of Firefox extensions. The Mozilla Update site has been modified to prevent this attack from working. If other URLs have been manually added to the whitelist, it may be possible to execute this attack. Users of Firefox are advised to upgrade to this updated package which contains Firefox version 1.0.4 which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id18387
    published2005-05-28
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18387
    titleRHEL 4 : firefox (RHSA-2005:434)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2005:434. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(18387);
      script_version ("1.28");
      script_cvs_date("Date: 2019/10/25 13:36:11");
    
      script_cve_id("CVE-2005-1476", "CVE-2005-1477", "CVE-2005-1531", "CVE-2005-1532");
      script_xref(name:"RHSA", value:"2005:434");
    
      script_name(english:"RHEL 4 : firefox (RHSA-2005:434)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated firefox packages that fix various security bugs are now
    available.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    Mozilla Firefox is an open source Web browser.
    
    Several bugs were found in the way Firefox executes JavaScript code.
    JavaScript executed from a web page should run with a restricted
    access level, preventing dangerous actions. It is possible that a
    malicious web page could execute JavaScript code with elevated
    privileges, allowing access to protected data and functions. The
    Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and
    CVE-2005-1532 to these issues.
    
    Please note that the effects of CVE-2005-1477 are mitigated by the
    default setup, which allows only the Mozilla Update site to attempt
    installation of Firefox extensions. The Mozilla Update site has been
    modified to prevent this attack from working. If other URLs have been
    manually added to the whitelist, it may be possible to execute this
    attack.
    
    Users of Firefox are advised to upgrade to this updated package which
    contains Firefox version 1.0.4 which is not vulnerable to these
    issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-1476"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-1477"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-1531"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-1532"
      );
      # http://www.mozilla.org/projects/security/known-vulnerabilities.html#
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/known-vulnerabilities/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2005:434"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/05/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/05/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2005:434";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", reference:"firefox-1.0.4-1.4.1")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
      }
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-435.NASL
    descriptionUpdated mozilla packages that fix various security bugs are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 24 May 2005] This erratum now includes updated devhelp packages which are required to satisfy a dependency on systems that have devhelp packages installed. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several bugs were found in the way Mozilla executes JavaScript code. JavaScript executed from a web page should run with a restricted access level, preventing dangerous actions. It is possible that a malicious web page could execute JavaScript code with elevated privileges, allowing access to protected data and functions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and CVE-2005-1532 to these issues. Users of Mozilla are advised to upgrade to this updated package, which contains Mozilla version 1.7.8 to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id21827
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21827
    titleCentOS 3 / 4 : mozilla (CESA-2005:435)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2005:435 and 
    # CentOS Errata and Security Advisory 2005:435 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21827);
      script_version("1.23");
      script_cvs_date("Date: 2019/10/25 13:36:02");
    
      script_cve_id("CVE-2005-1476", "CVE-2005-1477", "CVE-2005-1531", "CVE-2005-1532");
      script_xref(name:"RHSA", value:"2005:435");
    
      script_name(english:"CentOS 3 / 4 : mozilla (CESA-2005:435)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated mozilla packages that fix various security bugs are now
    available.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    [Updated 24 May 2005] This erratum now includes updated devhelp
    packages which are required to satisfy a dependency on systems that
    have devhelp packages installed.
    
    Mozilla is an open source Web browser, advanced email and newsgroup
    client, IRC chat client, and HTML editor.
    
    Several bugs were found in the way Mozilla executes JavaScript code.
    JavaScript executed from a web page should run with a restricted
    access level, preventing dangerous actions. It is possible that a
    malicious web page could execute JavaScript code with elevated
    privileges, allowing access to protected data and functions. The
    Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and
    CVE-2005-1532 to these issues.
    
    Users of Mozilla are advised to upgrade to this updated package, which
    contains Mozilla version 1.7.8 to correct these issues."
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-May/011738.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?355b36ce"
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-May/011739.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ad1530b3"
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-May/011743.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?408c0c61"
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-May/011744.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ff2a9392"
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-May/011750.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2fb16e5d"
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-May/011751.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?08b8ff13"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mozilla packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:devhelp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:devhelp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla-chat");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla-js-debugger");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla-mail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla-nspr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla-nspr-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla-nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mozilla-nss-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/05/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-3", reference:"mozilla-1.7.8-1.1.3.1.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"mozilla-chat-1.7.8-1.1.3.1.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"mozilla-devel-1.7.8-1.1.3.1.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"mozilla-dom-inspector-1.7.8-1.1.3.1.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"mozilla-js-debugger-1.7.8-1.1.3.1.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"mozilla-mail-1.7.8-1.1.3.1.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"mozilla-nspr-1.7.8-1.1.3.1.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"mozilla-nspr-devel-1.7.8-1.1.3.1.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"mozilla-nss-1.7.8-1.1.3.1.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"mozilla-nss-devel-1.7.8-1.1.3.1.centos3")) flag++;
    
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"devhelp-0.9.2-2.4.4.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"devhelp-0.9.2-2.4.4.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"devhelp-devel-0.9.2-2.4.4.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"devhelp-devel-0.9.2-2.4.4.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"mozilla-1.7.8-1.4.1.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"mozilla-chat-1.7.8-1.4.1.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"mozilla-devel-1.7.8-1.4.1.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"mozilla-dom-inspector-1.7.8-1.4.1.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"mozilla-js-debugger-1.7.8-1.4.1.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"mozilla-mail-1.7.8-1.4.1.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"mozilla-nspr-1.7.8-1.4.1.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"mozilla-nspr-devel-1.7.8-1.4.1.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"mozilla-nss-1.7.8-1.4.1.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"mozilla-nss-devel-1.7.8-1.4.1.centos4")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "devhelp / devhelp-devel / mozilla / mozilla-chat / mozilla-devel / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-155-1.NASL
    descriptionSecunia.com reported that one of the recent security patches in Firefox reintroduced the frame injection patch that was originally known as CAN-2004-0718. This allowed a malicious website to spoof the contents of other websites. (CAN-2005-1937) It was discovered that a malicious website could inject arbitrary scripts into a target site by loading it into a frame and navigating back to a previous JavaScript URL that contained an eval() call. This could be used to steal cookies or other confidential data from the target site. (MFSA 2005-42) Michael Krax, Georgi Guninski, and L. David Baron found that the security checks that prevent script injection could be bypassed by wrapping a javascript: url in another pseudo-protocol like
    last seen2020-06-01
    modified2020-06-02
    plugin id20556
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2018 Canonical, Inc. / NASL script (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20556
    titleUbuntu 4.10 / 5.04 : mozilla vulnerabilities (USN-155-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-155-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(20556);
      script_version("1.21");
      script_cvs_date("Date: 2019/08/02 13:33:00");
    
      script_cve_id("CVE-2004-0718", "CVE-2005-1160", "CVE-2005-1531", "CVE-2005-1532", "CVE-2005-1937", "CVE-2005-2260", "CVE-2005-2261", "CVE-2005-2263", "CVE-2005-2265", "CVE-2005-2266", "CVE-2005-2268", "CVE-2005-2269", "CVE-2005-2270");
      script_xref(name:"USN", value:"155-1");
    
      script_name(english:"Ubuntu 4.10 / 5.04 : mozilla vulnerabilities (USN-155-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Secunia.com reported that one of the recent security patches in
    Firefox reintroduced the frame injection patch that was originally
    known as CAN-2004-0718. This allowed a malicious website to spoof the
    contents of other websites. (CAN-2005-1937)
    
    It was discovered that a malicious website could inject arbitrary
    scripts into a target site by loading it into a frame and navigating
    back to a previous JavaScript URL that contained an eval() call. This
    could be used to steal cookies or other confidential data from the
    target site. (MFSA 2005-42)
    
    Michael Krax, Georgi Guninski, and L. David Baron found that the
    security checks that prevent script injection could be bypassed by
    wrapping a javascript: url in another pseudo-protocol like
    'view-source:' or 'jar:'. (CAN-2005-1531)
    
    A variant of the attack described in CAN-2005-1160 (see USN-124-1) was
    discovered. Additional checks were added to make sure JavaScript eval
    and script objects are run with the privileges of the context that
    created them, not the potentially elevated privilege of the context
    calling them. (CAN-2005-1532)
    
    In several places the browser user interface did not correctly
    distinguish between true user events, such as mouse clicks or
    keystrokes, and synthetic events genenerated by web content. This
    could be exploited by malicious websites to generate e. g. mouse
    clicks that install malicious plugins. Synthetic events are now
    prevented from reaching the browser UI entirely. (CAN-2005-2260)
    
    Scripts in XBL controls from web content continued to be run even when
    JavaScript was disabled. This could be combined with most script-based
    exploits to attack people running vulnerable versions who thought
    disabling JavaScript would protect them. (CAN-2005-2261)
    
    Matthew Mastracci discovered a flaw in the addons installation
    launcher. By forcing a page navigation immediately after calling the
    install method a callback function could end up running in the context
    of the new page selected by the attacker. This callback script could
    steal data from the new page such as cookies or passwords, or perform
    actions on the user's behalf such as make a purchase if the user is
    already logged into the target site. However, the default settings
    allow only http://addons.mozilla.org to bring up this install dialog.
    This could only be exploited if users have added untrustworthy sites
    to the installation whitelist, and if a malicious site can convince
    you to install from their site. (CAN-2005-2263)
    
    The function for version comparison in the addons installer did not
    properly verify the type of its argument. By passing specially crafted
    JavaScript objects to it, a malicious website could crash the browser
    and possibly even execute arbitrary code with the privilege of the
    user account Firefox runs in. (CAN-2005-2265)
    
    A child frame can call top.focus() even if the framing page comes from
    a different origin and has overridden the focus() routine. Andreas
    Sandblad discovered that the call is made in the context of the child
    frame. This could be exploited to steal cookies and passwords from the
    framed page, or take actions on behalf of a signed-in user. However,
    websites with above properties are not very common. (CAN-2005-2266)
    
    Alerts and prompts created by scripts in web pages were presented with
    the generic title [Javascript Application] which sometimes made it
    difficult to know which site created them. A malicious page could
    exploit this by causing a prompt to appear in front of a trusted site
    in an attempt to extract information such as passwords from the user.
    In the fixed version these prompts contain the hostname of the page
    which created it. (CAN-2005-2268)
    
    The XHTML DOM node handler did not take namespaces into account when
    verifying node types based on their names. For example, an XHTML
    document could contain an <IMG> tag with malicious contents, which
    would then be processed as the standard trusted HTML <img> tag. By
    tricking an user to view malicious websites, this could be exploited
    to execute attacker-specified code with the full privileges of the
    user. (CAN-2005-2269)
    
    It was discovered that some objects were not created appropriately.
    This allowed malicious web content scripts to trace back the creation
    chain until they found a privileged object and execute code with
    higher privileges than allowed by the current site. (CAN-2005-2270)
    
    The update for Ubuntu 4.10 (Warty Warthog) also fixes several
    vulnerabilities which are not present in the Ubuntu 5.04 version. Some
    of them could be exploited to execute arbitrary code with full user
    privileges if the user visited a malicious website. (MFSA-2005-01 to
    MFSA-2005-41; please see the following website for details:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html).
    We apologize for the huge delay of this update; we changed our update
    strategy for Mozilla products to make sure that such long delays will
    not happen again.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Mozilla Suite/Firefox compareTo() Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnspr-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnspr4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-browser");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-calendar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-chatzilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-js-debugger");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-mailnews");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-psm");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/07/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2005-2018 Canonical, Inc. / NASL script (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(4\.10|5\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10 / 5.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"4.10", pkgname:"libnspr-dev", pkgver:"1.7.10-0ubuntu04.10")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"libnspr4", pkgver:"1.7.10-0ubuntu04.10")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"libnss-dev", pkgver:"1.7.10-0ubuntu04.10")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"libnss3", pkgver:"1.7.10-0ubuntu04.10")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"mozilla", pkgver:"1.7.10-0ubuntu04.10")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"mozilla-browser", pkgver:"1.7.10-0ubuntu04.10")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"mozilla-calendar", pkgver:"1.7.10-0ubuntu04.10")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"mozilla-chatzilla", pkgver:"1.7.10-0ubuntu04.10")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"mozilla-dev", pkgver:"1.7.10-0ubuntu04.10")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"mozilla-dom-inspector", pkgver:"1.7.10-0ubuntu04.10")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"mozilla-js-debugger", pkgver:"1.7.10-0ubuntu04.10")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"mozilla-mailnews", pkgver:"1.7.10-0ubuntu04.10")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"mozilla-psm", pkgver:"1.7.10-0ubuntu04.10")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"libnspr-dev", pkgver:"1.7.10-0ubuntu05.04")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"libnspr4", pkgver:"1.7.10-0ubuntu05.04")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"libnss-dev", pkgver:"1.7.10-0ubuntu05.04")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"libnss3", pkgver:"1.7.10-0ubuntu05.04")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"mozilla", pkgver:"1.7.10-0ubuntu05.04")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"mozilla-browser", pkgver:"1.7.10-0ubuntu05.04")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"mozilla-calendar", pkgver:"1.7.10-0ubuntu05.04")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"mozilla-chatzilla", pkgver:"1.7.10-0ubuntu05.04")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"mozilla-dev", pkgver:"1.7.10-0ubuntu05.04")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"mozilla-dom-inspector", pkgver:"1.7.10-0ubuntu05.04")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"mozilla-js-debugger", pkgver:"1.7.10-0ubuntu05.04")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"mozilla-mailnews", pkgver:"1.7.10-0ubuntu05.04")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"mozilla-psm", pkgver:"1.7.10-0ubuntu05.04")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libnspr-dev / libnspr4 / libnss-dev / libnss3 / mozilla / etc");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-434.NASL
    descriptionUpdated firefox packages that fix various security bugs are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several bugs were found in the way Firefox executes JavaScript code. JavaScript executed from a web page should run with a restricted access level, preventing dangerous actions. It is possible that a malicious web page could execute JavaScript code with elevated privileges, allowing access to protected data and functions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and CVE-2005-1532 to these issues. Please note that the effects of CVE-2005-1477 are mitigated by the default setup, which allows only the Mozilla Update site to attempt installation of Firefox extensions. The Mozilla Update site has been modified to prevent this attack from working. If other URLs have been manually added to the whitelist, it may be possible to execute this attack. Users of Firefox are advised to upgrade to this updated package which contains Firefox version 1.0.4 which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id21939
    published2006-07-05
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21939
    titleCentOS 4 : firefox (CESA-2005:434)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2005:434 and 
    # CentOS Errata and Security Advisory 2005:434 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21939);
      script_version("1.21");
      script_cvs_date("Date: 2019/10/25 13:36:02");
    
      script_cve_id("CVE-2005-1476", "CVE-2005-1477", "CVE-2005-1531", "CVE-2005-1532");
      script_xref(name:"RHSA", value:"2005:434");
    
      script_name(english:"CentOS 4 : firefox (CESA-2005:434)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated firefox packages that fix various security bugs are now
    available.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    Mozilla Firefox is an open source Web browser.
    
    Several bugs were found in the way Firefox executes JavaScript code.
    JavaScript executed from a web page should run with a restricted
    access level, preventing dangerous actions. It is possible that a
    malicious web page could execute JavaScript code with elevated
    privileges, allowing access to protected data and functions. The
    Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and
    CVE-2005-1532 to these issues.
    
    Please note that the effects of CVE-2005-1477 are mitigated by the
    default setup, which allows only the Mozilla Update site to attempt
    installation of Firefox extensions. The Mozilla Update site has been
    modified to prevent this attack from working. If other URLs have been
    manually added to the whitelist, it may be possible to execute this
    attack.
    
    Users of Firefox are advised to upgrade to this updated package which
    contains Firefox version 1.0.4 which is not vulnerable to these
    issues."
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-May/011737.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?017d4f4c"
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-May/011741.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2457c37c"
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-May/011742.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?570c7fad"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:firefox");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/05/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-4", reference:"firefox-1.0.4-1.4.1.centos4")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
    }
    

Oval

  • accepted2007-03-21T16:16:23.920-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameMatthew Wojcik
      organizationThe MITRE Corporation
    • nameMatthew Wojcik
      organizationThe MITRE Corporation
    • nameAnna Min
      organizationBigFix, Inc
    • nameDaniel Tarnu
      organizationGFI Software
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameJonathan Baker
      organizationThe MITRE Corporation
    descriptionFirefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."
    familywindows
    idoval:org.mitre.oval:def:100015
    statusaccepted
    submitted2005-08-16T04:00:00.000-04:00
    titleMozilla JavaScript Wrapping Vulnerability
    version6
  • accepted2013-04-29T04:04:54.204-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    descriptionFirefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."
    familyunix
    idoval:org.mitre.oval:def:10351
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleFirefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."
    version26

Redhat

advisories
  • rhsa
    idRHSA-2005:434
  • rhsa
    idRHSA-2005:435
rpms
  • firefox-0:1.0.4-1.4.1
  • firefox-debuginfo-0:1.0.4-1.4.1
  • devhelp-0:0.9.2-2.4.5
  • devhelp-debuginfo-0:0.9.2-2.4.5
  • devhelp-devel-0:0.9.2-2.4.5