Vulnerabilities > CVE-2006-3677 - Configuration vulnerability in Mozilla Firefox and Seamonkey

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
mozilla
CWE-16
nessus
exploit available
metasploit

Summary

Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.

Common Weakness Enumeration (CWE)

Exploit-Db

  • descriptionMozilla Firefox. CVE-2006-3677. Remote exploits for multiple platform
    idEDB-ID:2082
    last seen2016-01-31
    modified2006-07-28
    published2006-07-28
    reporterH D Moore
    sourcehttps://www.exploit-db.com/download/2082/
    titleMozilla Firefox <= 1.5.0.4 - Javascript Navigator Object Code Execution PoC
  • descriptionMozilla Suite/Firefox < 1.5.0.5 Navigator Object Code Execution. CVE-2006-3677. Remote exploits for multiple platform
    idEDB-ID:9946
    last seen2016-02-01
    modified2006-07-25
    published2006-07-25
    reporterH D Moore
    sourcehttps://www.exploit-db.com/download/9946/
    titleMozilla Suite/Firefox < 1.5.0.5 - Navigator Object Code Execution
  • descriptionMozilla Suite/Firefox Navigator Object Code Execution. CVE-2006-3677. Remote exploits for multiple platform
    idEDB-ID:16300
    last seen2016-02-01
    modified2010-09-20
    published2010-09-20
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16300/
    titleMozilla Suite/Firefox Navigator Object Code Execution

Metasploit

descriptionThis module exploits a code execution vulnerability in the Mozilla Suite, Mozilla Firefox, and Mozilla Thunderbird applications. This exploit requires the Java plugin to be installed.
idMSF:EXPLOIT/MULTI/BROWSER/MOZILLA_NAVIGATORJAVA
last seen2019-12-03
modified2017-07-24
published2006-09-17
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/browser/mozilla_navigatorjava.rb
titleMozilla Suite/Firefox Navigator Object Code Execution

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0608.NASL
    descriptionUpdated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain JavaScript actions. A malicious web page could execute arbitrary JavaScript instructions with the permissions of
    last seen2020-06-01
    modified2020-06-02
    plugin id22162
    published2006-08-07
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22162
    titleCentOS 3 : seamonkey (CESA-2006:0608)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0608 and 
    # CentOS Errata and Security Advisory 2006:0608 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22162);
      script_version("1.21");
      script_cvs_date("Date: 2019/10/25 13:36:03");
    
      script_cve_id("CVE-2006-3113", "CVE-2006-3677", "CVE-2006-3801", "CVE-2006-3802", "CVE-2006-3803", "CVE-2006-3804", "CVE-2006-3805", "CVE-2006-3806", "CVE-2006-3807", "CVE-2006-3808", "CVE-2006-3809", "CVE-2006-3810", "CVE-2006-3811", "CVE-2006-3812");
      script_xref(name:"RHSA", value:"2006:0608");
    
      script_name(english:"CentOS 3 : seamonkey (CESA-2006:0608)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated SeaMonkey packages that fix several security bugs are now
    available for Red Hat Enterprise Linux 3.
    
    This update has been rated as having critical security impact by the
    Red Hat Security Response Team.
    
    SeaMonkey is an open source Web browser, advanced email and newsgroup
    client, IRC chat client, and HTML editor.
    
    Several flaws were found in the way SeaMonkey processed certain
    JavaScript actions. A malicious web page could execute arbitrary
    JavaScript instructions with the permissions of 'chrome', allowing the
    page to steal sensitive information or install browser malware.
    (CVE-2006-3807, CVE-2006-3809, CVE-2006-3812)
    
    Several denial of service flaws were found in the way SeaMonkey
    processed certain web content. A malicious web page could crash the
    browser or possibly execute arbitrary code as the user running
    SeaMonkey. (CVE-2006-3801, CVE-2006-3677, CVE-2006-3113,
    CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3811)
    
    A buffer overflow flaw was found in the way SeaMonkey Messenger
    displayed malformed inline vcard attachments. If a victim viewed an
    email message containing a carefully crafted vcard, it was possible to
    execute arbitrary code as the user running SeaMonkey Messenger.
    (CVE-2006-3804)
    
    Several flaws were found in the way SeaMonkey processed certain
    JavaScript actions. A malicious web page could conduct a cross-site
    scripting attack or steal sensitive information (such as cookies owned
    by other domains). (CVE-2006-3802, CVE-2006-3810)
    
    A flaw was found in the way SeaMonkey processed Proxy AutoConfig
    scripts. A malicious Proxy AutoConfig server could execute arbitrary
    JavaScript instructions with the permissions of 'chrome', allowing the
    page to steal sensitive information or install browser malware.
    (CVE-2006-3808)
    
    Users of SeaMonkey are advised to upgrade to this update, which
    contains SeaMonkey version 1.0.3 that corrects these issues."
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-August/013115.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?46fc1784"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-August/013123.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?49c91b51"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-August/013124.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a782cb4c"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected seamonkey packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Mozilla Suite/Firefox Navigator Object Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-chat");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-js-debugger");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-mail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nspr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nspr-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nss-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/07/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/08/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/08/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-3", reference:"seamonkey-1.0.3-0.el3.1.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"seamonkey-chat-1.0.3-0.el3.1.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"seamonkey-devel-1.0.3-0.el3.1.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"seamonkey-dom-inspector-1.0.3-0.el3.1.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"seamonkey-js-debugger-1.0.3-0.el3.1.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"seamonkey-mail-1.0.3-0.el3.1.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"seamonkey-nspr-1.0.3-0.el3.1.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"seamonkey-nspr-devel-1.0.3-0.el3.1.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"seamonkey-nss-1.0.3-0.el3.1.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"seamonkey-nss-devel-1.0.3-0.el3.1.centos3")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey / seamonkey-chat / seamonkey-devel / etc");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0609.NASL
    descriptionUpdated SeaMonkey packages that fix several security bugs in the mozilla package are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. The Mozilla Foundation has discontinued support for the Mozilla Suite. This update deprecates the Mozilla Suite in Red Hat Enterprise Linux 4 in favor of the supported SeaMonkey Suite. This update also resolves a number of outstanding Mozilla security issues : Several flaws were found in the way SeaMonkey processed certain JavaScript actions. A malicious web page could execute arbitrary JavaScript instructions with the permissions of
    last seen2020-06-01
    modified2020-06-02
    plugin id22163
    published2006-08-07
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22163
    titleCentOS 4 : seamonkey (CESA-2006:0609)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0609 and 
    # CentOS Errata and Security Advisory 2006:0609 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22163);
      script_version("1.23");
      script_cvs_date("Date: 2019/10/25 13:36:03");
    
      script_cve_id("CVE-2006-2776", "CVE-2006-2778", "CVE-2006-2779", "CVE-2006-2780", "CVE-2006-2781", "CVE-2006-2782", "CVE-2006-2783", "CVE-2006-2784", "CVE-2006-2785", "CVE-2006-2786", "CVE-2006-2787", "CVE-2006-2788", "CVE-2006-3113", "CVE-2006-3677", "CVE-2006-3801", "CVE-2006-3802", "CVE-2006-3803", "CVE-2006-3804", "CVE-2006-3805", "CVE-2006-3806", "CVE-2006-3807", "CVE-2006-3808", "CVE-2006-3809", "CVE-2006-3810", "CVE-2006-3811", "CVE-2006-3812");
      script_xref(name:"RHSA", value:"2006:0609");
    
      script_name(english:"CentOS 4 : seamonkey (CESA-2006:0609)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated SeaMonkey packages that fix several security bugs in the
    mozilla package are now available for Red Hat Enterprise Linux 4.
    
    This update has been rated as having critical security impact by the
    Red Hat Security Response Team.
    
    SeaMonkey is an open source Web browser, advanced email and newsgroup
    client, IRC chat client, and HTML editor.
    
    The Mozilla Foundation has discontinued support for the Mozilla Suite.
    This update deprecates the Mozilla Suite in Red Hat Enterprise Linux 4
    in favor of the supported SeaMonkey Suite.
    
    This update also resolves a number of outstanding Mozilla security
    issues :
    
    Several flaws were found in the way SeaMonkey processed certain
    JavaScript actions. A malicious web page could execute arbitrary
    JavaScript instructions with the permissions of 'chrome', allowing the
    page to steal sensitive information or install browser malware.
    (CVE-2006-2776, CVE-2006-2784, CVE-2006-2785, CVE-2006-2787,
    CVE-2006-3807, CVE-2006-3809, CVE-2006-3812)
    
    Several denial of service flaws were found in the way SeaMonkey
    processed certain web content. A malicious web page could crash the
    browser or possibly execute arbitrary code as the user running
    SeaMonkey. (CVE-2006-2779, CVE-2006-2780, CVE-2006-3801,
    CVE-2006-3677, CVE-2006-3113, CVE-2006-3803, CVE-2006-3805,
    CVE-2006-3806, CVE-2006-3811)
    
    Two flaws were found in the way SeaMonkey-mail displayed malformed
    inline vcard attachments. If a victim viewed an email message
    containing a carefully crafted vcard it was possible to execute
    arbitrary code as the user running Mozilla-mail. (CVE-2006-2781,
    CVE-2006-3804)
    
    A cross-site scripting flaw was found in the way SeaMonkey processed
    Unicode Byte-Order-Mark (BOM) markers in UTF-8 web pages. A malicious
    web page could execute a script within the browser that a web input
    sanitizer could miss due to a malformed 'script' tag. (CVE-2006-2783)
    
    Several flaws were found in the way SeaMonkey processed certain
    JavaScript actions. A malicious web page could conduct a cross-site
    scripting attack or steal sensitive information (such as cookies owned
    by other domains). (CVE-2006-3802, CVE-2006-3810)
    
    A form file upload flaw was found in the way SeaMonkey handled
    JavaScript input object mutation. A malicious web page could upload an
    arbitrary local file at form submission time without user interaction.
    (CVE-2006-2782)
    
    A denial of service flaw was found in the way SeaMonkey called the
    crypto.signText() JavaScript function. A malicious web page could
    crash the browser if the victim had a client certificate loaded.
    (CVE-2006-2778)
    
    Two HTTP response smuggling flaws were found in the way SeaMonkey
    processed certain invalid HTTP response headers. A malicious website
    could return specially crafted HTTP response headers which may bypass
    HTTP proxy restrictions. (CVE-2006-2786)
    
    A flaw was found in the way SeaMonkey processed Proxy AutoConfig
    scripts. A malicious Proxy AutoConfig server could execute arbitrary
    JavaScript instructions with the permissions of 'chrome', allowing the
    page to steal sensitive information or install browser malware.
    (CVE-2006-3808)
    
    A double free flaw was found in the way the nsIX509::getRawDER method
    was called. If a victim visited a carefully crafted web page, it was
    possible to execute arbitrary code as the user running Mozilla.
    (CVE-2006-2788)
    
    Users of Mozilla are advised to upgrade to this update, which contains
    SeaMonkey version 1.0.3 that corrects these issues."
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-August/013116.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?328dac8f"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-August/013117.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5187bc75"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-August/013126.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c986fe5f"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected seamonkey packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Mozilla Suite/Firefox Navigator Object Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(20, 94, 119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:devhelp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:devhelp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-chat");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-js-debugger");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-mail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nspr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nspr-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nss-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/08/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/08/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"devhelp-0.10-0.2.el4")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"devhelp-0.10-0.2.el4")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"devhelp-devel-0.10-0.2.el4")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"devhelp-devel-0.10-0.2.el4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-1.0.3-0.el4.1.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-chat-1.0.3-0.el4.1.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-devel-1.0.3-0.el4.1.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-dom-inspector-1.0.3-0.el4.1.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-js-debugger-1.0.3-0.el4.1.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-mail-1.0.3-0.el4.1.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-nspr-1.0.3-0.el4.1.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-nspr-devel-1.0.3-0.el4.1.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-nss-1.0.3-0.el4.1.centos4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-nss-devel-1.0.3-0.el4.1.centos4")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "devhelp / devhelp-devel / seamonkey / seamonkey-chat / etc");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0610.NASL
    descriptionUpdated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. The Mozilla Foundation has discontinued support for the Mozilla Firefox 1.0 branch. This update deprecates the Mozilla Firefox 1.0 branch in Red Hat Enterprise Linux 4 in favor of the supported Mozilla Firefox 1.5 branch. This update also resolves a number of outstanding Firefox security issues : Several flaws were found in the way Firefox processed certain JavaScript actions. A malicious web page could execute arbitrary JavaScript instructions with the permissions of
    last seen2020-06-01
    modified2020-06-02
    plugin id22137
    published2006-08-04
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22137
    titleCentOS 4 : Firefox (CESA-2006:0610)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0610 and 
    # CentOS Errata and Security Advisory 2006:0610 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22137);
      script_version("1.22");
      script_cvs_date("Date: 2019/10/25 13:36:03");
    
      script_cve_id("CVE-2006-2776", "CVE-2006-2778", "CVE-2006-2779", "CVE-2006-2780", "CVE-2006-2782", "CVE-2006-2783", "CVE-2006-2784", "CVE-2006-2785", "CVE-2006-2786", "CVE-2006-2787", "CVE-2006-2788", "CVE-2006-3113", "CVE-2006-3677", "CVE-2006-3801", "CVE-2006-3802", "CVE-2006-3803", "CVE-2006-3805", "CVE-2006-3806", "CVE-2006-3807", "CVE-2006-3808", "CVE-2006-3809", "CVE-2006-3810", "CVE-2006-3811", "CVE-2006-3812");
      script_xref(name:"RHSA", value:"2006:0610");
    
      script_name(english:"CentOS 4 : Firefox (CESA-2006:0610)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated firefox packages that fix several security bugs are now
    available for Red Hat Enterprise Linux 4.
    
    This update has been rated as having critical security impact by the
    Red Hat Security Response Team.
    
    Mozilla Firefox is an open source Web browser.
    
    The Mozilla Foundation has discontinued support for the Mozilla
    Firefox 1.0 branch. This update deprecates the Mozilla Firefox 1.0
    branch in Red Hat Enterprise Linux 4 in favor of the supported Mozilla
    Firefox 1.5 branch.
    
    This update also resolves a number of outstanding Firefox security
    issues :
    
    Several flaws were found in the way Firefox processed certain
    JavaScript actions. A malicious web page could execute arbitrary
    JavaScript instructions with the permissions of 'chrome', allowing the
    page to steal sensitive information or install browser malware.
    (CVE-2006-2776, CVE-2006-2784, CVE-2006-2785, CVE-2006-2787,
    CVE-2006-3807, CVE-2006-3809, CVE-2006-3812)
    
    Several denial of service flaws were found in the way Firefox
    processed certain web content. A malicious web page could crash the
    browser or possibly execute arbitrary code as the user running
    Firefox. (CVE-2006-2779, CVE-2006-2780, CVE-2006-3801, CVE-2006-3677,
    CVE-2006-3113, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806,
    CVE-2006-3811)
    
    A cross-site scripting flaw was found in the way Firefox processed
    Unicode Byte-Order-Mark (BOM) markers in UTF-8 web pages. A malicious
    web page could execute a script within the browser that a web input
    sanitizer could miss due to a malformed 'script' tag. (CVE-2006-2783)
    
    Several flaws were found in the way Firefox processed certain
    JavaScript actions. A malicious web page could conduct a cross-site
    scripting attack or steal sensitive information (such as cookies owned
    by other domains). (CVE-2006-3802, CVE-2006-3810)
    
    A form file upload flaw was found in the way Firefox handled
    JavaScript input object mutation. A malicious web page could upload an
    arbitrary local file at form submission time without user interaction.
    (CVE-2006-2782)
    
    A denial of service flaw was found in the way Firefox called the
    crypto.signText() JavaScript function. A malicious web page could
    crash the browser if the victim had a client certificate loaded.
    (CVE-2006-2778)
    
    Two HTTP response smuggling flaws were found in the way Firefox
    processed certain invalid HTTP response headers. A malicious website
    could return specially crafted HTTP response headers which may bypass
    HTTP proxy restrictions. (CVE-2006-2786)
    
    A flaw was found in the way Firefox processed Proxy AutoConfig
    scripts. A malicious Proxy AutoConfig server could execute arbitrary
    JavaScript instructions with the permissions of 'chrome', allowing the
    page to steal sensitive information or install browser malware.
    (CVE-2006-3808)
    
    A double free flaw was found in the way the nsIX509::getRawDER method
    was called. If a victim visited a carefully crafted web page, it was
    possible to execute arbitrary code as the user running Firefox.
    (CVE-2006-2788)
    
    Users of Firefox are advised to upgrade to this update, which contains
    Firefox version 1.5.0.5 that corrects these issues."
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-July/013071.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?944d3248"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-July/013072.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2fc400b0"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-July/013084.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?deef7c43"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Mozilla Suite/Firefox Navigator Object Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(20, 94, 119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:firefox");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/07/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/08/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-4", reference:"firefox-1.5.0.5-0.el4.1.centos4")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-327-1.NASL
    descriptionVarious flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious URL. (CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3811, CVE-2006-3812) cross-site scripting vulnerabilities were found in the XPCNativeWrapper() function and native DOM method handlers. A malicious website could exploit these to modify the contents or steal confidential data (such as passwords) from other opened web pages. (CVE-2006-3802, CVE-2006-3810) A bug was found in the script handler for automatic proxy configuration. A malicious proxy could send scripts which could execute arbitrary code with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id27905
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27905
    titleUbuntu 6.06 LTS : firefox vulnerabilities (USN-327-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-327-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27905);
      script_version("1.18");
      script_cvs_date("Date: 2019/08/02 13:33:01");
    
      script_cve_id("CVE-2006-3113", "CVE-2006-3677", "CVE-2006-3801", "CVE-2006-3802", "CVE-2006-3803", "CVE-2006-3805", "CVE-2006-3806", "CVE-2006-3807", "CVE-2006-3808", "CVE-2006-3809", "CVE-2006-3810", "CVE-2006-3811", "CVE-2006-3812", "CVE-2007-1794");
      script_xref(name:"USN", value:"327-1");
    
      script_name(english:"Ubuntu 6.06 LTS : firefox vulnerabilities (USN-327-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Various flaws have been reported that allow an attacker to execute
    arbitrary code with user privileges by tricking the user into opening
    a malicious URL. (CVE-2006-3113, CVE-2006-3677, CVE-2006-3801,
    CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807,
    CVE-2006-3809, CVE-2006-3811, CVE-2006-3812)
    
    cross-site scripting vulnerabilities were found in the
    XPCNativeWrapper() function and native DOM method handlers. A
    malicious website could exploit these to modify the contents or steal
    confidential data (such as passwords) from other opened web pages.
    (CVE-2006-3802, CVE-2006-3810)
    
    A bug was found in the script handler for automatic proxy
    configuration. A malicious proxy could send scripts which could
    execute arbitrary code with the user's privileges. (CVE-2006-3808)
    
    Please see 
    
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#Fi
    refox
    
    for technical details of these vulnerabilities.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/327-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Mozilla Suite/Firefox Navigator Object Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox-gnome-support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnspr-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnspr4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-firefox-dev");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/07/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(6\.06)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"6.06", pkgname:"firefox", pkgver:"1.5.dfsg+1.5.0.5-0ubuntu6.06")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"firefox-dbg", pkgver:"1.5.dfsg+1.5.0.5-0ubuntu6.06")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"firefox-dev", pkgver:"1.5.dfsg+1.5.0.5-0ubuntu6.06")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"firefox-dom-inspector", pkgver:"1.5.dfsg+1.5.0.5-0ubuntu6.06")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"firefox-gnome-support", pkgver:"1.5.dfsg+1.5.0.5-0ubuntu6.06")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"libnspr-dev", pkgver:"1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"libnspr4", pkgver:"1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"libnss-dev", pkgver:"1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"libnss3", pkgver:"1.firefox1.5.dfsg+1.5.0.5-0ubuntu6.06")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"mozilla-firefox", pkgver:"1.5.dfsg+1.5.0.5-0ubuntu6.06")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"mozilla-firefox-dev", pkgver:"1.5.dfsg+1.5.0.5-0ubuntu6.06")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / firefox-dbg / firefox-dev / firefox-dom-inspector / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0610.NASL
    descriptionUpdated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. The Mozilla Foundation has discontinued support for the Mozilla Firefox 1.0 branch. This update deprecates the Mozilla Firefox 1.0 branch in Red Hat Enterprise Linux 4 in favor of the supported Mozilla Firefox 1.5 branch. This update also resolves a number of outstanding Firefox security issues : Several flaws were found in the way Firefox processed certain JavaScript actions. A malicious web page could execute arbitrary JavaScript instructions with the permissions of
    last seen2020-06-01
    modified2020-06-02
    plugin id22121
    published2006-07-29
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22121
    titleRHEL 4 : firefox (RHSA-2006:0610)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0610. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22121);
      script_version ("1.29");
      script_cvs_date("Date: 2019/10/25 13:36:12");
    
      script_cve_id("CVE-2006-2776", "CVE-2006-2778", "CVE-2006-2779", "CVE-2006-2780", "CVE-2006-2782", "CVE-2006-2783", "CVE-2006-2784", "CVE-2006-2785", "CVE-2006-2786", "CVE-2006-2787", "CVE-2006-2788", "CVE-2006-3113", "CVE-2006-3677", "CVE-2006-3801", "CVE-2006-3802", "CVE-2006-3803", "CVE-2006-3805", "CVE-2006-3806", "CVE-2006-3807", "CVE-2006-3808", "CVE-2006-3809", "CVE-2006-3810", "CVE-2006-3811", "CVE-2006-3812");
      script_xref(name:"RHSA", value:"2006:0610");
    
      script_name(english:"RHEL 4 : firefox (RHSA-2006:0610)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated firefox packages that fix several security bugs are now
    available for Red Hat Enterprise Linux 4.
    
    This update has been rated as having critical security impact by the
    Red Hat Security Response Team.
    
    Mozilla Firefox is an open source Web browser.
    
    The Mozilla Foundation has discontinued support for the Mozilla
    Firefox 1.0 branch. This update deprecates the Mozilla Firefox 1.0
    branch in Red Hat Enterprise Linux 4 in favor of the supported Mozilla
    Firefox 1.5 branch.
    
    This update also resolves a number of outstanding Firefox security
    issues :
    
    Several flaws were found in the way Firefox processed certain
    JavaScript actions. A malicious web page could execute arbitrary
    JavaScript instructions with the permissions of 'chrome', allowing the
    page to steal sensitive information or install browser malware.
    (CVE-2006-2776, CVE-2006-2784, CVE-2006-2785, CVE-2006-2787,
    CVE-2006-3807, CVE-2006-3809, CVE-2006-3812)
    
    Several denial of service flaws were found in the way Firefox
    processed certain web content. A malicious web page could crash the
    browser or possibly execute arbitrary code as the user running
    Firefox. (CVE-2006-2779, CVE-2006-2780, CVE-2006-3801, CVE-2006-3677,
    CVE-2006-3113, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806,
    CVE-2006-3811)
    
    A cross-site scripting flaw was found in the way Firefox processed
    Unicode Byte-Order-Mark (BOM) markers in UTF-8 web pages. A malicious
    web page could execute a script within the browser that a web input
    sanitizer could miss due to a malformed 'script' tag. (CVE-2006-2783)
    
    Several flaws were found in the way Firefox processed certain
    JavaScript actions. A malicious web page could conduct a cross-site
    scripting attack or steal sensitive information (such as cookies owned
    by other domains). (CVE-2006-3802, CVE-2006-3810)
    
    A form file upload flaw was found in the way Firefox handled
    JavaScript input object mutation. A malicious web page could upload an
    arbitrary local file at form submission time without user interaction.
    (CVE-2006-2782)
    
    A denial of service flaw was found in the way Firefox called the
    crypto.signText() JavaScript function. A malicious web page could
    crash the browser if the victim had a client certificate loaded.
    (CVE-2006-2778)
    
    Two HTTP response smuggling flaws were found in the way Firefox
    processed certain invalid HTTP response headers. A malicious website
    could return specially crafted HTTP response headers which may bypass
    HTTP proxy restrictions. (CVE-2006-2786)
    
    A flaw was found in the way Firefox processed Proxy AutoConfig
    scripts. A malicious Proxy AutoConfig server could execute arbitrary
    JavaScript instructions with the permissions of 'chrome', allowing the
    page to steal sensitive information or install browser malware.
    (CVE-2006-3808)
    
    A double free flaw was found in the way the nsIX509::getRawDER method
    was called. If a victim visited a carefully crafted web page, it was
    possible to execute arbitrary code as the user running Firefox.
    (CVE-2006-2788)
    
    Users of Firefox are advised to upgrade to this update, which contains
    Firefox version 1.5.0.5 that corrects these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2776"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2778"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2779"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2780"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2782"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2783"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2784"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2785"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2786"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2787"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2788"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3113"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3677"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3801"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3802"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3803"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3805"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3806"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3807"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3808"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3809"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3810"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3811"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-3812"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2006:0610"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Mozilla Suite/Firefox Navigator Object Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(20, 94, 119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/07/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2006:0610";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", reference:"firefox-1.5.0.5-0.el4.1")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0594.NASL
    descriptionUpdated SeaMonkey packages that fix several security bugs in the mozilla packages are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. The Mozilla Foundation has discontinued support for the Mozilla Suite. This update deprecates the Mozilla Suite in Red Hat Enterprise Linux 2.1 in favor of the supported SeaMonkey Suite. This update also resolves a number of outstanding Mozilla security issues : Several flaws were found in the way SeaMonkey processed certain JavaScript actions. A malicious web page could execute arbitrary JavaScript instructions with the permissions of
    last seen2020-06-01
    modified2020-06-02
    plugin id22291
    published2006-08-30
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22291
    titleRHEL 2.1 : seamonkey (RHSA-2006:0594)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-1981.NASL
    descriptionThis security update brings Mozilla Firefox to version 1.5.0.6. Note that on SUSE Linux 9.2, 9.3 and 10.0 this is a major version upgrade, please check if your manually installed extensions and plugins are still working. Please also see http://www.mozilla.org/projects/security/known-vulnerabilities.html for more details. It includes fixes to the following security problems : - CVE-2006-3801/MFSA 2006-44: Code execution through deleted frame reference Thilo Girmann discovered that in certain circumstances a JavaScript reference to a frame or window was not properly cleared when the referenced content went away, and he demonstrated that this pointer to a deleted object could be used to execute native code supplied by the attacker. - CVE-2006-3677/MFSA 2006-45: JavaScript navigator Object Vulnerability An anonymous researcher for TippingPoint and the Zero Day Initiative showed that when used in a web page Java would reference properties of the window.navigator object as it started up. If the page replaced the navigator object before starting Java then the browser would crash in a way that could be exploited to run native code supplied by the attacker. - CVE-2006-3113/MFSA 2006-46: Memory corruption with simultaneous events Secunia Research has discovered a vulnerability in Mozilla Firefox 1.5 branch, which can be exploited by malicious people to compromise a user
    last seen2020-06-01
    modified2020-06-02
    plugin id27113
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27113
    titleopenSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-1981)
  • NASL familyWindows
    NASL idSEAMONKEY_103.NASL
    descriptionThe installed version of SeaMonkey contains various security issues, some of which could lead to execution of arbitrary code on the affected host subject to the user
    last seen2020-06-01
    modified2020-06-02
    plugin id22097
    published2006-07-27
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22097
    titleSeaMonkey < 1.0.3 Multiple Vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200608-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200608-03 (Mozilla Firefox: Multiple vulnerabilities) The following vulnerabilities have been reported: Benjamin Smedberg discovered that chrome URL
    last seen2020-06-01
    modified2020-06-02
    plugin id22145
    published2006-08-04
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22145
    titleGLSA-200608-03 : Mozilla Firefox: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0609.NASL
    descriptionUpdated SeaMonkey packages that fix several security bugs in the mozilla package are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. The Mozilla Foundation has discontinued support for the Mozilla Suite. This update deprecates the Mozilla Suite in Red Hat Enterprise Linux 4 in favor of the supported SeaMonkey Suite. This update also resolves a number of outstanding Mozilla security issues : Several flaws were found in the way SeaMonkey processed certain JavaScript actions. A malicious web page could execute arbitrary JavaScript instructions with the permissions of
    last seen2020-06-01
    modified2020-06-02
    plugin id22150
    published2006-08-04
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22150
    titleRHEL 4 : seamonkey (RHSA-2006:0609)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2006-0735.NASL
    descriptionUpdated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Users of Thunderbird are advised to upgrade to this update, which contains Thunderbird version 1.5.0.8 that corrects these issues. From Red Hat Security Advisory 2006:0735 : Several flaws were found in the way Thunderbird processes certain malformed Javascript code. A malicious HTML mail message could cause the execution of Javascript code in such a way that could cause Thunderbird to crash or execute arbitrary code as the user running Thunderbird. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Thunderbird renders HTML mail messages. A malicious HTML mail message could cause the mail client to crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-5464) A flaw was found in the way Thunderbird verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Thunderbird as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which would be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in Thunderbird 1.5.0.7, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462) From Red Hat Security Advisory 2006:0677 : Two flaws were found in the way Thunderbird processed certain regular expressions. A malicious HTML email could cause a crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-4565, CVE-2006-4566) A flaw was found in the Thunderbird auto-update verification system. An attacker who has the ability to spoof a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id67424
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67424
    titleOracle Linux 4 : thunderbird (ELSA-2006-0735 / ELSA-2006-0677 / ELBA-2006-0624 / ELSA-2006-0611)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0608.NASL
    descriptionUpdated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain JavaScript actions. A malicious web page could execute arbitrary JavaScript instructions with the permissions of
    last seen2020-06-01
    modified2020-06-02
    plugin id22114
    published2006-07-28
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22114
    titleRHEL 3 : seamonkey (RHSA-2006:0608)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_E2A926641D6011DB88CF000C6EC775D9.NASL
    descriptionA Mozilla Foundation Security Advisory reports of multiple issues. Several of which can be used to run arbitrary code with the privilege of the user running the program. - MFSA 2006-56 chrome: scheme loading remote content - MFSA 2006-55 Crashes with evidence of memory corruption (rv:1.8.0.5) - MFSA 2006-54 XSS with XPCNativeWrapper(window).Function(...) - MFSA 2006-53 UniversalBrowserRead privilege escalation - MFSA 2006-52 PAC privilege escalation using Function.prototype.call - MFSA 2006-51 Privilege escalation using named-functions and redefined
    last seen2020-06-01
    modified2020-06-02
    plugin id22105
    published2006-07-28
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22105
    titleFreeBSD : mozilla -- multiple vulnerabilities (e2a92664-1d60-11db-88cf-000c6ec775d9)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SEAMONKEY-1952.NASL
    descriptionThis security update brings Mozilla SeaMonkey to version 1.0.4. Please also see http://www.mozilla.org/projects/security/known-vulnerabilities.html for more details. It includes fixes to the following security problems : - CVE-2006-3801/MFSA 2006-44: Code execution through deleted frame reference Thilo Girmann discovered that in certain circumstances a JavaScript reference to a frame or window was not properly cleared when the referenced content went away, and he demonstrated that this pointer to a deleted object could be used to execute native code supplied by the attacker. - CVE-2006-3677/MFSA 2006-45: JavaScript navigator Object Vulnerability An anonymous researcher for TippingPoint and the Zero Day Initiative showed that when used in a web page Java would reference properties of the window.navigator object as it started up. If the page replaced the navigator object before starting Java then the browser would crash in a way that could be exploited to run native code supplied by the attacker. - CVE-2006-3113/MFSA 2006-46: Memory corruption with simultaneous events Secunia Research has discovered a vulnerability in Mozilla Firefox 1.5 branch, which can be exploited by malicious people to compromise a user
    last seen2020-06-01
    modified2020-06-02
    plugin id27435
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27435
    titleopenSUSE 10 Security Update : seamonkey (seamonkey-1952)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200608-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200608-02 (Mozilla SeaMonkey: Multiple vulnerabilities) The following vulnerabilities have been reported: Benjamin Smedberg discovered that chrome URL
    last seen2020-06-01
    modified2020-06-02
    plugin id22144
    published2006-08-04
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22144
    titleGLSA-200608-02 : Mozilla SeaMonkey: Multiple vulnerabilities
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_1505.NASL
    descriptionThe installed version of Firefox is affected by various security issues, some of which may lead to execution of arbitrary code on the affected host subject to the user
    last seen2020-06-01
    modified2020-06-02
    plugin id22095
    published2006-07-27
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22095
    titleFirefox < 1.5.0.5 Multiple Vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2006-0733.NASL
    descriptionUpdated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version 1.5.0.8 that corrects these issues. From Red Hat Security Advisory 2006:0733 : Several flaws were found in the way Firefox processes certain malformed Javascript code. A malicious web page could cause the execution of Javascript code in such a way that could cause Firefox to crash or execute arbitrary code as the user running Firefox. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Firefox renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running Firefox. (CVE-2006-5464) A flaw was found in the way Firefox verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Firefox as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in Firefox 1.5.0.7, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462) From Red Hat Security Advisory 2006:0675 : Two flaws were found in the way Firefox processed certain regular expressions. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Firefox. (CVE-2006-4565, CVE-2006-4566) A number of flaws were found in Firefox. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Firefox. (CVE-2006-4571) A flaw was found in the handling of Javascript timed events. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Firefox. (CVE-2006-4253) Daniel Bleichenbacher recently described an implementation error in RSA signature verification. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Firefox as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. (CVE-2006-4340) A flaw was found in the Firefox auto-update verification system. An attacker who has the ability to spoof a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id67422
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67422
    titleOracle Linux 4 : firefox (ELSA-2006-0733 / ELSA-2006-0675 / ELSA-2006-0610)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0611.NASL
    descriptionUpdated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. The Mozilla Foundation has discontinued support for the Mozilla Thunderbird 1.0 branch. This update deprecates the Mozilla Thunderbird 1.0 branch in Red Hat Enterprise Linux 4 in favor of the supported Mozilla Thunderbird 1.5 branch. This update also resolves a number of outstanding Thunderbird security issues : Several flaws were found in the way Thunderbird processed certain JavaScript actions. A malicious mail message could execute arbitrary JavaScript instructions with the permissions of
    last seen2020-06-01
    modified2020-06-02
    plugin id22122
    published2006-07-29
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22122
    titleRHEL 4 : thunderbird (RHSA-2006:0611)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-1960.NASL
    descriptionThis security update brings Mozilla Firefox to version 1.5.0.6. More details can be found on: http://www.mozilla.org/projects/security/known-vulnerabiliti es.html It includes fixes to the following security problems : - Code execution through deleted frame reference. (CVE-2006-3801 / MFSA 2006-44) Thilo Girmann discovered that in certain circumstances a JavaScript reference to a frame or window was not properly cleared when the referenced content went away, and he demonstrated that this pointer to a deleted object could be used to execute native code supplied by the attacker. - JavaScript navigator Object Vulnerability. (CVE-2006-3677 / MFSA 2006-45) An anonymous researcher for TippingPoint and the Zero Day Initiative showed that when used in a web page Java would reference properties of the window.navigator object as it started up. If the page replaced the navigator object before starting Java then the browser would crash in a way that could be exploited to run native code supplied by the attacker. - Memory corruption with simultaneous events. (CVE-2006-3113 / MFSA 2006-46) Secunia Research has discovered a vulnerability in Mozilla Firefox 1.5 branch, which can be exploited by malicious people to compromise a user
    last seen2020-06-01
    modified2020-06-02
    plugin id29354
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/29354
    titleSuSE 10 Security Update : Firefox (ZYPP Patch Number 1960)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-143.NASL
    descriptionA number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program. Previous updates to Firefox were patch fixes to Firefox 1.0.6 that brought it in sync with 1.0.8 in terms of security fixes. In this update, Mozilla Firefox 1.5.0.6 is being provided which corrects a number of vulnerabilities that were previously unpatched, as well as providing new and enhanced features. The following CVE names have been corrected with this update: CVE-2006-2613, CVE-2006-2894, CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786, CVE-2006-2787, CVE-2006-2788, CVE-2006-3677, CVE-2006-3803, CVE-2006-3804, CVE-2006-3806, CVE-2006-3807, CVE-2006-3113, CVE-2006-3801, CVE-2006-3802, CVE-2006-3805, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812. Update : The previous language packages were not correctly tagged for the new Firefox which resulted in many of them not loading properly. These updated language packages correct the problem.
    last seen2020-06-01
    modified2020-06-02
    plugin id23892
    published2006-12-16
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23892
    titleMandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:143-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0611.NASL
    descriptionUpdated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. The Mozilla Foundation has discontinued support for the Mozilla Thunderbird 1.0 branch. This update deprecates the Mozilla Thunderbird 1.0 branch in Red Hat Enterprise Linux 4 in favor of the supported Mozilla Thunderbird 1.5 branch. This update also resolves a number of outstanding Thunderbird security issues : Several flaws were found in the way Thunderbird processed certain JavaScript actions. A malicious mail message could execute arbitrary JavaScript instructions with the permissions of
    last seen2020-06-01
    modified2020-06-02
    plugin id22138
    published2006-08-04
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22138
    titleCentOS 4 : thunderbird (CESA-2006:0611)

Oval

accepted2013-04-29T04:08:18.435-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionMozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.
familyunix
idoval:org.mitre.oval:def:10745
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleMozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.
version26

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/82262/mozilla_navigatorjava.rb.txt
idPACKETSTORM:82262
last seen2016-12-05
published2009-10-27
reporterH D Moore
sourcehttps://packetstormsecurity.com/files/82262/Mozilla-Suite-Firefox-Navigator-Object-Code-Execution.html
titleMozilla Suite/Firefox Navigator Object Code Execution

Redhat

advisories
  • rhsa
    idRHSA-2006:0594
  • rhsa
    idRHSA-2006:0608
  • rhsa
    idRHSA-2006:0609
  • rhsa
    idRHSA-2006:0610
  • rhsa
    idRHSA-2006:0611
rpms
  • seamonkey-0:1.0.3-0.el3.1
  • seamonkey-chat-0:1.0.3-0.el3.1
  • seamonkey-debuginfo-0:1.0.3-0.el3.1
  • seamonkey-devel-0:1.0.3-0.el3.1
  • seamonkey-dom-inspector-0:1.0.3-0.el3.1
  • seamonkey-js-debugger-0:1.0.3-0.el3.1
  • seamonkey-mail-0:1.0.3-0.el3.1
  • seamonkey-nspr-0:1.0.3-0.el3.1
  • seamonkey-nspr-devel-0:1.0.3-0.el3.1
  • seamonkey-nss-0:1.0.3-0.el3.1
  • seamonkey-nss-devel-0:1.0.3-0.el3.1
  • devhelp-0:0.10-0.2.el4
  • devhelp-debuginfo-0:0.10-0.2.el4
  • devhelp-devel-0:0.10-0.2.el4
  • seamonkey-0:1.0.3-0.el4.1
  • seamonkey-chat-0:1.0.3-0.el4.1
  • seamonkey-debuginfo-0:1.0.3-0.el4.1
  • seamonkey-devel-0:1.0.3-0.el4.1
  • seamonkey-dom-inspector-0:1.0.3-0.el4.1
  • seamonkey-js-debugger-0:1.0.3-0.el4.1
  • seamonkey-mail-0:1.0.3-0.el4.1
  • firefox-0:1.5.0.5-0.el4.1
  • firefox-debuginfo-0:1.5.0.5-0.el4.1
  • thunderbird-0:1.5.0.5-0.el4.1
  • thunderbird-debuginfo-0:1.5.0.5-0.el4.1

Saint

bid19192
descriptionMozilla Firefox JavaScript Navigator object vulnerability
idweb_client_firefox
osvdb27559
titlefirefox_navigator
typeclient

Seebug

  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:63754
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-63754
    titleMozilla Firefox <= 1.5.0.4 - Javascript Navigator Object Code Execution PoC
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:5225
    last seen2017-11-19
    modified2006-10-24
    published2006-10-24
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-5225
    titleMozilla Firefox Javascript Navigator Object Remote Code Execution Vulnerability
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:16318
    last seen2017-11-19
    modified2006-07-28
    published2006-07-28
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-16318
    titleMozilla Firefox &lt;= 1.5.0.4 Javascript Navigator Object Code Execution PoC

References