Vulnerabilities > CVE-2006-2785 - Unspecified vulnerability in Mozilla Firefox

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
mozilla
nessus

Summary

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascript URL.

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0609.NASL
    descriptionUpdated SeaMonkey packages that fix several security bugs in the mozilla package are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. The Mozilla Foundation has discontinued support for the Mozilla Suite. This update deprecates the Mozilla Suite in Red Hat Enterprise Linux 4 in favor of the supported SeaMonkey Suite. This update also resolves a number of outstanding Mozilla security issues : Several flaws were found in the way SeaMonkey processed certain JavaScript actions. A malicious web page could execute arbitrary JavaScript instructions with the permissions of
    last seen2020-06-01
    modified2020-06-02
    plugin id22163
    published2006-08-07
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22163
    titleCentOS 4 : seamonkey (CESA-2006:0609)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0609 and 
    # CentOS Errata and Security Advisory 2006:0609 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22163);
      script_version("1.23");
      script_cvs_date("Date: 2019/10/25 13:36:03");
    
      script_cve_id("CVE-2006-2776", "CVE-2006-2778", "CVE-2006-2779", "CVE-2006-2780", "CVE-2006-2781", "CVE-2006-2782", "CVE-2006-2783", "CVE-2006-2784", "CVE-2006-2785", "CVE-2006-2786", "CVE-2006-2787", "CVE-2006-2788", "CVE-2006-3113", "CVE-2006-3677", "CVE-2006-3801", "CVE-2006-3802", "CVE-2006-3803", "CVE-2006-3804", "CVE-2006-3805", "CVE-2006-3806", "CVE-2006-3807", "CVE-2006-3808", "CVE-2006-3809", "CVE-2006-3810", "CVE-2006-3811", "CVE-2006-3812");
      script_xref(name:"RHSA", value:"2006:0609");
    
      script_name(english:"CentOS 4 : seamonkey (CESA-2006:0609)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated SeaMonkey packages that fix several security bugs in the
    mozilla package are now available for Red Hat Enterprise Linux 4.
    
    This update has been rated as having critical security impact by the
    Red Hat Security Response Team.
    
    SeaMonkey is an open source Web browser, advanced email and newsgroup
    client, IRC chat client, and HTML editor.
    
    The Mozilla Foundation has discontinued support for the Mozilla Suite.
    This update deprecates the Mozilla Suite in Red Hat Enterprise Linux 4
    in favor of the supported SeaMonkey Suite.
    
    This update also resolves a number of outstanding Mozilla security
    issues :
    
    Several flaws were found in the way SeaMonkey processed certain
    JavaScript actions. A malicious web page could execute arbitrary
    JavaScript instructions with the permissions of 'chrome', allowing the
    page to steal sensitive information or install browser malware.
    (CVE-2006-2776, CVE-2006-2784, CVE-2006-2785, CVE-2006-2787,
    CVE-2006-3807, CVE-2006-3809, CVE-2006-3812)
    
    Several denial of service flaws were found in the way SeaMonkey
    processed certain web content. A malicious web page could crash the
    browser or possibly execute arbitrary code as the user running
    SeaMonkey. (CVE-2006-2779, CVE-2006-2780, CVE-2006-3801,
    CVE-2006-3677, CVE-2006-3113, CVE-2006-3803, CVE-2006-3805,
    CVE-2006-3806, CVE-2006-3811)
    
    Two flaws were found in the way SeaMonkey-mail displayed malformed
    inline vcard attachments. If a victim viewed an email message
    containing a carefully crafted vcard it was possible to execute
    arbitrary code as the user running Mozilla-mail. (CVE-2006-2781,
    CVE-2006-3804)
    
    A cross-site scripting flaw was found in the way SeaMonkey processed
    Unicode Byte-Order-Mark (BOM) markers in UTF-8 web pages. A malicious
    web page could execute a script within the browser that a web input
    sanitizer could miss due to a malformed 'script' tag. (CVE-2006-2783)
    
    Several flaws were found in the way SeaMonkey processed certain
    JavaScript actions. A malicious web page could conduct a cross-site
    scripting attack or steal sensitive information (such as cookies owned
    by other domains). (CVE-2006-3802, CVE-2006-3810)
    
    A form file upload flaw was found in the way SeaMonkey handled
    JavaScript input object mutation. A malicious web page could upload an
    arbitrary local file at form submission time without user interaction.
    (CVE-2006-2782)
    
    A denial of service flaw was found in the way SeaMonkey called the
    crypto.signText() JavaScript function. A malicious web page could
    crash the browser if the victim had a client certificate loaded.
    (CVE-2006-2778)
    
    Two HTTP response smuggling flaws were found in the way SeaMonkey
    processed certain invalid HTTP response headers. A malicious website
    could return specially crafted HTTP response headers which may bypass
    HTTP proxy restrictions. (CVE-2006-2786)
    
    A flaw was found in the way SeaMonkey processed Proxy AutoConfig
    scripts. A malicious Proxy AutoConfig server could execute arbitrary
    JavaScript instructions with the permissions of 'chrome', allowing the
    page to steal sensitive information or install browser malware.
    (CVE-2006-3808)
    
    A double free flaw was found in the way the nsIX509::getRawDER method
    was called. If a victim visited a carefully crafted web page, it was
    possible to execute arbitrary code as the user running Mozilla.
    (CVE-2006-2788)
    
    Users of Mozilla are advised to upgrade to this update, which contains
    SeaMonkey version 1.0.3 that corrects these issues."
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-August/013116.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?328dac8f"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-August/013117.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5187bc75"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-August/013126.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c986fe5f"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected seamonkey packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Mozilla Suite/Firefox Navigator Object Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(20, 94, 119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:devhelp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:devhelp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-chat");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-js-debugger");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-mail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nspr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nspr-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nss-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/08/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/08/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"devhelp-0.10-0.2.el4")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"devhelp-0.10-0.2.el4")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"devhelp-devel-0.10-0.2.el4")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"devhelp-devel-0.10-0.2.el4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-1.0.3-0.el4.1.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-chat-1.0.3-0.el4.1.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-devel-1.0.3-0.el4.1.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-dom-inspector-1.0.3-0.el4.1.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-js-debugger-1.0.3-0.el4.1.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-mail-1.0.3-0.el4.1.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-nspr-1.0.3-0.el4.1.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-nspr-devel-1.0.3-0.el4.1.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-nss-1.0.3-0.el4.1.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-nss-devel-1.0.3-0.el4.1.centos4")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "devhelp / devhelp-devel / seamonkey / seamonkey-chat / etc");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0610.NASL
    descriptionUpdated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. The Mozilla Foundation has discontinued support for the Mozilla Firefox 1.0 branch. This update deprecates the Mozilla Firefox 1.0 branch in Red Hat Enterprise Linux 4 in favor of the supported Mozilla Firefox 1.5 branch. This update also resolves a number of outstanding Firefox security issues : Several flaws were found in the way Firefox processed certain JavaScript actions. A malicious web page could execute arbitrary JavaScript instructions with the permissions of
    last seen2020-06-01
    modified2020-06-02
    plugin id22137
    published2006-08-04
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22137
    titleCentOS 4 : Firefox (CESA-2006:0610)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0610 and 
    # CentOS Errata and Security Advisory 2006:0610 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22137);
      script_version("1.22");
      script_cvs_date("Date: 2019/10/25 13:36:03");
    
      script_cve_id("CVE-2006-2776", "CVE-2006-2778", "CVE-2006-2779", "CVE-2006-2780", "CVE-2006-2782", "CVE-2006-2783", "CVE-2006-2784", "CVE-2006-2785", "CVE-2006-2786", "CVE-2006-2787", "CVE-2006-2788", "CVE-2006-3113", "CVE-2006-3677", "CVE-2006-3801", "CVE-2006-3802", "CVE-2006-3803", "CVE-2006-3805", "CVE-2006-3806", "CVE-2006-3807", "CVE-2006-3808", "CVE-2006-3809", "CVE-2006-3810", "CVE-2006-3811", "CVE-2006-3812");
      script_xref(name:"RHSA", value:"2006:0610");
    
      script_name(english:"CentOS 4 : Firefox (CESA-2006:0610)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated firefox packages that fix several security bugs are now
    available for Red Hat Enterprise Linux 4.
    
    This update has been rated as having critical security impact by the
    Red Hat Security Response Team.
    
    Mozilla Firefox is an open source Web browser.
    
    The Mozilla Foundation has discontinued support for the Mozilla
    Firefox 1.0 branch. This update deprecates the Mozilla Firefox 1.0
    branch in Red Hat Enterprise Linux 4 in favor of the supported Mozilla
    Firefox 1.5 branch.
    
    This update also resolves a number of outstanding Firefox security
    issues :
    
    Several flaws were found in the way Firefox processed certain
    JavaScript actions. A malicious web page could execute arbitrary
    JavaScript instructions with the permissions of 'chrome', allowing the
    page to steal sensitive information or install browser malware.
    (CVE-2006-2776, CVE-2006-2784, CVE-2006-2785, CVE-2006-2787,
    CVE-2006-3807, CVE-2006-3809, CVE-2006-3812)
    
    Several denial of service flaws were found in the way Firefox
    processed certain web content. A malicious web page could crash the
    browser or possibly execute arbitrary code as the user running
    Firefox. (CVE-2006-2779, CVE-2006-2780, CVE-2006-3801, CVE-2006-3677,
    CVE-2006-3113, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806,
    CVE-2006-3811)
    
    A cross-site scripting flaw was found in the way Firefox processed
    Unicode Byte-Order-Mark (BOM) markers in UTF-8 web pages. A malicious
    web page could execute a script within the browser that a web input
    sanitizer could miss due to a malformed 'script' tag. (CVE-2006-2783)
    
    Several flaws were found in the way Firefox processed certain
    JavaScript actions. A malicious web page could conduct a cross-site
    scripting attack or steal sensitive information (such as cookies owned
    by other domains). (CVE-2006-3802, CVE-2006-3810)
    
    A form file upload flaw was found in the way Firefox handled
    JavaScript input object mutation. A malicious web page could upload an
    arbitrary local file at form submission time without user interaction.
    (CVE-2006-2782)
    
    A denial of service flaw was found in the way Firefox called the
    crypto.signText() JavaScript function. A malicious web page could
    crash the browser if the victim had a client certificate loaded.
    (CVE-2006-2778)
    
    Two HTTP response smuggling flaws were found in the way Firefox
    processed certain invalid HTTP response headers. A malicious website
    could return specially crafted HTTP response headers which may bypass
    HTTP proxy restrictions. (CVE-2006-2786)
    
    A flaw was found in the way Firefox processed Proxy AutoConfig
    scripts. A malicious Proxy AutoConfig server could execute arbitrary
    JavaScript instructions with the permissions of 'chrome', allowing the
    page to steal sensitive information or install browser malware.
    (CVE-2006-3808)
    
    A double free flaw was found in the way the nsIX509::getRawDER method
    was called. If a victim visited a carefully crafted web page, it was
    possible to execute arbitrary code as the user running Firefox.
    (CVE-2006-2788)
    
    Users of Firefox are advised to upgrade to this update, which contains
    Firefox version 1.5.0.5 that corrects these issues."
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-July/013071.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?944d3248"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-July/013072.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2fc400b0"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-July/013084.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?deef7c43"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Mozilla Suite/Firefox Navigator Object Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(20, 94, 119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:firefox");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/07/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/08/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-4", reference:"firefox-1.5.0.5-0.el4.1.centos4")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
    }
    
  • NASL familyWindows
    NASL idSEAMONKEY_102.NASL
    descriptionThe installed version of SeaMonkey contains various security issues, some of which could lead to execution of arbitrary code on the affected host subject to the user
    last seen2020-06-01
    modified2020-06-02
    plugin id21629
    published2006-06-03
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21629
    titleSeaMonkey < 1.0.2 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21629);
      script_version("1.25");
      script_cvs_date("Date: 2018/07/27 18:38:15");
    
      script_cve_id("CVE-2006-1942", "CVE-2006-2775", "CVE-2006-2776", "CVE-2006-2777",
                    "CVE-2006-2778", "CVE-2006-2779", "CVE-2006-2780", "CVE-2006-2781",
                    "CVE-2006-2782", "CVE-2006-2783", "CVE-2006-2785", "CVE-2006-2786", 
                    "CVE-2006-2787");
      script_bugtraq_id(18228);
    
      script_name(english:"SeaMonkey < 1.0.2 Multiple Vulnerabilities");
      script_summary(english:"Checks version of SeaMonkey");
    
      script_set_attribute(attribute:"synopsis", value:
    "A web browser on the remote host is prone to multiple flaws." );
      script_set_attribute(attribute:"description", value:
    "The installed version of SeaMonkey contains various security issues,
    some of which could lead to execution of arbitrary code on the affected
    host subject to the user's privileges." );
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-31/" );
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-32/" );
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-33/" );
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-34/" );
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-35/" );
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-37/" );
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-38/" );
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-39/" );
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-40/" );
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-41/" );
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-42/" );
      script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-43/" );
      script_set_attribute(attribute:"solution", value:
    "Upgrade to SeaMonkey 1.0.2 or later." );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 94, 119);
      script_set_attribute(attribute:"plugin_publication_date", value: "2006/06/03");
      script_set_attribute(attribute:"vuln_publication_date", value: "2006/05/05");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:seamonkey");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
     
      script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
     
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("SeaMonkey/Version");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    port = get_kb_item("SMB/transport");
    if (!port) port = 445;
    
    installs = get_kb_list("SMB/SeaMonkey/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "SeaMonkey");
    
    mozilla_check_version(installs:installs, product:'seamonkey', fix:'1.0.2', severity:SECURITY_HOLE);
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1118.NASL
    descriptionSeveral security related problems have been discovered in Mozilla. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-1942 Eric Foley discovered that a user can be tricked to expose a local file to a remote attacker by displaying a local file as image in connection with other vulnerabilities. [MFSA-2006-39] - CVE-2006-2775 XUL attributes are associated with the wrong URL under certain circumstances, which might allow remote attackers to bypass restrictions. [MFSA-2006-35] - CVE-2006-2776 Paul Nickerson discovered that content-defined setters on an object prototype were getting called by privileged user interface code, and
    last seen2020-06-01
    modified2020-06-02
    plugin id22660
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22660
    titleDebian DSA-1118-1 : mozilla - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1118. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22660);
      script_version("1.28");
      script_cvs_date("Date: 2019/08/02 13:32:19");
    
      script_cve_id("CVE-2006-1942", "CVE-2006-2775", "CVE-2006-2776", "CVE-2006-2777", "CVE-2006-2778", "CVE-2006-2779", "CVE-2006-2780", "CVE-2006-2781", "CVE-2006-2782", "CVE-2006-2783", "CVE-2006-2784", "CVE-2006-2785", "CVE-2006-2786", "CVE-2006-2787");
      script_bugtraq_id(18228);
      script_xref(name:"CERT", value:"237257");
      script_xref(name:"CERT", value:"243153");
      script_xref(name:"CERT", value:"421529");
      script_xref(name:"CERT", value:"466673");
      script_xref(name:"CERT", value:"575969");
      script_xref(name:"DSA", value:"1118");
    
      script_name(english:"Debian DSA-1118-1 : mozilla - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several security related problems have been discovered in Mozilla. The
    Common Vulnerabilities and Exposures project identifies the following
    vulnerabilities :
    
      - CVE-2006-1942
        Eric Foley discovered that a user can be tricked to
        expose a local file to a remote attacker by displaying a
        local file as image in connection with other
        vulnerabilities. [MFSA-2006-39]
    
      - CVE-2006-2775
        XUL attributes are associated with the wrong URL under
        certain circumstances, which might allow remote
        attackers to bypass restrictions. [MFSA-2006-35]
    
      - CVE-2006-2776
        Paul Nickerson discovered that content-defined setters
        on an object prototype were getting called by privileged
        user interface code, and 'moz_bug_r_a4' demonstrated
        that the higher privilege level could be passed along to
        the content-defined attack code. [MFSA-2006-37]
    
      - CVE-2006-2777
        A vulnerability allows remote attackers to execute
        arbitrary code and create notifications that are
        executed in a privileged context. [MFSA-2006-43]
    
      - CVE-2006-2778
        Mikolaj Habryn discovered a buffer overflow in the
        crypto.signText function that allows remote attackers to
        execute arbitrary code via certain optional Certificate
        Authority name arguments. [MFSA-2006-38]
    
      - CVE-2006-2779
        Mozilla team members discovered several crashes during
        testing of the browser engine showing evidence of memory
        corruption which may also lead to the execution of
        arbitrary code. This problem has only partially been
        corrected. [MFSA-2006-32]
    
      - CVE-2006-2780
        An integer overflow allows remote attackers to cause a
        denial of service and may permit the execution of
        arbitrary code. [MFSA-2006-32]
    
      - CVE-2006-2781
        Masatoshi Kimura discovered a double-free vulnerability
        that allows remote attackers to cause a denial of
        service and possibly execute arbitrary code via a VCard.
        [MFSA-2006-40]
    
      - CVE-2006-2782
        Chuck McAuley discovered that a text input box can be
        pre-filled with a filename and then turned into a
        file-upload control, allowing a malicious website to
        steal any local file whose name they can guess.
        [MFSA-2006-41, MFSA-2006-23, CVE-2006-1729]
    
      - CVE-2006-2783
        Masatoshi Kimura discovered that the Unicode
        Byte-order-Mark (BOM) is stripped from UTF-8 pages
        during the conversion to Unicode before the parser sees
        the web page, which allows remote attackers to conduct
        cross-site scripting (XSS) attacks. [MFSA-2006-42]
    
      - CVE-2006-2784
        Paul Nickerson discovered that the fix for CVE-2005-0752
        can be bypassed using nested javascript: URLs, allowing
        the attacker to execute privileged code. [MFSA-2005-34,
        MFSA-2006-36]
    
      - CVE-2006-2785
        Paul Nickerson demonstrated that if an attacker could
        convince a user to right-click on a broken image and
        choose 'View Image' from the context menu then he could
        get JavaScript to run. [MFSA-2006-34]
    
      - CVE-2006-2786
        Kazuho Oku discovered that Mozilla's lenient handling of
        HTTP header syntax may allow remote attackers to trick
        the browser to interpret certain responses as if they
        were responses from two different sites. [MFSA-2006-33]
    
      - CVE-2006-2787
        The Mozilla researcher 'moz_bug_r_a4' discovered that
        JavaScript run via EvalInSandbox can escape the sandbox
        and gain elevated privilege. [MFSA-2006-31]"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-1942"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-2775"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-2776"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-2777"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-2778"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-2779"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-2780"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-2781"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-2782"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-1729"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-2783"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-2784"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2005-0752"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-2785"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-2786"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-2787"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2006/dsa-1118"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the Mozilla packages.
    
    For the stable distribution (sarge) these problems have been fixed in
    version 1.7.8-1sarge7.1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 94, 119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mozilla");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/07/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/05/05");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.1", prefix:"libnspr-dev", reference:"1.7.8-1sarge7.1")) flag++;
    if (deb_check(release:"3.1", prefix:"libnspr4", reference:"1.7.8-1sarge7.1")) flag++;
    if (deb_check(release:"3.1", prefix:"libnss-dev", reference:"1.7.8-1sarge7.1")) flag++;
    if (deb_check(release:"3.1", prefix:"libnss3", reference:"1.7.8-1sarge7.1")) flag++;
    if (deb_check(release:"3.1", prefix:"mozilla", reference:"1.7.8-1sarge7.1")) flag++;
    if (deb_check(release:"3.1", prefix:"mozilla-browser", reference:"1.7.8-1sarge7.1")) flag++;
    if (deb_check(release:"3.1", prefix:"mozilla-calendar", reference:"1.7.8-1sarge7.1")) flag++;
    if (deb_check(release:"3.1", prefix:"mozilla-chatzilla", reference:"1.7.8-1sarge7.1")) flag++;
    if (deb_check(release:"3.1", prefix:"mozilla-dev", reference:"1.7.8-1sarge7.1")) flag++;
    if (deb_check(release:"3.1", prefix:"mozilla-dom-inspector", reference:"1.7.8-1sarge7.1")) flag++;
    if (deb_check(release:"3.1", prefix:"mozilla-js-debugger", reference:"1.7.8-1sarge7.1")) flag++;
    if (deb_check(release:"3.1", prefix:"mozilla-mailnews", reference:"1.7.8-1sarge7.1")) flag++;
    if (deb_check(release:"3.1", prefix:"mozilla-psm", reference:"1.7.8-1sarge7.1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0610.NASL
    descriptionUpdated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. The Mozilla Foundation has discontinued support for the Mozilla Firefox 1.0 branch. This update deprecates the Mozilla Firefox 1.0 branch in Red Hat Enterprise Linux 4 in favor of the supported Mozilla Firefox 1.5 branch. This update also resolves a number of outstanding Firefox security issues : Several flaws were found in the way Firefox processed certain JavaScript actions. A malicious web page could execute arbitrary JavaScript instructions with the permissions of
    last seen2020-06-01
    modified2020-06-02
    plugin id22121
    published2006-07-29
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22121
    titleRHEL 4 : firefox (RHSA-2006:0610)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0610. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22121);
      script_version ("1.29");
      script_cvs_date("Date: 2019/10/25 13:36:12");
    
      script_cve_id("CVE-2006-2776", "CVE-2006-2778", "CVE-2006-2779", "CVE-2006-2780", "CVE-2006-2782", "CVE-2006-2783", "CVE-2006-2784", "CVE-2006-2785", "CVE-2006-2786", "CVE-2006-2787", "CVE-2006-2788", "CVE-2006-3113", "CVE-2006-3677", "CVE-2006-3801", "CVE-2006-3802", "CVE-2006-3803", "CVE-2006-3805", "CVE-2006-3806", "CVE-2006-3807", "CVE-2006-3808", "CVE-2006-3809", "CVE-2006-3810", "CVE-2006-3811", "CVE-2006-3812");
      script_xref(name:"RHSA", value:"2006:0610");
    
      script_name(english:"RHEL 4 : firefox (RHSA-2006:0610)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated firefox packages that fix several security bugs are now
    available for Red Hat Enterprise Linux 4.
    
    This update has been rated as having critical security impact by the
    Red Hat Security Response Team.
    
    Mozilla Firefox is an open source Web browser.
    
    The Mozilla Foundation has discontinued support for the Mozilla
    Firefox 1.0 branch. This update deprecates the Mozilla Firefox 1.0
    branch in Red Hat Enterprise Linux 4 in favor of the supported Mozilla
    Firefox 1.5 branch.
    
    This update also resolves a number of outstanding Firefox security
    issues :
    
    Several flaws were found in the way Firefox processed certain
    JavaScript actions. A malicious web page could execute arbitrary
    JavaScript instructions with the permissions of 'chrome', allowing the
    page to steal sensitive information or install browser malware.
    (CVE-2006-2776, CVE-2006-2784, CVE-2006-2785, CVE-2006-2787,
    CVE-2006-3807, CVE-2006-3809, CVE-2006-3812)
    
    Several denial of service flaws were found in the way Firefox
    processed certain web content. A malicious web page could crash the
    browser or possibly execute arbitrary code as the user running
    Firefox. (CVE-2006-2779, CVE-2006-2780, CVE-2006-3801, CVE-2006-3677,
    CVE-2006-3113, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806,
    CVE-2006-3811)
    
    A cross-site scripting flaw was found in the way Firefox processed
    Unicode Byte-Order-Mark (BOM) markers in UTF-8 web pages. A malicious
    web page could execute a script within the browser that a web input
    sanitizer could miss due to a malformed 'script' tag. (CVE-2006-2783)
    
    Several flaws were found in the way Firefox processed certain
    JavaScript actions. A malicious web page could conduct a cross-site
    scripting attack or steal sensitive information (such as cookies owned
    by other domains). (CVE-2006-3802, CVE-2006-3810)
    
    A form file upload flaw was found in the way Firefox handled
    JavaScript input object mutation. A malicious web page could upload an
    arbitrary local file at form submission time without user interaction.
    (CVE-2006-2782)
    
    A denial of service flaw was found in the way Firefox called the
    crypto.signText() JavaScript function. A malicious web page could
    crash the browser if the victim had a client certificate loaded.
    (CVE-2006-2778)
    
    Two HTTP response smuggling flaws were found in the way Firefox
    processed certain invalid HTTP response headers. A malicious website
    could return specially crafted HTTP response headers which may bypass
    HTTP proxy restrictions. (CVE-2006-2786)
    
    A flaw was found in the way Firefox processed Proxy AutoConfig
    scripts. A malicious Proxy AutoConfig server could execute arbitrary
    JavaScript instructions with the permissions of 'chrome', allowing the
    page to steal sensitive information or install browser malware.
    (CVE-2006-3808)
    
    A double free flaw was found in the way the nsIX509::getRawDER method
    was called. If a victim visited a carefully crafted web page, it was
    possible to execute arbitrary code as the user running Firefox.
    (CVE-2006-2788)
    
    Users of Firefox are advised to upgrade to this update, which contains
    Firefox version 1.5.0.5 that corrects these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2776"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2778"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2779"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2780"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2782"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2783"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2784"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2785"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2786"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2787"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2788"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3113"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3677"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3801"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3802"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3803"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3805"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3806"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3807"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3808"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3809"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3810"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3811"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3812"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2006:0610"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Mozilla Suite/Firefox Navigator Object Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(20, 94, 119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/07/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2006:0610";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", reference:"firefox-1.5.0.5-0.el4.1")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0594.NASL
    descriptionUpdated SeaMonkey packages that fix several security bugs in the mozilla packages are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. The Mozilla Foundation has discontinued support for the Mozilla Suite. This update deprecates the Mozilla Suite in Red Hat Enterprise Linux 2.1 in favor of the supported SeaMonkey Suite. This update also resolves a number of outstanding Mozilla security issues : Several flaws were found in the way SeaMonkey processed certain JavaScript actions. A malicious web page could execute arbitrary JavaScript instructions with the permissions of
    last seen2020-06-01
    modified2020-06-02
    plugin id22291
    published2006-08-30
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22291
    titleRHEL 2.1 : seamonkey (RHSA-2006:0594)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0578.NASL
    descriptionUpdated SeaMonkey packages that fix several security bugs in the mozilla package are now available for Red Hat Enterprise Linux 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. The Mozilla Foundation has discontinued support for the Mozilla Suite. This update deprecates the Mozilla Suite in Red Hat Enterprise Linux 3 in favor of the supported SeaMonkey Suite. This update also resolves a number of outstanding Mozilla security issues : Several flaws were found in the way Mozilla processed certain JavaScript actions. A malicious web page could execute arbitrary JavaScript instructions with the permissions of
    last seen2020-06-01
    modified2020-06-02
    plugin id22088
    published2006-07-21
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22088
    titleRHEL 3 : seamonkey (RHSA-2006:0578)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1120.NASL
    descriptionSeveral security related problems have been discovered in Mozilla. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-1942 Eric Foley discovered that a user can be tricked to expose a local file to a remote attacker by displaying a local file as image in connection with other vulnerabilities. [MFSA-2006-39] - CVE-2006-2775 XUL attributes are associated with the wrong URL under certain circumstances, which might allow remote attackers to bypass restrictions. [MFSA-2006-35] - CVE-2006-2776 Paul Nickerson discovered that content-defined setters on an object prototype were getting called by privileged user interface code, and
    last seen2020-06-01
    modified2020-06-02
    plugin id22662
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22662
    titleDebian DSA-1120-1 : mozilla-firefox - several vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-1585.NASL
    descriptionThis updates fixes several security problems in the Mozilla Firefox 1.5 browser and brings it up to 1.5.0.4 bugfix level. The full list is at: http://www.mozilla.org/projects/security/known-vulnerabilities.html#fi refox1.5.0.4 MFSA 2006-31/CVE-2006-2787: EvalInSandbox allows remote attackers to gain privileges via JavaScript that calls the valueOf method on objects that were created outside of the sandbox. MFSA 2006-32/CVE-2006-2780: An Integer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via
    last seen2020-06-01
    modified2020-06-02
    plugin id27112
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27112
    titleopenSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-1585)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_1504.NASL
    descriptionThe installed version of Firefox is affected by various security issues, some of which may lead to execution of arbitrary code on the affected host subject to the user
    last seen2020-06-01
    modified2020-06-02
    plugin id21627
    published2006-06-03
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21627
    titleFirefox < 1.5.0.4 Multiple Vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-296-1.NASL
    descriptionJonas Sicking discovered that under some circumstances persisted XUL attributes are associated with the wrong URL. A malicious website could exploit this to execute arbitrary code with the privileges of the user. (MFSA 2006-35, CVE-2006-2775) Paul Nickerson discovered that content-defined setters on an object prototype were getting called by privileged UI code. It was demonstrated that this could be exploited to run arbitrary web script with full user privileges (MFSA 2006-37, CVE-2006-2776). A similar attack was discovered by moz_bug_r_a4 that leveraged SelectionObject notifications that were called in privileged context. (MFSA 2006-43, CVE-2006-2777) Mikolaj Habryn discovered a buffer overflow in the crypto.signText() function. By tricking a user to visit a site with an SSL certificate with specially crafted optional Certificate Authority name arguments, this could potentially be exploited to execute arbitrary code with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id27868
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27868
    titleUbuntu 6.06 LTS : firefox vulnerabilities (USN-296-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0609.NASL
    descriptionUpdated SeaMonkey packages that fix several security bugs in the mozilla package are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. The Mozilla Foundation has discontinued support for the Mozilla Suite. This update deprecates the Mozilla Suite in Red Hat Enterprise Linux 4 in favor of the supported SeaMonkey Suite. This update also resolves a number of outstanding Mozilla security issues : Several flaws were found in the way SeaMonkey processed certain JavaScript actions. A malicious web page could execute arbitrary JavaScript instructions with the permissions of
    last seen2020-06-01
    modified2020-06-02
    plugin id22150
    published2006-08-04
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22150
    titleRHEL 4 : seamonkey (RHSA-2006:0609)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2006-0735.NASL
    descriptionUpdated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Users of Thunderbird are advised to upgrade to this update, which contains Thunderbird version 1.5.0.8 that corrects these issues. From Red Hat Security Advisory 2006:0735 : Several flaws were found in the way Thunderbird processes certain malformed Javascript code. A malicious HTML mail message could cause the execution of Javascript code in such a way that could cause Thunderbird to crash or execute arbitrary code as the user running Thunderbird. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Thunderbird renders HTML mail messages. A malicious HTML mail message could cause the mail client to crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-5464) A flaw was found in the way Thunderbird verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Thunderbird as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which would be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in Thunderbird 1.5.0.7, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462) From Red Hat Security Advisory 2006:0677 : Two flaws were found in the way Thunderbird processed certain regular expressions. A malicious HTML email could cause a crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-4565, CVE-2006-4566) A flaw was found in the Thunderbird auto-update verification system. An attacker who has the ability to spoof a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id67424
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67424
    titleOracle Linux 4 : thunderbird (ELSA-2006-0735 / ELSA-2006-0677 / ELBA-2006-0624 / ELSA-2006-0611)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200606-12.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200606-12 (Mozilla Firefox: Multiple vulnerabilities) A number of vulnerabilities were found and fixed in Mozilla Firefox. For details please consult the references below. Impact : By enticing the user to visit a malicious website, a remote attacker can inject arbitrary HTML and JavaScript Code into the user
    last seen2020-06-01
    modified2020-06-02
    plugin id21705
    published2006-06-16
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21705
    titleGLSA-200606-12 : Mozilla Firefox: Multiple vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2006-0733.NASL
    descriptionUpdated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version 1.5.0.8 that corrects these issues. From Red Hat Security Advisory 2006:0733 : Several flaws were found in the way Firefox processes certain malformed Javascript code. A malicious web page could cause the execution of Javascript code in such a way that could cause Firefox to crash or execute arbitrary code as the user running Firefox. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Firefox renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running Firefox. (CVE-2006-5464) A flaw was found in the way Firefox verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Firefox as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in Firefox 1.5.0.7, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462) From Red Hat Security Advisory 2006:0675 : Two flaws were found in the way Firefox processed certain regular expressions. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Firefox. (CVE-2006-4565, CVE-2006-4566) A number of flaws were found in Firefox. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Firefox. (CVE-2006-4571) A flaw was found in the handling of Javascript timed events. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Firefox. (CVE-2006-4253) Daniel Bleichenbacher recently described an implementation error in RSA signature verification. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Firefox as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. (CVE-2006-4340) A flaw was found in the Firefox auto-update verification system. An attacker who has the ability to spoof a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id67422
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67422
    titleOracle Linux 4 : firefox (ELSA-2006-0733 / ELSA-2006-0675 / ELSA-2006-0610)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-296-2.NASL
    descriptionUSN-296-1 fixed several vulnerabilities in Firefox for the Ubuntu 6.06 LTS release. This update provides the corresponding fixes for Ubuntu 5.04 and Ubuntu 5.10. For reference, these are the details of the original USN : Jonas Sicking discovered that under some circumstances persisted XUL attributes are associated with the wrong URL. A malicious website could exploit this to execute arbitrary code with the privileges of the user. (MFSA 2006-35, CVE-2006-2775) Paul Nickerson discovered that content-defined setters on an object prototype were getting called by privileged UI code. It was demonstrated that this could be exploited to run arbitrary web script with full user privileges (MFSA 2006-37, CVE-2006-2776). A similar attack was discovered by moz_bug_r_a4 that leveraged SelectionObject notifications that were called in privileged context. (MFSA 2006-43, CVE-2006-2777) Mikolaj Habryn discovered a buffer overflow in the crypto.signText() function. By tricking a user to visit a site with an SSL certificate with specially crafted optional Certificate Authority name arguments, this could potentially be exploited to execute arbitrary code with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id27869
    published2007-11-10
    reporterUbuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2007-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27869
    titleUbuntu 5.04 / 5.10 : firefox, mozilla-firefox vulnerabilities (USN-296-2)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1134.NASL
    descriptionSeveral security related problems have been discovered in Mozilla which are also present in Mozilla Thunderbird. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-1942 Eric Foley discovered that a user can be tricked to expose a local file to a remote attacker by displaying a local file as image in connection with other vulnerabilities. [MFSA-2006-39] - CVE-2006-2775 XUL attributes are associated with the wrong URL under certain circumstances, which might allow remote attackers to bypass restrictions. [MFSA-2006-35] - CVE-2006-2776 Paul Nickerson discovered that content-defined setters on an object prototype were getting called by privileged user interface code, and
    last seen2020-06-01
    modified2020-06-02
    plugin id22676
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22676
    titleDebian DSA-1134-1 : mozilla-thunderbird - several vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0611.NASL
    descriptionUpdated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. The Mozilla Foundation has discontinued support for the Mozilla Thunderbird 1.0 branch. This update deprecates the Mozilla Thunderbird 1.0 branch in Red Hat Enterprise Linux 4 in favor of the supported Mozilla Thunderbird 1.5 branch. This update also resolves a number of outstanding Thunderbird security issues : Several flaws were found in the way Thunderbird processed certain JavaScript actions. A malicious mail message could execute arbitrary JavaScript instructions with the permissions of
    last seen2020-06-01
    modified2020-06-02
    plugin id22122
    published2006-07-29
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22122
    titleRHEL 4 : thunderbird (RHSA-2006:0611)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-323-1.NASL
    descriptionJonas Sicking discovered that under some circumstances persisted XUL attributes are associated with the wrong URL. A malicious website could exploit this to execute arbitrary code with the privileges of the user. (MFSA 2006-35, CVE-2006-2775) Paul Nickerson discovered that content-defined setters on an object prototype were getting called by privileged UI code. It was demonstrated that this could be exploited to run arbitrary web script with full user privileges (MFSA 2006-37, CVE-2006-2776). A similar attack was discovered by moz_bug_r_a4 that leveraged SelectionObject notifications that were called in privileged context. (MFSA 2006-43, CVE-2006-2777) Mikolaj Habryn discovered a buffer overflow in the crypto.signText() function. By tricking a user to visit a site with an SSL certificate with specially crafted optional Certificate Authority name arguments, this could potentially be exploited to execute arbitrary code with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id27901
    published2007-11-10
    reporterUbuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2007-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27901
    titleUbuntu 5.04 / 5.10 : mozilla vulnerabilities (USN-323-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-143.NASL
    descriptionA number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program. Previous updates to Firefox were patch fixes to Firefox 1.0.6 that brought it in sync with 1.0.8 in terms of security fixes. In this update, Mozilla Firefox 1.5.0.6 is being provided which corrects a number of vulnerabilities that were previously unpatched, as well as providing new and enhanced features. The following CVE names have been corrected with this update: CVE-2006-2613, CVE-2006-2894, CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786, CVE-2006-2787, CVE-2006-2788, CVE-2006-3677, CVE-2006-3803, CVE-2006-3804, CVE-2006-3806, CVE-2006-3807, CVE-2006-3113, CVE-2006-3801, CVE-2006-3802, CVE-2006-3805, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812. Update : The previous language packages were not correctly tagged for the new Firefox which resulted in many of them not loading properly. These updated language packages correct the problem.
    last seen2020-06-01
    modified2020-06-02
    plugin id23892
    published2006-12-16
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23892
    titleMandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:143-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0611.NASL
    descriptionUpdated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. The Mozilla Foundation has discontinued support for the Mozilla Thunderbird 1.0 branch. This update deprecates the Mozilla Thunderbird 1.0 branch in Red Hat Enterprise Linux 4 in favor of the supported Mozilla Thunderbird 1.5 branch. This update also resolves a number of outstanding Thunderbird security issues : Several flaws were found in the way Thunderbird processed certain JavaScript actions. A malicious mail message could execute arbitrary JavaScript instructions with the permissions of
    last seen2020-06-01
    modified2020-06-02
    plugin id22138
    published2006-08-04
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22138
    titleCentOS 4 : thunderbird (CESA-2006:0611)

Oval

accepted2013-04-29T04:06:35.090-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionCross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascript URL.
familyunix
idoval:org.mitre.oval:def:10545
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleCross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascript URL.
version26

Redhat

advisories
  • rhsa
    idRHSA-2006:0578
  • rhsa
    idRHSA-2006:0594
  • rhsa
    idRHSA-2006:0609
  • rhsa
    idRHSA-2006:0610
  • rhsa
    idRHSA-2006:0611
rpms
  • seamonkey-0:1.0.2-0.1.0.EL3
  • seamonkey-chat-0:1.0.2-0.1.0.EL3
  • seamonkey-debuginfo-0:1.0.2-0.1.0.EL3
  • seamonkey-devel-0:1.0.2-0.1.0.EL3
  • seamonkey-dom-inspector-0:1.0.2-0.1.0.EL3
  • seamonkey-js-debugger-0:1.0.2-0.1.0.EL3
  • seamonkey-mail-0:1.0.2-0.1.0.EL3
  • seamonkey-nspr-0:1.0.2-0.1.0.EL3
  • seamonkey-nspr-devel-0:1.0.2-0.1.0.EL3
  • seamonkey-nss-0:1.0.2-0.1.0.EL3
  • seamonkey-nss-devel-0:1.0.2-0.1.0.EL3
  • devhelp-0:0.10-0.2.el4
  • devhelp-debuginfo-0:0.10-0.2.el4
  • devhelp-devel-0:0.10-0.2.el4
  • seamonkey-0:1.0.3-0.el4.1
  • seamonkey-chat-0:1.0.3-0.el4.1
  • seamonkey-debuginfo-0:1.0.3-0.el4.1
  • seamonkey-devel-0:1.0.3-0.el4.1
  • seamonkey-dom-inspector-0:1.0.3-0.el4.1
  • seamonkey-js-debugger-0:1.0.3-0.el4.1
  • seamonkey-mail-0:1.0.3-0.el4.1
  • firefox-0:1.5.0.5-0.el4.1
  • firefox-debuginfo-0:1.5.0.5-0.el4.1
  • thunderbird-0:1.5.0.5-0.el4.1
  • thunderbird-debuginfo-0:1.5.0.5-0.el4.1

References