Vulnerabilities > CVE-2007-1562 - Information Exposure vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Subverting Environment Variable Values The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
- Footprinting An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
- Exploiting Trust in Client (aka Make the Client Invisible) An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
- Browser Fingerprinting An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
- Session Credential Falsification through Prediction This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Exploit-Db
| description | Mozilla FireFox 1.5.x/2.0 FTP PASV Port-Scanning Vulnerability. CVE-2007-1562. Remote exploit for linux platform |
| id | EDB-ID:29768 |
| last seen | 2016-02-03 |
| modified | 2007-03-21 |
| published | 2007-03-21 |
| reporter | mark |
| source | https://www.exploit-db.com/download/29768/ |
| title | Mozilla FireFox 1.5.x/2.0 - FTP PASV Port-Scanning Vulnerability |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SEAMONKEY-3631.NASL description This update brings Mozilla SeaMonkey to security update version 1.1.2 - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such as the location bar. - MFSA 2007-16 / CVE-2007-2870 : Mozilla contributor moz_bug_r_a4 demonstrated that the addEventListener method could be used to inject script into another site in violation of the browser last seen 2020-06-01 modified 2020-06-02 plugin id 27441 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27441 title openSUSE 10 Security Update : seamonkey (seamonkey-3631) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update seamonkey-3631. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27441); script_version ("1.16"); script_cvs_date("Date: 2019/10/25 13:36:30"); script_cve_id("CVE-2007-1362", "CVE-2007-1558", "CVE-2007-1562", "CVE-2007-2867", "CVE-2007-2868", "CVE-2007-2869", "CVE-2007-2870", "CVE-2007-2871"); script_name(english:"openSUSE 10 Security Update : seamonkey (seamonkey-3631)"); script_summary(english:"Check for the seamonkey-3631 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update brings Mozilla SeaMonkey to security update version 1.1.2 - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such as the location bar. - MFSA 2007-16 / CVE-2007-2870 : Mozilla contributor moz_bug_r_a4 demonstrated that the addEventListener method could be used to inject script into another site in violation of the browser's same-origin policy. This could be used to access or modify private or valuable information from that other site. - MFSA 2007-15 / CVE-2007-1558 : Ga�tan Leurent informed us of a weakness in APOP authentication that could allow an attacker to recover the first part of your mail password if the attacker could interpose a malicious mail server on your network masquerading as your legitimate mail server. With normal settings it could take several hours for the attacker to gather enough data to recover just a few characters of the password. This result was presented at the Fast Software Encryption 2007 conference. - MFSA 2007-14 / CVE-2007-1362 : Nicolas Derouet reported two problems with cookie handling in Mozilla clients. Insufficient length checks could be use to exhaust browser memory and so to crash the browser or at least slow it done by a large degree. The second issue was that the cookie path and name values were not checked for the presence of the delimiter used for internal cookie storage, and if present this confused future interpretation of the cookie data. This is not considered to be exploitable. - MFSA 2007-13 / CVE-2007-2869 : Marcel reported that a malicious web page could perform a denial of service attack against the form autocomplete feature that would persist from session to session until the malicious form data was deleted. Filling a text field with millions of characters and submitting the form will cause the victim's browser to hang for up to several minutes while the form data is read, and this will happen the first time autocomplete is triggered after every browser restart. No harm is done to the user's computer, but the frustration caused by the hang could prevent use of Thunderbird if users don't know how to clear the bad state. - MFSA 2007-12 / CVE-2007-2867 / CVE-2007-2868 As part of the Thunderbird 2.0.0.4 and 1.5.0.12 update releases Mozilla developers fixed many bugs to improve the stability of the product. Some of these crashes that showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript, such as large images. - MFSA 2007-11 / CVE-2007-1562 : Incorrect FTP PASV handling could be used by malicious ftp servers to do a rudimentary port scanning of for instance internal networks of the computer the browser is running on." ); script_set_attribute( attribute:"solution", value:"Update the affected seamonkey packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(20, 94, 119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-irc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-mail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-spellchecker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-venkman"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2007/06/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"seamonkey-1.0.9-1.1") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"seamonkey-calendar-1.0.9-1.1") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"seamonkey-dom-inspector-1.0.9-1.1") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"seamonkey-irc-1.0.9-1.1") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"seamonkey-mail-1.0.9-1.1") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"seamonkey-spellchecker-1.0.9-1.1") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"seamonkey-venkman-1.0.9-1.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0400.NASL description From Red Hat Security Advisory 2007:0400 : Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way Firefox handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user last seen 2020-06-01 modified 2020-06-02 plugin id 67509 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67509 title Oracle Linux 4 / 5 : firefox (ELSA-2007-0400) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0400 and # Oracle Linux Security Advisory ELSA-2007-0400 respectively. # include("compat.inc"); if (description) { script_id(67509); script_version("1.12"); script_cvs_date("Date: 2019/10/25 13:36:06"); script_cve_id("CVE-2007-1362", "CVE-2007-1562", "CVE-2007-2867", "CVE-2007-2868", "CVE-2007-2869", "CVE-2007-2870", "CVE-2007-2871"); script_bugtraq_id(23082, 24242); script_xref(name:"RHSA", value:"2007:0400"); script_name(english:"Oracle Linux 4 / 5 : firefox (ELSA-2007-0400)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2007:0400 : Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way Firefox handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1562) Several denial of service flaws were found in the way Firefox handled certain form and cookie data. A malicious website that is able to set arbitrary form and cookie data could prevent Firefox from functioning properly. (CVE-2007-1362, CVE-2007-2869) A flaw was found in the way Firefox handled the addEventListener JavaScript method. A malicious website could use this method to access or modify sensitive data from another website. (CVE-2007-2870) A flaw was found in the way Firefox displayed certain web content. A malicious web page could generate content that would overlay user interface elements such as the hostname and security indicators, tricking users into thinking they are visiting a different site. (CVE-2007-2871) Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version 1.5.0.12 that corrects these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2007-June/000219.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2007-May/000163.html" ); script_set_attribute( attribute:"solution", value:"Update the affected firefox packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 94, 119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:devhelp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:devhelp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:firefox-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:yelp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/21"); script_set_attribute(attribute:"patch_publication_date", value:"2007/06/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4 / 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL4", cpu:"i386", reference:"firefox-1.5.0.12-0.1.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"firefox-1.5.0.12-0.1.el4.0.1")) flag++; if (rpm_check(release:"EL5", reference:"devhelp-0.12-11.el5")) flag++; if (rpm_check(release:"EL5", reference:"devhelp-devel-0.12-11.el5")) flag++; if (rpm_check(release:"EL5", reference:"firefox-1.5.0.12-1.el5.0.1")) flag++; if (rpm_check(release:"EL5", reference:"firefox-devel-1.5.0.12-1.el5.0.1")) flag++; if (rpm_check(release:"EL5", reference:"yelp-2.16.0-15.el5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "devhelp / devhelp-devel / firefox / firefox-devel / yelp"); }NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-3541.NASL description This update brings Mozilla Firefox to security update version 2.0.0.4 This is a major upgrade from the Firefox 1.5.0.x line for SUSE Linux 10.0. - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such as the location bar. - MFSA 2007-16 / CVE-2007-2870 : Mozilla contributor moz_bug_r_a4 demonstrated that the addEventListener method could be used to inject script into another site in violation of the browser last seen 2020-06-01 modified 2020-06-02 plugin id 27120 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27120 title openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-3541) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update MozillaFirefox-3541. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27120); script_version ("1.15"); script_cvs_date("Date: 2019/10/25 13:36:29"); script_cve_id("CVE-2007-1362", "CVE-2007-1562", "CVE-2007-2867", "CVE-2007-2868", "CVE-2007-2869", "CVE-2007-2870", "CVE-2007-2871"); script_name(english:"openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-3541)"); script_summary(english:"Check for the MozillaFirefox-3541 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update brings Mozilla Firefox to security update version 2.0.0.4 This is a major upgrade from the Firefox 1.5.0.x line for SUSE Linux 10.0. - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such as the location bar. - MFSA 2007-16 / CVE-2007-2870 : Mozilla contributor moz_bug_r_a4 demonstrated that the addEventListener method could be used to inject script into another site in violation of the browser's same-origin policy. This could be used to access or modify private or valuable information from that other site. - MFSA 2007-14 / CVE-2007-1362 : Nicolas Derouet reported two problems with cookie handling in Mozilla clients. Insufficient length checks could be use to exhaust browser memory and so to crash the browser or at least slow it done by a large degree. The second issue was that the cookie path and name values were not checked for the presence of the delimiter used for internal cookie storage, and if present this confused future interpretation of the cookie data. This is not considered to be exploitable. - MFSA 2007-13 / CVE-2007-2869 : Marcel reported that a malicious web page could perform a denial of service attack against the form autocomplete feature that would persist from session to session until the malicious form data was deleted. Filling a text field with millions of characters and submitting the form will cause the victim's browser to hang for up to several minutes while the form data is read, and this will happen the first time autocomplete is triggered after every browser restart. No harm is done to the user's computer, but the frustration caused by the hang could prevent use of Firefox if users don't know how to clear the bad state. - MFSA 2007-12 / CVE-2007-2867 / CVE-2007-2868 As part of the Firefox 2.0.0.4 and 1.5.0.12 update releases Mozilla developers fixed many bugs to improve the stability of the product. Some of these crashes that showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript, such as large images. - MFSA 2007-11 / CVE-2007-1562 : Incorrect FTP PASV handling could be used by malicious ftp servers to do a rudimentary port scanning of for instance internal networks of the computer the browser is running on." ); script_set_attribute( attribute:"solution", value:"Update the affected MozillaFirefox packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(20, 94, 119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2"); script_set_attribute(attribute:"patch_publication_date", value:"2007/06/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.2", reference:"MozillaFirefox-2.0.0.4-1.1") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"MozillaFirefox-translations-2.0.0.4-1.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0400.NASL description Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way Firefox handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user last seen 2020-06-01 modified 2020-06-02 plugin id 25365 published 2007-06-01 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25365 title RHEL 4 / 5 : firefox (RHSA-2007:0400) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0400. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(25365); script_version ("1.26"); script_cvs_date("Date: 2019/10/25 13:36:12"); script_cve_id("CVE-2007-1362", "CVE-2007-1562", "CVE-2007-2867", "CVE-2007-2868", "CVE-2007-2869", "CVE-2007-2870", "CVE-2007-2871"); script_bugtraq_id(23082, 24242); script_xref(name:"RHSA", value:"2007:0400"); script_name(english:"RHEL 4 / 5 : firefox (RHSA-2007:0400)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way Firefox handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1562) Several denial of service flaws were found in the way Firefox handled certain form and cookie data. A malicious website that is able to set arbitrary form and cookie data could prevent Firefox from functioning properly. (CVE-2007-1362, CVE-2007-2869) A flaw was found in the way Firefox handled the addEventListener JavaScript method. A malicious website could use this method to access or modify sensitive data from another website. (CVE-2007-2870) A flaw was found in the way Firefox displayed certain web content. A malicious web page could generate content that would overlay user interface elements such as the hostname and security indicators, tricking users into thinking they are visiting a different site. (CVE-2007-2871) Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version 1.5.0.12 that corrects these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-1362" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-1562" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-2867" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-2868" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-2869" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-2870" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-2871" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2007:0400" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 94, 119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:devhelp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:devhelp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:yelp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/21"); script_set_attribute(attribute:"patch_publication_date", value:"2007/05/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/06/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2007:0400"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"firefox-1.5.0.12-0.1.el4")) flag++; if (rpm_check(release:"RHEL5", reference:"devhelp-0.12-11.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"devhelp-devel-0.12-11.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"firefox-1.5.0.12-1.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"firefox-devel-1.5.0.12-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"yelp-2.16.0-15.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"yelp-2.16.0-15.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"yelp-2.16.0-15.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "devhelp / devhelp-devel / firefox / firefox-devel / yelp"); } }NASL family Fedora Local Security Checks NASL id FEDORA_2007-0008.NASL description Updated firefox packages that fix several security bugs are now available for Fedora Core 7. Users of epiphany are advised to upgrade to these erratum packages which have been rebuilt against a patched firefox which is not vulnerable to these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 62269 published 2012-09-24 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62269 title Fedora 7 : epiphany-2.18.1-3.fc7 (2007-0008) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-0008. # include("compat.inc"); if (description) { script_id(62269); script_version("1.8"); script_cvs_date("Date: 2019/08/02 13:32:25"); script_cve_id("CVE-2007-1362", "CVE-2007-1562", "CVE-2007-2867", "CVE-2007-2868", "CVE-2007-2869", "CVE-2007-2870", "CVE-2007-2871"); script_xref(name:"FEDORA", value:"2007-0008"); script_name(english:"Fedora 7 : epiphany-2.18.1-3.fc7 (2007-0008)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated firefox packages that fix several security bugs are now available for Fedora Core 7. Users of epiphany are advised to upgrade to these erratum packages which have been rebuilt against a patched firefox which is not vulnerable to these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=241840" ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-May/001783.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c8995b32" ); script_set_attribute( attribute:"solution", value: "Update the affected epiphany, epiphany-debuginfo and / or epiphany-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(20, 94, 119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:epiphany"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:epiphany-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:epiphany-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/21"); script_set_attribute(attribute:"patch_publication_date", value:"2007/05/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"epiphany-2.18.1-3.fc7")) flag++; if (rpm_check(release:"FC7", reference:"epiphany-debuginfo-2.18.1-3.fc7")) flag++; if (rpm_check(release:"FC7", reference:"epiphany-devel-2.18.1-3.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "epiphany / epiphany-debuginfo / epiphany-devel"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0402.NASL description Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way SeaMonkey handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user last seen 2020-06-01 modified 2020-06-02 plugin id 37778 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37778 title CentOS 3 / 4 : seamonkey (CESA-2007:0402) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0402 and # CentOS Errata and Security Advisory 2007:0402 respectively. # include("compat.inc"); if (description) { script_id(37778); script_version("1.17"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2007-1362", "CVE-2007-1558", "CVE-2007-1562", "CVE-2007-2867", "CVE-2007-2868", "CVE-2007-2869", "CVE-2007-2870", "CVE-2007-2871"); script_bugtraq_id(23082, 23257, 24242); script_xref(name:"RHSA", value:"2007:0402"); script_name(english:"CentOS 3 / 4 : seamonkey (CESA-2007:0402)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way SeaMonkey handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1562) Several denial of service flaws were found in the way SeaMonkey handled certain form and cookie data. A malicious website that is able to set arbitrary form and cookie data could prevent SeaMonkey from functioning properly. (CVE-2007-1362, CVE-2007-2869) A flaw was found in the way SeaMonkey processed certain APOP authentication requests. By sending certain responses when SeaMonkey attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials. (CVE-2007-1558) A flaw was found in the way SeaMonkey handled the addEventListener JavaScript method. A malicious website could use this method to access or modify sensitive data from another website. (CVE-2007-2870) A flaw was found in the way SeaMonkey displayed certain web content. A malicious web page could generate content that would overlay user interface elements such as the hostname and security indicators, tricking users into thinking they are visiting a different site. (CVE-2007-2871) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain SeaMonkey version 1.0.9 that corrects these issues." ); # https://lists.centos.org/pipermail/centos-announce/2007-June/013852.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?40a515a1" ); # https://lists.centos.org/pipermail/centos-announce/2007-June/013853.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?40f1d3cf" ); # https://lists.centos.org/pipermail/centos-announce/2007-May/013845.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?43730f6a" ); # https://lists.centos.org/pipermail/centos-announce/2007-May/013846.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5deec783" ); # https://lists.centos.org/pipermail/centos-announce/2007-May/013847.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?30292b8d" ); # https://lists.centos.org/pipermail/centos-announce/2007-May/013848.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?cfe36d90" ); script_set_attribute( attribute:"solution", value:"Update the affected seamonkey packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 94, 119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:devhelp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:devhelp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-chat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-js-debugger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-mail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nspr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nspr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nss-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/21"); script_set_attribute(attribute:"patch_publication_date", value:"2007/06/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"seamonkey-1.0.9-0.1.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"seamonkey-1.0.9-0.1.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-chat-1.0.9-0.1.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-devel-1.0.9-0.1.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-dom-inspector-1.0.9-0.1.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-js-debugger-1.0.9-0.1.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-mail-1.0.9-0.1.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-nspr-1.0.9-0.1.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-nspr-devel-1.0.9-0.1.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-nss-1.0.9-0.1.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-nss-devel-1.0.9-0.1.el3.centos3")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"devhelp-0.10-0.8.el4")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"devhelp-0.10-0.8.el4")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"devhelp-devel-0.10-0.8.el4")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"devhelp-devel-0.10-0.8.el4")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-1.0.9-2.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-chat-1.0.9-2.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-devel-1.0.9-2.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-dom-inspector-1.0.9-2.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-js-debugger-1.0.9-2.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-mail-1.0.9-2.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-nspr-1.0.9-2.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-nspr-devel-1.0.9-2.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-nss-1.0.9-2.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-nss-devel-1.0.9-2.el4.centos")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "devhelp / devhelp-devel / seamonkey / seamonkey-chat / etc"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0402.NASL description From Red Hat Security Advisory 2007:0402 : Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way SeaMonkey handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user last seen 2020-06-01 modified 2020-06-02 plugin id 67511 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67511 title Oracle Linux 3 / 4 : seamonkey (ELSA-2007-0402) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0402 and # Oracle Linux Security Advisory ELSA-2007-0402 respectively. # include("compat.inc"); if (description) { script_id(67511); script_version("1.12"); script_cvs_date("Date: 2019/10/25 13:36:06"); script_cve_id("CVE-2007-1362", "CVE-2007-1558", "CVE-2007-1562", "CVE-2007-2867", "CVE-2007-2868", "CVE-2007-2869", "CVE-2007-2870", "CVE-2007-2871"); script_bugtraq_id(23082, 23257, 24242); script_xref(name:"RHSA", value:"2007:0402"); script_name(english:"Oracle Linux 3 / 4 : seamonkey (ELSA-2007-0402)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2007:0402 : Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way SeaMonkey handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1562) Several denial of service flaws were found in the way SeaMonkey handled certain form and cookie data. A malicious website that is able to set arbitrary form and cookie data could prevent SeaMonkey from functioning properly. (CVE-2007-1362, CVE-2007-2869) A flaw was found in the way SeaMonkey processed certain APOP authentication requests. By sending certain responses when SeaMonkey attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials. (CVE-2007-1558) A flaw was found in the way SeaMonkey handled the addEventListener JavaScript method. A malicious website could use this method to access or modify sensitive data from another website. (CVE-2007-2870) A flaw was found in the way SeaMonkey displayed certain web content. A malicious web page could generate content that would overlay user interface elements such as the hostname and security indicators, tricking users into thinking they are visiting a different site. (CVE-2007-2871) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain SeaMonkey version 1.0.9 that corrects these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2007-May/000165.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2007-May/000166.html" ); script_set_attribute( attribute:"solution", value:"Update the affected seamonkey packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 94, 119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:devhelp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:devhelp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:seamonkey-chat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:seamonkey-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:seamonkey-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:seamonkey-js-debugger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:seamonkey-mail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:seamonkey-nspr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:seamonkey-nspr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:seamonkey-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:seamonkey-nss-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/21"); script_set_attribute(attribute:"patch_publication_date", value:"2007/05/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3 / 4", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL3", cpu:"i386", reference:"seamonkey-1.0.9-0.1.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"seamonkey-1.0.9-0.1.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"seamonkey-chat-1.0.9-0.1.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"seamonkey-chat-1.0.9-0.1.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"seamonkey-devel-1.0.9-0.1.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"seamonkey-devel-1.0.9-0.1.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"seamonkey-dom-inspector-1.0.9-0.1.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"seamonkey-dom-inspector-1.0.9-0.1.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"seamonkey-js-debugger-1.0.9-0.1.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"seamonkey-js-debugger-1.0.9-0.1.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"seamonkey-mail-1.0.9-0.1.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"seamonkey-mail-1.0.9-0.1.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"seamonkey-nspr-1.0.9-0.1.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"seamonkey-nspr-1.0.9-0.1.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"seamonkey-nspr-devel-1.0.9-0.1.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"seamonkey-nspr-devel-1.0.9-0.1.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"seamonkey-nss-1.0.9-0.1.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"seamonkey-nss-1.0.9-0.1.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"seamonkey-nss-devel-1.0.9-0.1.el3.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"seamonkey-nss-devel-1.0.9-0.1.el3.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"devhelp-0.10-0.8.el4")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"devhelp-0.10-0.8.el4")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"devhelp-devel-0.10-0.8.el4")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"devhelp-devel-0.10-0.8.el4")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"seamonkey-1.0.9-2.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"seamonkey-1.0.9-2.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"seamonkey-chat-1.0.9-2.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"seamonkey-chat-1.0.9-2.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"seamonkey-devel-1.0.9-2.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"seamonkey-devel-1.0.9-2.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"seamonkey-dom-inspector-1.0.9-2.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"seamonkey-dom-inspector-1.0.9-2.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"seamonkey-js-debugger-1.0.9-2.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"seamonkey-js-debugger-1.0.9-2.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"seamonkey-mail-1.0.9-2.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"seamonkey-mail-1.0.9-2.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"seamonkey-nspr-1.0.9-2.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"seamonkey-nspr-1.0.9-2.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"seamonkey-nspr-devel-1.0.9-2.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"seamonkey-nspr-devel-1.0.9-2.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"seamonkey-nss-1.0.9-2.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"seamonkey-nss-1.0.9-2.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"seamonkey-nss-devel-1.0.9-2.el4.0.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"seamonkey-nss-devel-1.0.9-2.el4.0.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "devhelp / devhelp-devel / seamonkey / seamonkey-chat / etc"); }NASL family Scientific Linux Local Security Checks NASL id SL_20070530_FIREFOX_ON_SL5_X.NASL description Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way Firefox handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user last seen 2020-06-01 modified 2020-06-02 plugin id 60192 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60192 title Scientific Linux Security Update : firefox on SL5.x, SL4.x, SL3.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(60192); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:17"); script_cve_id("CVE-2007-1362", "CVE-2007-1562", "CVE-2007-2867", "CVE-2007-2868", "CVE-2007-2869", "CVE-2007-2870", "CVE-2007-2871"); script_name(english:"Scientific Linux Security Update : firefox on SL5.x, SL4.x, SL3.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way Firefox handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1562) Several denial of service flaws were found in the way Firefox handled certain form and cookie data. A malicious website that is able to set arbitrary form and cookie data could prevent Firefox from functioning properly. (CVE-2007-1362, CVE-2007-2869) A flaw was found in the way Firefox handled the addEventListener JavaScript method. A malicious website could use this method to access or modify sensitive data from another website. (CVE-2007-2870) A flaw was found in the way Firefox displayed certain web content. A malicious web page could generate content that would overlay user interface elements such as the hostname and security indicators, tricking users into thinking they are visiting a different site. (CVE-2007-2871)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0706&L=scientific-linux-errata&T=0&P=710 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d2378ece" ); script_set_attribute( attribute:"solution", value:"Update the affected devhelp, firefox and / or yelp packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(20, 94, 119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/05/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL3", reference:"firefox-1.5.0.12-0.1.SL3")) flag++; if (rpm_check(release:"SL4", reference:"firefox-1.5.0.12-0.1.el4")) flag++; if (rpm_check(release:"SL5", reference:"devhelp-0.12-11.el5")) flag++; if (rpm_check(release:"SL5", reference:"firefox-1.5.0.12-1.el5")) flag++; if (rpm_check(release:"SL5", reference:"yelp-2.16.0-15.el5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0400.NASL description Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way Firefox handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user last seen 2020-06-01 modified 2020-06-02 plugin id 36608 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36608 title CentOS 4 / 5 : devhelp / firefox / yelp (CESA-2007:0400) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0400 and # CentOS Errata and Security Advisory 2007:0400 respectively. # include("compat.inc"); if (description) { script_id(36608); script_version("1.17"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2007-1362", "CVE-2007-1562", "CVE-2007-2867", "CVE-2007-2868", "CVE-2007-2869", "CVE-2007-2870", "CVE-2007-2871"); script_bugtraq_id(23082, 24242); script_xref(name:"RHSA", value:"2007:0400"); script_name(english:"CentOS 4 / 5 : devhelp / firefox / yelp (CESA-2007:0400)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way Firefox handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1562) Several denial of service flaws were found in the way Firefox handled certain form and cookie data. A malicious website that is able to set arbitrary form and cookie data could prevent Firefox from functioning properly. (CVE-2007-1362, CVE-2007-2869) A flaw was found in the way Firefox handled the addEventListener JavaScript method. A malicious website could use this method to access or modify sensitive data from another website. (CVE-2007-2870) A flaw was found in the way Firefox displayed certain web content. A malicious web page could generate content that would overlay user interface elements such as the hostname and security indicators, tricking users into thinking they are visiting a different site. (CVE-2007-2871) Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version 1.5.0.12 that corrects these issues." ); # https://lists.centos.org/pipermail/centos-announce/2007-June/013854.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0a30f446" ); # https://lists.centos.org/pipermail/centos-announce/2007-June/013859.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4f584c57" ); # https://lists.centos.org/pipermail/centos-announce/2007-June/013860.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e1195591" ); # https://lists.centos.org/pipermail/centos-announce/2007-June/013861.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?76bc5218" ); # https://lists.centos.org/pipermail/centos-announce/2007-June/013862.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?35025cbf" ); # https://lists.centos.org/pipermail/centos-announce/2007-June/013863.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9326b0fe" ); # https://lists.centos.org/pipermail/centos-announce/2007-June/013864.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f710d12d" ); # https://lists.centos.org/pipermail/centos-announce/2007-May/013841.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1f6bd4e3" ); # https://lists.centos.org/pipermail/centos-announce/2007-May/013842.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?aada3429" ); script_set_attribute( attribute:"solution", value:"Update the affected devhelp, firefox and / or yelp packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 94, 119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:devhelp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:devhelp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:firefox-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:yelp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/21"); script_set_attribute(attribute:"patch_publication_date", value:"2007/06/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x / 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-4", reference:"firefox-1.5.0.12-0.1.el4.centos")) flag++; if (rpm_check(release:"CentOS-5", reference:"devhelp-0.12-11.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"devhelp-devel-0.12-11.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"firefox-1.5.0.12-1.el5.centos")) flag++; if (rpm_check(release:"CentOS-5", reference:"firefox-devel-1.5.0.12-1.el5.centos")) flag++; if (rpm_check(release:"CentOS-5", reference:"yelp-2.16.0-15.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "devhelp / devhelp-devel / firefox / firefox-devel / yelp"); }NASL family Fedora Local Security Checks NASL id FEDORA_2007-554.NASL description Updated firefox packages that fix several security bugs are now available for Fedora Core 5. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way Firefox handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user last seen 2020-06-01 modified 2020-06-02 plugin id 25379 published 2007-06-04 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25379 title Fedora Core 5 : firefox-1.5.0.12-1.fc5 (2007-554) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-554. # include("compat.inc"); if (description) { script_id(25379); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:26"); script_xref(name:"FEDORA", value:"2007-554"); script_name(english:"Fedora Core 5 : firefox-1.5.0.12-1.fc5 (2007-554)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated firefox packages that fix several security bugs are now available for Fedora Core 5. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way Firefox handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1562) Several denial of service flaws were found in the way Firefox handled certain form and cookie data. A malicious website that is able to set arbitrary form and cookie data could prevent Firefox from functioning properly. (CVE-2007-1362, CVE-2007-2869) A flaw was found in the way Firefox handled the addEventListener JavaScript method. A malicious website could use this method to access or modify sensitive data from another website. (CVE-2007-2870) A flaw was found in the way Firefox displayed certain web content. A malicious web page could generate content that would overlay user interface elements such as the hostname and security indicators, tricking users into thinking they are visiting a different site. (CVE-2007-2871) Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version 1.5.0.12 that corrects these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-May/001770.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c788a34e" ); script_set_attribute( attribute:"solution", value:"Update the affected firefox and / or firefox-debuginfo packages." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:firefox-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5"); script_set_attribute(attribute:"patch_publication_date", value:"2007/05/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/06/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC5", reference:"firefox-1.5.0.12-1.fc5")) flag++; if (rpm_check(release:"FC5", reference:"firefox-debuginfo-1.5.0.12-1.fc5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / firefox-debuginfo"); }NASL family Fedora Local Security Checks NASL id FEDORA_2007-552.NASL description Updated seamonkey packages that fix several security bugs are now available for Fedora Core 5. This update has been rated as having critical security impact by the Fedora Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way SeaMonkey handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user last seen 2020-06-01 modified 2020-06-02 plugin id 25378 published 2007-06-04 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25378 title Fedora Core 5 : devhelp-0.11-7.fc5 / epiphany-2.14.3-6.fc5 / seamonkey-1.0.9-1.fc5 / etc (2007-552) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-552. # include("compat.inc"); if (description) { script_id(25378); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:26"); script_xref(name:"FEDORA", value:"2007-552"); script_name(english:"Fedora Core 5 : devhelp-0.11-7.fc5 / epiphany-2.14.3-6.fc5 / seamonkey-1.0.9-1.fc5 / etc (2007-552)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated seamonkey packages that fix several security bugs are now available for Fedora Core 5. This update has been rated as having critical security impact by the Fedora Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way SeaMonkey handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1562) Several denial of service flaws were found in the way SeaMonkey handled certain form and cookie data. A malicious website that is able to set arbitrary form and cookie data could prevent SeaMonkey from functioning properly. (CVE-2007-1362, CVE-2007-2869) A flaw was found in the way SeaMonkey processed certain APOP authentication requests. By sending certain responses when SeaMonkey attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials. (CVE-2007-1558) A flaw was found in the way SeaMonkey handled the addEventListener JavaScript method. A malicious website could use this method to access or modify sensitive data from another website. (CVE-2007-2870) A flaw was found in the way SeaMonkey displayed certain web content. A malicious web page could generate content that would overlay user interface elements such as the hostname and security indicators, tricking users into thinking they are visiting a different site. (CVE-2007-2871) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain SeaMonkey version 1.0.9 that corrects these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-May/001766.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f9de1cd6" ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-May/001767.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?19a029b6" ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-May/001768.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e4a99ed4" ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-May/001769.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e08eb091" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:devhelp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:devhelp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:devhelp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:epiphany"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:epiphany-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:epiphany-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:seamonkey-chat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:seamonkey-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:seamonkey-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:seamonkey-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:seamonkey-js-debugger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:seamonkey-mail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:yelp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:yelp-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5"); script_set_attribute(attribute:"patch_publication_date", value:"2007/05/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/06/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC5", reference:"devhelp-0.11-7.fc5")) flag++; if (rpm_check(release:"FC5", reference:"devhelp-debuginfo-0.11-7.fc5")) flag++; if (rpm_check(release:"FC5", reference:"devhelp-devel-0.11-7.fc5")) flag++; if (rpm_check(release:"FC5", reference:"epiphany-2.14.3-6.fc5")) flag++; if (rpm_check(release:"FC5", reference:"epiphany-debuginfo-2.14.3-6.fc5")) flag++; if (rpm_check(release:"FC5", reference:"epiphany-devel-2.14.3-6.fc5")) flag++; if (rpm_check(release:"FC5", reference:"seamonkey-1.0.9-1.fc5")) flag++; if (rpm_check(release:"FC5", reference:"seamonkey-chat-1.0.9-1.fc5")) flag++; if (rpm_check(release:"FC5", reference:"seamonkey-debuginfo-1.0.9-1.fc5")) flag++; if (rpm_check(release:"FC5", reference:"seamonkey-devel-1.0.9-1.fc5")) flag++; if (rpm_check(release:"FC5", reference:"seamonkey-dom-inspector-1.0.9-1.fc5")) flag++; if (rpm_check(release:"FC5", reference:"seamonkey-js-debugger-1.0.9-1.fc5")) flag++; if (rpm_check(release:"FC5", reference:"seamonkey-mail-1.0.9-1.fc5")) flag++; if (rpm_check(release:"FC5", reference:"yelp-2.14.3-5.fc5")) flag++; if (rpm_check(release:"FC5", reference:"yelp-debuginfo-2.14.3-5.fc5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "devhelp / devhelp-debuginfo / devhelp-devel / epiphany / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_SEAMONKEY-3632.NASL description This update brings Mozilla SeaMonkey to security update version 1.1.2 - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such as the location bar. - MFSA 2007-16 / CVE-2007-2870 : Mozilla contributor moz_bug_r_a4 demonstrated that the addEventListener method could be used to inject script into another site in violation of the browser last seen 2020-06-01 modified 2020-06-02 plugin id 27442 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27442 title openSUSE 10 Security Update : seamonkey (seamonkey-3632) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update seamonkey-3632. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27442); script_version ("1.17"); script_cvs_date("Date: 2019/10/25 13:36:30"); script_cve_id("CVE-2007-1362", "CVE-2007-1558", "CVE-2007-1562", "CVE-2007-2867", "CVE-2007-2868", "CVE-2007-2869", "CVE-2007-2870", "CVE-2007-2871"); script_name(english:"openSUSE 10 Security Update : seamonkey (seamonkey-3632)"); script_summary(english:"Check for the seamonkey-3632 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update brings Mozilla SeaMonkey to security update version 1.1.2 - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such as the location bar. - MFSA 2007-16 / CVE-2007-2870 : Mozilla contributor moz_bug_r_a4 demonstrated that the addEventListener method could be used to inject script into another site in violation of the browser's same-origin policy. This could be used to access or modify private or valuable information from that other site. - MFSA 2007-15 / CVE-2007-1558 : Gaëtan Leurent informed us of a weakness in APOP authentication that could allow an attacker to recover the first part of your mail password if the attacker could interpose a malicious mail server on your network masquerading as your legitimate mail server. With normal settings it could take several hours for the attacker to gather enough data to recover just a few characters of the password. This result was presented at the Fast Software Encryption 2007 conference. - MFSA 2007-14 / CVE-2007-1362 : Nicolas Derouet reported two problems with cookie handling in Mozilla clients. Insufficient length checks could be use to exhaust browser memory and so to crash the browser or at least slow it done by a large degree. The second issue was that the cookie path and name values were not checked for the presence of the delimiter used for internal cookie storage, and if present this confused future interpretation of the cookie data. This is not considered to be exploitable. - MFSA 2007-13 / CVE-2007-2869 : Marcel reported that a malicious web page could perform a denial of service attack against the form autocomplete feature that would persist from session to session until the malicious form data was deleted. Filling a text field with millions of characters and submitting the form will cause the victim's browser to hang for up to several minutes while the form data is read, and this will happen the first time autocomplete is triggered after every browser restart. No harm is done to the user's computer, but the frustration caused by the hang could prevent use of Thunderbird if users don't know how to clear the bad state. - MFSA 2007-12 / CVE-2007-2867 / CVE-2007-2868 As part of the Thunderbird 2.0.0.4 and 1.5.0.12 update releases Mozilla developers fixed many bugs to improve the stability of the product. Some of these crashes that showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript, such as large images. - MFSA 2007-11 / CVE-2007-1562 : Incorrect FTP PASV handling could be used by malicious ftp servers to do a rudimentary port scanning of for instance internal networks of the computer the browser is running on." ); script_set_attribute( attribute:"solution", value:"Update the affected seamonkey packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(20, 94, 119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-irc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-mail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-spellchecker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:seamonkey-venkman"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2"); script_set_attribute(attribute:"patch_publication_date", value:"2007/06/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.2", reference:"seamonkey-1.1.2-1.1") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"seamonkey-dom-inspector-1.1.2-1.1") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"seamonkey-irc-1.1.2-1.1") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"seamonkey-mail-1.1.2-1.1") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"seamonkey-spellchecker-1.1.2-1.1") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"seamonkey-venkman-1.1.2-1.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey"); }NASL family Fedora Local Security Checks NASL id FEDORA_2007-0006.NASL description Updated firefox packages that fix several security bugs are now available for Fedora Core 7. Users of devhelp are advised to upgrade to these erratum packages, which contain an update to devhelp built against the updated Firefox packages. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 62268 published 2012-09-24 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62268 title Fedora 7 : devhelp-0.13-8.fc7 (2007-0006) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-0006. # include("compat.inc"); if (description) { script_id(62268); script_version("1.8"); script_cvs_date("Date: 2019/08/02 13:32:25"); script_cve_id("CVE-2007-1362", "CVE-2007-1562", "CVE-2007-2867", "CVE-2007-2868", "CVE-2007-2869", "CVE-2007-2870", "CVE-2007-2871"); script_xref(name:"FEDORA", value:"2007-0006"); script_name(english:"Fedora 7 : devhelp-0.13-8.fc7 (2007-0006)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated firefox packages that fix several security bugs are now available for Fedora Core 7. Users of devhelp are advised to upgrade to these erratum packages, which contain an update to devhelp built against the updated Firefox packages. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=241840" ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-May/001780.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b3416a44" ); script_set_attribute( attribute:"solution", value: "Update the affected devhelp, devhelp-debuginfo and / or devhelp-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(20, 94, 119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:devhelp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:devhelp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:devhelp-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/21"); script_set_attribute(attribute:"patch_publication_date", value:"2007/05/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"devhelp-0.13-8.fc7")) flag++; if (rpm_check(release:"FC7", reference:"devhelp-debuginfo-0.13-8.fc7")) flag++; if (rpm_check(release:"FC7", reference:"devhelp-devel-0.13-8.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "devhelp / devhelp-debuginfo / devhelp-devel"); }NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-3547.NASL description This update brings Mozilla Firefox to security update version 2.0.0.4 This is a major upgrade from the Firefox 1.5.0.x line for SUSE Linux 10.0 and 10.1. - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome UI such as the location bar. - MFSA 2007-16 / CVE-2007-2870 : Mozilla contributor moz_bug_r_a4 demonstrated that the addEventListener method could be used to inject script into another site in violation of the browser last seen 2020-06-01 modified 2020-06-02 plugin id 27121 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27121 title openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-3547) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update MozillaFirefox-3547. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27121); script_version ("1.15"); script_cvs_date("Date: 2019/10/25 13:36:29"); script_cve_id("CVE-2007-1362", "CVE-2007-1562", "CVE-2007-2867", "CVE-2007-2868", "CVE-2007-2869", "CVE-2007-2870", "CVE-2007-2871"); script_name(english:"openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-3547)"); script_summary(english:"Check for the MozillaFirefox-3547 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update brings Mozilla Firefox to security update version 2.0.0.4 This is a major upgrade from the Firefox 1.5.0.x line for SUSE Linux 10.0 and 10.1. - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome UI such as the location bar. - MFSA 2007-16 / CVE-2007-2870 : Mozilla contributor moz_bug_r_a4 demonstrated that the addEventListener method could be used to inject script into another site in violation of the browser's same-origin policy. This could be used to access or modify private or valuable information from that other site. - MFSA 2007-14 / CVE-2007-1362 : Nicolas Derouet reported two problems with cookie handling in Mozilla clients. Insufficient length checks could be use to exhaust browser memory and so to crash the browser or at least slow it done by a large degree. The second issue was that the cookie path and name values were not checked for the presence of the delimiter used for internal cookie storage, and if present this confused future interpretation of the cookie data. This is not considered to be exploitable. - MFSA 2007-13 / CVE-2007-2869 : Marcel reported that a malicious web page could perform a denial of service attack against the form autocomplete feature that would persist from session to session until the malicious form data was deleted. Filling a text field with millions of characters and submitting the form will cause the victim's browser to hang for up to several minutes while the form data is read, and this will happen the first time autocomplete is triggered after every browser restart. No harm is done to the user's computer, but the frustration caused by the hang could prevent use of Firefox if users don't know how to clear the bad state. - MFSA 2007-12 / CVE-2007-2867 / CVE-2007-2868 As part of the Firefox 2.0.0.4 and 1.5.0.12 update releases Mozilla developers fixed many bugs to improve the stability of the product. Some of these crashes that showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript, such as large images. - MFSA 2007-11 / CVE-2007-1562 : Incorrect FTP PASV handling could be used by malicious ftp servers to do a rudimentary port scanning of for instance internal networks of the computer the browser is running on." ); script_set_attribute( attribute:"solution", value:"Update the affected MozillaFirefox packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(20, 94, 119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaFirefox-translations"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2007/06/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686)$") audit(AUDIT_ARCH_NOT, "i586 / i686", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"MozillaFirefox-2.0.0.4-1.2") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"MozillaFirefox-translations-2.0.0.4-1.2") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox"); }NASL family SuSE Local Security Checks NASL id SUSE_MOZILLATHUNDERBIRD-3545.NASL description This update brings Mozilla Thunderbird to security update version 1.5.0.12. - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such as the location bar. - MFSA 2007-16 / CVE-2007-2870 : Mozilla contributor moz_bug_r_a4 demonstrated that the addEventListener method could be used to inject script into another site in violation of the browser last seen 2020-06-01 modified 2020-06-02 plugin id 27130 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27130 title openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-3545) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update MozillaThunderbird-3545. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27130); script_version ("1.16"); script_cvs_date("Date: 2019/10/25 13:36:29"); script_cve_id("CVE-2007-1362", "CVE-2007-1558", "CVE-2007-1562", "CVE-2007-2867", "CVE-2007-2868", "CVE-2007-2869", "CVE-2007-2870", "CVE-2007-2871"); script_name(english:"openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-3545)"); script_summary(english:"Check for the MozillaThunderbird-3545 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update brings Mozilla Thunderbird to security update version 1.5.0.12. - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such as the location bar. - MFSA 2007-16 / CVE-2007-2870 : Mozilla contributor moz_bug_r_a4 demonstrated that the addEventListener method could be used to inject script into another site in violation of the browser's same-origin policy. This could be used to access or modify private or valuable information from that other site. - MFSA 2007-15 / CVE-2007-1558 : Gaëtan Leurent informed us of a weakness in APOP authentication that could allow an attacker to recover the first part of your mail password if the attacker could interpose a malicious mail server on your network masquerading as your legitimate mail server. With normal settings it could take several hours for the attacker to gather enough data to recover just a few characters of the password. This result was presented at the Fast Software Encryption 2007 conference. - MFSA 2007-14 / CVE-2007-1362 : Nicolas Derouet reported two problems with cookie handling in Mozilla clients. Insufficient length checks could be use to exhaust browser memory and so to crash the browser or at least slow it done by a large degree. The second issue was that the cookie path and name values were not checked for the presence of the delimiter used for internal cookie storage, and if present this confused future interpretation of the cookie data. This is not considered to be exploitable. - MFSA 2007-13 / CVE-2007-2869 : Marcel reported that a malicious web page could perform a denial of service attack against the form autocomplete feature that would persist from session to session until the malicious form data was deleted. Filling a text field with millions of characters and submitting the form will cause the victim's browser to hang for up to several minutes while the form data is read, and this will happen the first time autocomplete is triggered after every browser restart. No harm is done to the user's computer, but the frustration caused by the hang could prevent use of Thunderbird if users don't know how to clear the bad state. - MFSA 2007-12 / CVE-2007-2867 / CVE-2007-2868 As part of the Thunderbird 2.0.0.4 and 1.5.0.12 update releases Mozilla developers fixed many bugs to improve the stability of the product. Some of these crashes that showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript, such as large images. - MFSA 2007-11 / CVE-2007-1562 : Incorrect FTP PASV handling could be used by malicious ftp servers to do a rudimentary port scanning of for instance internal networks of the computer the browser is running on." ); script_set_attribute( attribute:"solution", value:"Update the affected MozillaThunderbird packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(20, 94, 119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2007/06/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"MozillaThunderbird-1.5.0.12-2.2") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"MozillaThunderbird-translations-1.5.0.12-2.2") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaThunderbird"); }NASL family SuSE Local Security Checks NASL id SUSE_MOZILLAFIREFOX-3756.NASL description This update brings Mozilla Firefox to security update version 2.0.0.4 - Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such as the location bar. (MFSA 2007-17 / CVE-2007-2871) - Mozilla contributor moz_bug_r_a4 demonstrated that the addEventListener method could be used to inject script into another site in violation of the browser last seen 2020-06-01 modified 2020-06-02 plugin id 29360 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29360 title SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 3756) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(29360); script_version ("1.20"); script_cvs_date("Date: 2019/10/25 13:36:29"); script_cve_id("CVE-2007-1362", "CVE-2007-1562", "CVE-2007-2867", "CVE-2007-2868", "CVE-2007-2869", "CVE-2007-2870", "CVE-2007-2871"); script_name(english:"SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 3756)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This update brings Mozilla Firefox to security update version 2.0.0.4 - Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such as the location bar. (MFSA 2007-17 / CVE-2007-2871) - Mozilla contributor moz_bug_r_a4 demonstrated that the addEventListener method could be used to inject script into another site in violation of the browser's same-origin policy. This could be used to access or modify private or valuable information from that other site. (MFSA 2007-16 / CVE-2007-2870) - Nicolas Derouet reported two problems with cookie handling in Mozilla clients. Insufficient length checks could be use to exhaust browser memory and so to crash the browser or at least slow it done by a large degree. (MFSA 2007-14 / CVE-2007-1362) The second issue was that the cookie path and name values were not checked for the presence of the delimiter used for internal cookie storage, and if present this confused future interpretation of the cookie data. This is not considered to be exploitable. - Marcel reported that a malicious web page could perform a denial of service attack against the form autocomplete feature that would persist from session to session until the malicious form data was deleted. Filling a text field with millions of characters and submitting the form will cause the victim's browser to hang for up to several minutes while the form data is read, and this will happen the first time autocomplete is triggered after every browser restart. (MFSA 2007-13 / CVE-2007-2869) No harm is done to the user's computer, but the frustration caused by the hang could prevent use of Firefox if users don't know how to clear the bad state. - As part of the Firefox 2.0.0.4 and 1.5.0.12 update releases Mozilla developers fixed many bugs to improve the stability of the product. Some of these crashes that showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2007-12 / CVE-2007-2867 / CVE-2007-2868) Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript, such as large images. - Incorrect FTP PASV handling could be used by malicious ftp servers to do a rudimentary port scanning of for instance internal networks of the computer the browser is running on. (MFSA 2007-11 / CVE-2007-1562)" ); # http://www.mozilla.org/security/announce/2007/mfsa2007-11.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-11/" ); # http://www.mozilla.org/security/announce/2007/mfsa2007-12.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-12/" ); # http://www.mozilla.org/security/announce/2007/mfsa2007-13.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-13/" ); # http://www.mozilla.org/security/announce/2007/mfsa2007-14.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-14/" ); # http://www.mozilla.org/security/announce/2007/mfsa2007-16.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-16/" ); # http://www.mozilla.org/security/announce/2007/mfsa2007-17.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-17/" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-1362.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-1562.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-2867.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-2868.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-2869.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-2870.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-2871.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 3756."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(20, 94, 119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/21"); script_set_attribute(attribute:"patch_publication_date", value:"2007/06/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:1, reference:"MozillaFirefox-2.0.0.4-1.5")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"MozillaFirefox-translations-2.0.0.4-1.5")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"MozillaFirefox-2.0.0.4-1.5")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"MozillaFirefox-translations-2.0.0.4-1.5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family Fedora Local Security Checks NASL id FEDORA_2007-549.NASL description Updated firefox packages that fix several security bugs are now available Fedora Core 6. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way Firefox handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user last seen 2020-06-01 modified 2020-06-02 plugin id 25375 published 2007-06-04 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25375 title Fedora Core 6 : devhelp-0.12-11.fc6 / epiphany-2.16.3-5.fc6 / firefox-1.5.0.12-1.fc6 / etc (2007-549) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-443-1.NASL description A flaw was discovered in how Firefox handled PASV FTP responses. If a user were tricked into visiting a malicious FTP server, a remote attacker could perform a port-scan of machines within the user last seen 2020-06-01 modified 2020-06-02 plugin id 28040 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28040 title Ubuntu 5.10 / 6.06 LTS / 6.10 : firefox vulnerability (USN-443-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0402.NASL description Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way SeaMonkey handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user last seen 2020-06-01 modified 2020-06-02 plugin id 25367 published 2007-06-01 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25367 title RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2007:0402) NASL family Fedora Local Security Checks NASL id FEDORA_2007-0009.NASL description Updated firefox packages that fix several security bugs are now available for Fedora Core 7. Users of yelp are advised to upgrade to these erratum packages which contain a version of yelp built against a firefox version not vulnerable to these flaws. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 62270 published 2012-09-24 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62270 title Fedora 7 : yelp-2.18.1-4.fc7 (2007-0009) NASL family SuSE Local Security Checks NASL id SUSE_MOZILLATHUNDERBIRD-3546.NASL description This update brings Mozilla Thunderbird to security update version 1.5.0.12. - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such as the location bar. - MFSA 2007-16 / CVE-2007-2870 : Mozilla contributor moz_bug_r_a4 demonstrated that the addEventListener method could be used to inject script into another site in violation of the browser last seen 2020-06-01 modified 2020-06-02 plugin id 27131 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27131 title openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-3546) NASL family Windows NASL id MOZILLA_FIREFOX_15011.NASL description The FTP client support in the installed version of Firefox has a flaw that could allow a remote attacker with control of an FTP server to perform a rudimentary port scan of, for example, the user last seen 2020-06-01 modified 2020-06-02 plugin id 24875 published 2007-03-23 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24875 title Firefox < 1.5.0.11 / 2.0.0.3 Multiple Vulnerabilities NASL family Scientific Linux Local Security Checks NASL id SL_20070530_SEAMONKEY_ON_SL4_X.NASL description Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way SeaMonkey handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user last seen 2020-06-01 modified 2020-06-02 plugin id 60194 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60194 title Scientific Linux Security Update : seamonkey on SL4.x, SL3.x i386/x86_64 NASL family Fedora Local Security Checks NASL id FEDORA_2007-0001.NASL description Updated firefox packages that fix several security bugs are now available for Fedora Core 7. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way Firefox handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user last seen 2020-06-01 modified 2020-06-02 plugin id 27648 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27648 title Fedora 7 : firefox-2.0.0.4-1.fc7 (2007-0001)
Oval
| accepted | 2013-04-29T04:14:00.295-04:00 | ||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||
| description | The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | ||||||||||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:11431 | ||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
| title | The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | ||||||||||||||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf
- https://bugzilla.mozilla.org/show_bug.cgi?id=370559
- http://www.mozilla.org/security/announce/2007/mfsa2007-11.html
- http://www.ubuntu.com/usn/usn-443-1
- https://issues.rpath.com/browse/RPL-1157
- https://issues.rpath.com/browse/RPL-1424
- http://www.redhat.com/support/errata/RHSA-2007-0400.html
- http://www.redhat.com/support/errata/RHSA-2007-0402.html
- http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
- http://www.securityfocus.com/bid/23082
- http://www.securitytracker.com/id?1017800
- http://secunia.com/advisories/25476
- http://secunia.com/advisories/25490
- http://secunia.com/advisories/25858
- http://www.vupen.com/english/advisories/2007/1034
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33119
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11431
- http://www.securityfocus.com/archive/1/470172/100/200/threaded
- http://www.securityfocus.com/archive/1/463501/100/0/threaded
- http://www.openwall.com/lists/oss-security/2020/12/09/1