Vulnerabilities > CVE-2008-0416 - Cross-site Scripting vulnerability in Mozilla Thunderbird
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Cross Site Scripting through Log Files An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
- Embedding Scripts in Non-Script Elements This attack is a form of Cross-Site Scripting (XSS) where malicious scripts are embedded in elements that are not expected to host scripts such as image tags (<img>), comments in XML documents (< !-CDATA->), etc. These tags may not be subject to the same input validation, output validation, and other content filtering and checking routines, so this can create an opportunity for an attacker to tunnel through the application's elements and launch a XSS attack through other elements. As with all remote attacks, it is important to differentiate the ability to launch an attack (such as probing an internal network for unpatched servers) and the ability of the remote attacker to collect and interpret the output of said attack.
- Embedding Scripts within Scripts An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
- Cross-Site Scripting in Error Pages An attacker distributes a link (or possibly some other query structure) with a request to a third party web server that is malformed and also contains a block of exploit code in order to have the exploit become live code in the resulting error page. When the third party web server receives the crafted request and notes the error it then creates an error message that echoes the malformed message, including the exploit. Doing this converts the exploit portion of the message into to valid language elements that are executed by the viewing browser. When a victim executes the query provided by the attacker the infected error message error message is returned including the exploit code which then runs in the victim's browser. XSS can result in execution of code as well as data leakage (e.g. session cookies can be sent to the attacker). This type of attack is especially dangerous since the exploit appears to come from the third party web server, who the victim may trust and hence be more vulnerable to deception.
- Cross-Site Scripting Using Alternate Syntax The attacker uses alternate forms of keywords or commands that result in the same action as the primary form but which may not be caught by filters. For example, many keywords are processed in a case insensitive manner. If the site's web filtering algorithm does not convert all tags into a consistent case before the comparison with forbidden keywords it is possible to bypass filters (e.g., incomplete black lists) by using an alternate case structure. For example, the "script" tag using the alternate forms of "Script" or "ScRiPt" may bypass filters where "script" is the only form tested. Other variants using different syntax representations are also possible as well as using pollution meta-characters or entities that are eventually ignored by the rendering engine. The attack can result in the execution of otherwise prohibited functionality.
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1485.NASL description Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0412 Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2008-0413 Carsten Book, Wesley Garland, Igor Bukanov, last seen 2020-06-01 modified 2020-06-02 plugin id 30225 published 2008-02-11 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30225 title Debian DSA-1485-2 : icedove - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1485. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(30225); script_version("1.21"); script_cvs_date("Date: 2019/08/02 13:32:21"); script_cve_id("CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594"); script_bugtraq_id(27406, 27683); script_xref(name:"DSA", value:"1485"); script_name(english:"Debian DSA-1485-2 : icedove - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0412 Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2008-0413 Carsten Book, Wesley Garland, Igor Bukanov, 'moz_bug_r_a4', 'shutdown', Philip Taylor and 'tgirmann' discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. - CVE-2008-0415 'moz_bug_r_a4' and Boris Zbarsky discovered several vulnerabilities in JavaScript handling, which could allow privilege escalation. - CVE-2008-0418 Gerry Eisenhaur and 'moz_bug_r_a4' discovered that a directory traversal vulnerability in chrome: URI handling could lead to information disclosure. - CVE-2008-0419 David Bloom discovered a race condition in the image handling of designMode elements, which can lead to information disclosure and potentially the execution of arbitrary code. - CVE-2008-0591 Michal Zalewski discovered that timers protecting security-sensitive dialogs (by disabling dialog elements until a timeout is reached) could be bypassed by window focus changes through JavaScript. The Mozilla products from the old stable distribution (sarge) are no longer supported with security updates." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-0412" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-0413" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-0415" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-0418" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-0419" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-0591" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2008/dsa-1485" ); script_set_attribute( attribute:"solution", value: "Upgrade the icedove packages. For the stable distribution (etch), these problems have been fixed in version 1.5.0.13+1.5.0.15b.dfsg1-0etch2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 22, 79, 94, 200, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icedove"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"icedove", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++; if (deb_check(release:"4.0", prefix:"icedove-dbg", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++; if (deb_check(release:"4.0", prefix:"icedove-dev", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++; if (deb_check(release:"4.0", prefix:"icedove-gnome-support", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++; if (deb_check(release:"4.0", prefix:"icedove-inspector", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++; if (deb_check(release:"4.0", prefix:"icedove-typeaheadfind", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++; if (deb_check(release:"4.0", prefix:"mozilla-thunderbird", reference:"1.5.0.13+1.5.0.15a.dfsg1-0etch2")) flag++; if (deb_check(release:"4.0", prefix:"mozilla-thunderbird-dev", reference:"1.5.0.13+1.5.0.15a.dfsg1-0etch2")) flag++; if (deb_check(release:"4.0", prefix:"mozilla-thunderbird-inspector", reference:"1.5.0.13+1.5.0.15a.dfsg1-0etch2")) flag++; if (deb_check(release:"4.0", prefix:"mozilla-thunderbird-typeaheadfind", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++; if (deb_check(release:"4.0", prefix:"thunderbird", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++; if (deb_check(release:"4.0", prefix:"thunderbird-dbg", reference:"1.5.0.13+1.5.0.15a.dfsg1-0etch2")) flag++; if (deb_check(release:"4.0", prefix:"thunderbird-dev", reference:"1.5.0.13+1.5.0.15a.dfsg1-0etch2")) flag++; if (deb_check(release:"4.0", prefix:"thunderbird-gnome-support", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++; if (deb_check(release:"4.0", prefix:"thunderbird-inspector", reference:"1.5.0.13+1.5.0.15a.dfsg1-0etch2")) flag++; if (deb_check(release:"4.0", prefix:"thunderbird-typeaheadfind", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200805-18.NASL description The remote host is affected by the vulnerability described in GLSA-200805-18 (Mozilla products: Multiple vulnerabilities) The following vulnerabilities were reported in all mentioned Mozilla products: Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul Nickerson reported browser crashes related to JavaScript methods, possibly triggering memory corruption (CVE-2008-0412). Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown, Philip Taylor, and tgirmann reported crashes in the JavaScript engine, possibly triggering memory corruption (CVE-2008-0413). David Bloom discovered a vulnerability in the way images are treated by the browser when a user leaves a page, possibly triggering memory corruption (CVE-2008-0419). moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of privilege escalation vulnerabilities related to JavaScript (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235). Mozilla developers identified browser crashes caused by the layout and JavaScript engines, possibly triggering memory corruption (CVE-2008-1236, CVE-2008-1237). moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from its sandboxed context and run with chrome privileges, and inject script content into another site, violating the browser last seen 2020-06-01 modified 2020-06-02 plugin id 32416 published 2008-05-22 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/32416 title GLSA-200805-18 : Mozilla products: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200805-18. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(32416); script_version("1.20"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2007-4879", "CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241", "CVE-2008-1380"); script_xref(name:"GLSA", value:"200805-18"); script_name(english:"GLSA-200805-18 : Mozilla products: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200805-18 (Mozilla products: Multiple vulnerabilities) The following vulnerabilities were reported in all mentioned Mozilla products: Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul Nickerson reported browser crashes related to JavaScript methods, possibly triggering memory corruption (CVE-2008-0412). Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown, Philip Taylor, and tgirmann reported crashes in the JavaScript engine, possibly triggering memory corruption (CVE-2008-0413). David Bloom discovered a vulnerability in the way images are treated by the browser when a user leaves a page, possibly triggering memory corruption (CVE-2008-0419). moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of privilege escalation vulnerabilities related to JavaScript (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235). Mozilla developers identified browser crashes caused by the layout and JavaScript engines, possibly triggering memory corruption (CVE-2008-1236, CVE-2008-1237). moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from its sandboxed context and run with chrome privileges, and inject script content into another site, violating the browser's same origin policy (CVE-2008-0415). Gerry Eisenhaur discovered a directory traversal vulnerability when using 'flat' addons (CVE-2008-0418). Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu reported multiple character handling flaws related to the backspace character, the '0x80' character, involving zero-length non-ASCII sequences in multiple character sets, that could facilitate Cross-Site Scripting attacks (CVE-2008-0416). The following vulnerability was reported in Thunderbird and SeaMonkey: regenrecht (via iDefense) reported a heap-based buffer overflow when rendering an email message with an external MIME body (CVE-2008-0304). The following vulnerabilities were reported in Firefox, SeaMonkey and XULRunner: The fix for CVE-2008-1237 in Firefox 2.0.0.13 and SeaMonkey 1.1.9 introduced a new crash vulnerability (CVE-2008-1380). hong and Gregory Fleischer each reported a variant on earlier reported bugs regarding focus shifting in file input controls (CVE-2008-0414). Gynvael Coldwind (Vexillium) discovered that BMP images could be used to reveal uninitialized memory, and that this data could be extracted using a 'canvas' feature (CVE-2008-0420). Chris Thomas reported that background tabs could create a borderless XUL pop-up in front of pages in other tabs (CVE-2008-1241). oo.rio.oo discovered that a plain text file with a 'Content-Disposition: attachment' prevents Firefox from rendering future plain text files within the browser (CVE-2008-0592). Martin Straka reported that the '.href' property of stylesheet DOM nodes is modified to the final URI of a 302 redirect, bypassing the same origin policy (CVE-2008-0593). Gregory Fleischer discovered that under certain circumstances, leading characters from the hostname part of the 'Referer:' HTTP header are removed (CVE-2008-1238). Peter Brodersen and Alexander Klink reported that the browser automatically selected and sent a client certificate when SSL Client Authentication is requested by a server (CVE-2007-4879). Gregory Fleischer reported that web content fetched via the 'jar:' protocol was not subject to network access restrictions (CVE-2008-1240). The following vulnerabilities were reported in Firefox: Justin Dolske discovered a CRLF injection vulnerability when storing passwords (CVE-2008-0417). Michal Zalewski discovered that Firefox does not properly manage a delay timer used in confirmation dialogs (CVE-2008-0591). Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery warning dialog is not displayed if the entire contents of a web page are in a DIV tag that uses absolute positioning (CVE-2008-0594). Impact : A remote attacker could entice a user to view a specially crafted web page or email that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code or a Denial of Service. It is also possible for an attacker to trick a user to upload arbitrary files when submitting a form, to corrupt saved passwords for other sites, to steal login credentials, or to conduct Cross-Site Scripting and Cross-Site Request Forgery attacks. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200805-18" ); script_set_attribute( attribute:"solution", value: "All Mozilla Firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-2.0.0.14' All Mozilla Firefox binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-bin-2.0.0.14' All Mozilla Thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-2.0.0.14' All Mozilla Thunderbird binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-bin-2.0.0.14' All SeaMonkey users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/seamonkey-1.1.9-r1' All SeaMonkey binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-1.1.9' All XULRunner users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-libs/xulrunner-1.8.1.14' NOTE: The crash vulnerability (CVE-2008-1380) is currently unfixed in the SeaMonkey binary ebuild, as no precompiled packages have been released. Until an update is available, we recommend all SeaMonkey users to disable JavaScript, use Firefox for JavaScript-enabled browsing, or switch to the SeaMonkey source ebuild." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 22, 59, 79, 94, 119, 200, 287, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-firefox-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-thunderbird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-thunderbird-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xulrunner"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/05/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/22"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/09/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-client/mozilla-firefox-bin", unaffected:make_list("ge 2.0.0.14"), vulnerable:make_list("lt 2.0.0.14"))) flag++; if (qpkg_check(package:"www-client/seamonkey-bin", unaffected:make_list("ge 1.1.9"), vulnerable:make_list("lt 1.1.9"))) flag++; if (qpkg_check(package:"mail-client/mozilla-thunderbird-bin", unaffected:make_list("ge 2.0.0.14"), vulnerable:make_list("lt 2.0.0.14"))) flag++; if (qpkg_check(package:"www-client/seamonkey", unaffected:make_list("ge 1.1.9-r1"), vulnerable:make_list("lt 1.1.9-r1"))) flag++; if (qpkg_check(package:"mail-client/mozilla-thunderbird", unaffected:make_list("ge 2.0.0.14"), vulnerable:make_list("lt 2.0.0.14"))) flag++; if (qpkg_check(package:"net-libs/xulrunner", unaffected:make_list("ge 1.8.1.14"), vulnerable:make_list("lt 1.8.1.14"))) flag++; if (qpkg_check(package:"www-client/mozilla-firefox", unaffected:make_list("ge 2.0.0.14"), vulnerable:make_list("lt 2.0.0.14"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla products"); }
NASL family Windows NASL id MOZILLA_THUNDERBIRD_20012.NASL description The installed version of Thunderbird is affected by various security issues : - Several stability bugs exist leading to crashes which, in some cases, show traces of memory corruption. - Several issues exist that allow scripts from page content to escape from their sandboxed context and/or run with chrome privileges, resulting in privilege escalation, cross-site scripting, and/or remote code execution. - A directory traversal vulnerability exist via the last seen 2020-06-01 modified 2020-06-02 plugin id 31193 published 2008-02-27 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31193 title Mozilla Thunderbird < 2.0.0.12 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(31193); script_version("1.23"); script_cve_id( "CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0418" ); script_bugtraq_id(27406, 27683, 28012, 29303); script_name(english:"Mozilla Thunderbird < 2.0.0.12 Multiple Vulnerabilities"); script_summary(english:"Checks version of Thunderbird"); script_set_attribute( attribute:"synopsis", value: "The remote Windows host contains a mail client that is affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "The installed version of Thunderbird is affected by various security issues : - Several stability bugs exist leading to crashes which, in some cases, show traces of memory corruption. - Several issues exist that allow scripts from page content to escape from their sandboxed context and/or run with chrome privileges, resulting in privilege escalation, cross-site scripting, and/or remote code execution. - A directory traversal vulnerability exist via the 'chrome:' URI. - A heap-based buffer overflow exists that can be triggered when viewing an email with an external MIME body. - Multiple cross-site scripting vulnerabilities exist related to character encoding." ); script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-01/" ); script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-03/" ); script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-05/" ); script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-12/" ); script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-13/" ); script_set_attribute( attribute:"solution", value:"Upgrade to Mozilla Thunderbird 2.0.0.12 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(22, 79, 119, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/02/27"); script_set_attribute(attribute:"patch_publication_date", value: "2008/02/07"); script_cvs_date("Date: 2018/07/16 14:09:15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Thunderbird/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item_or_exit("SMB/transport"); installs = get_kb_list("SMB/Mozilla/Thunderbird/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Thunderbird"); mozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'2.0.0.12', severity:SECURITY_HOLE);
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0104.NASL description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed web content. A webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way SeaMonkey displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way SeaMonkey stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way SeaMonkey handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of SeaMonkey. (CVE-2008-0418) A flaw was found in the way SeaMonkey saves certain text files. If a website offers a file of type last seen 2020-06-01 modified 2020-06-02 plugin id 30221 published 2008-02-11 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30221 title CentOS 3 / 4 : seamonkey (CESA-2008:0104) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0104 and # CentOS Errata and Security Advisory 2008:0104 respectively. # include("compat.inc"); if (description) { script_id(30221); script_version("1.19"); script_cvs_date("Date: 2019/10/25 13:36:04"); script_cve_id("CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593"); script_bugtraq_id(24293, 27406, 27683); script_xref(name:"RHSA", value:"2008:0104"); script_name(english:"CentOS 3 / 4 : seamonkey (CESA-2008:0104)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed web content. A webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way SeaMonkey displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way SeaMonkey stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way SeaMonkey handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of SeaMonkey. (CVE-2008-0418) A flaw was found in the way SeaMonkey saves certain text files. If a website offers a file of type 'plain/text', rather than 'text/plain', SeaMonkey will not show future 'text/plain' content to the user in the browser, forcing them to save those files locally to view the content. (CVE-2008-0592) Users of SeaMonkey are advised to upgrade to these updated packages, which contain backported patches to resolve these issues." ); # https://lists.centos.org/pipermail/centos-announce/2008-February/014661.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1b615239" ); # https://lists.centos.org/pipermail/centos-announce/2008-February/014662.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?43cc2832" ); # https://lists.centos.org/pipermail/centos-announce/2008-February/014667.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2634875c" ); # https://lists.centos.org/pipermail/centos-announce/2008-February/014668.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?212996e0" ); # https://lists.centos.org/pipermail/centos-announce/2008-February/014673.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?15f721aa" ); # https://lists.centos.org/pipermail/centos-announce/2008-February/014674.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ecf7b57f" ); script_set_attribute( attribute:"solution", value:"Update the affected seamonkey packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(22, 79, 94, 119, 200, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-chat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-dom-inspector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-js-debugger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-mail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nspr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nspr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nss-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/08"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"seamonkey-1.0.9-0.9.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-chat-1.0.9-0.9.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-devel-1.0.9-0.9.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-dom-inspector-1.0.9-0.9.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-js-debugger-1.0.9-0.9.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-mail-1.0.9-0.9.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-nspr-1.0.9-0.9.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-nspr-devel-1.0.9-0.9.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-nss-1.0.9-0.9.el3.centos3")) flag++; if (rpm_check(release:"CentOS-3", reference:"seamonkey-nss-devel-1.0.9-0.9.el3.centos3")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-1.0.9-9.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-chat-1.0.9-9.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-devel-1.0.9-9.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-dom-inspector-1.0.9-9.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-js-debugger-1.0.9-9.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-mail-1.0.9-9.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-nspr-1.0.9-9.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-nspr-devel-1.0.9-9.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-nss-1.0.9-9.el4.centos")) flag++; if (rpm_check(release:"CentOS-4", reference:"seamonkey-nss-devel-1.0.9-9.el4.centos")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey / seamonkey-chat / seamonkey-devel / etc"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0103.NASL description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Firefox displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Firefox stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way Firefox handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of Firefox. (CVE-2008-0418) A flaw was found in the way Firefox saves certain text files. If a website offers a file of type last seen 2020-06-01 modified 2020-06-02 plugin id 30245 published 2008-02-11 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30245 title RHEL 4 / 5 : firefox (RHSA-2008:0103) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0103. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(30245); script_version ("1.26"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593"); script_bugtraq_id(24293, 27406, 27683); script_xref(name:"RHSA", value:"2008:0103"); script_name(english:"RHEL 4 / 5 : firefox (RHSA-2008:0103)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Firefox displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Firefox stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way Firefox handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of Firefox. (CVE-2008-0418) A flaw was found in the way Firefox saves certain text files. If a website offers a file of type 'plain/text', rather than 'text/plain', Firefox will not show future 'text/plain' content to the user in the browser, forcing them to save those files locally to view the content. (CVE-2008-0592) Users of firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0412" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0413" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0415" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0416" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0417" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0418" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0419" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0420" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0591" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0592" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0593" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2008:0103" ); script_set_attribute( attribute:"solution", value:"Update the affected firefox and / or firefox-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(22, 79, 94, 200, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/08"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2008:0103"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"firefox-1.5.0.12-0.10.el4")) flag++; if (rpm_check(release:"RHEL5", reference:"firefox-1.5.0.12-9.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"firefox-devel-1.5.0.12-9.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / firefox-devel"); } }
NASL family Windows NASL id SEAMONKEY_118.NASL description The installed version of SeaMonkey is affected by various security issues : - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption - Several file input focus stealing vulnerabilities that could result in uploading of arbitrary files provided their full path and file names are known. - Several issues that allow scripts from page content to escape from their sandboxed context and/or run with chrome privileges, resulting in privilege escalation, XSS, and/or remote code execution. - A directory traversal vulnerability via the last seen 2020-06-01 modified 2020-06-02 plugin id 30210 published 2008-02-08 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/30210 title SeaMonkey < 1.1.8 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(30210); script_version("1.21"); script_cve_id("CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0592", "CVE-2008-0593"); script_bugtraq_id(27406, 27683, 27826, 28012, 29303); script_name(english:"SeaMonkey < 1.1.8 Multiple Vulnerabilities"); script_summary(english:"Checks version of SeaMonkey"); script_set_attribute(attribute:"synopsis", value: "A web browser on the remote host is affected by multiple vulnerabilities." ); script_set_attribute(attribute:"description", value: "The installed version of SeaMonkey is affected by various security issues : - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption - Several file input focus stealing vulnerabilities that could result in uploading of arbitrary files provided their full path and file names are known. - Several issues that allow scripts from page content to escape from their sandboxed context and/or run with chrome privileges, resulting in privilege escalation, XSS, and/or remote code execution. - A directory traversal vulnerability via the 'chrome:' URI. - A vulnerability involving 'designMode' frames that may result in web browsing history and forward navigation stealing. - An information disclosure issue in the BMP decoder. - Mis-handling of locally-saved plaintext files. - Possible disclosure of sensitive URL parameters, such as session tokens, via the .href property of stylesheet DOM nodes reflecting the final URI of the stylesheet after following any 302 redirects. - A heap-based buffer overflow that can be triggered when viewing an email with an external MIME body. - Multiple cross-site scripting vulnerabilities related to character encoding." ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-01/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-02/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-03/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-05/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-06/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-07/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-09/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-10/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-12/" ); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-13/" ); script_set_attribute(attribute:"solution", value: "Upgrade to SeaMonkey 1.1.8 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 22, 79, 119, 200, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/02/08"); script_cvs_date("Date: 2018/07/27 18:38:15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:seamonkey"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("SeaMonkey/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item("SMB/transport"); if (!port) port = 445; installs = get_kb_list("SMB/SeaMonkey/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "SeaMonkey"); mozilla_check_version(installs:installs, product:'seamonkey', fix:'1.1.8', severity:SECURITY_HOLE);
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-592-1.NASL description Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu discovered flaws in Firefox last seen 2020-06-01 modified 2020-06-02 plugin id 31700 published 2008-03-28 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31700 title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : firefox vulnerabilities (USN-592-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0103.NASL description From Red Hat Security Advisory 2008:0103 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Firefox displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Firefox stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way Firefox handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of Firefox. (CVE-2008-0418) A flaw was found in the way Firefox saves certain text files. If a website offers a file of type last seen 2020-06-01 modified 2020-06-02 plugin id 67647 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67647 title Oracle Linux 4 / 5 : firefox (ELSA-2008-0103) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-576-1.NASL description Various flaws were discovered in the browser and JavaScript engine. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 30252 published 2008-02-11 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30252 title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : firefox vulnerabilities (USN-576-1) NASL family Windows NASL id MOZILLA_FIREFOX_20012.NASL description The installed version of Firefox is affected by various security issues : - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption - Several file input focus stealing vulnerabilities that could result in uploading of arbitrary files provided their full path and file names are known. - Several issues that allow scripts from page content to escape from their sandboxed context and/or run with chrome privileges, resulting in privilege escalation, XSS, and/or remote code execution. - An issue that could allow a malicious site to inject newlines into the application last seen 2020-06-01 modified 2020-06-02 plugin id 30209 published 2008-02-08 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/30209 title Firefox < 2.0.0.12 Multiple Vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0104.NASL description From Red Hat Security Advisory 2008:0104 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed web content. A webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way SeaMonkey displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way SeaMonkey stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way SeaMonkey handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of SeaMonkey. (CVE-2008-0418) A flaw was found in the way SeaMonkey saves certain text files. If a website offers a file of type last seen 2020-06-01 modified 2020-06-02 plugin id 67648 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67648 title Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0104) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0103.NASL description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Firefox displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Firefox stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way Firefox handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of Firefox. (CVE-2008-0418) A flaw was found in the way Firefox saves certain text files. If a website offers a file of type last seen 2020-06-01 modified 2020-06-02 plugin id 30220 published 2008-02-11 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30220 title CentOS 4 / 5 : firefox (CESA-2008:0103) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1489.NASL description Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0412 Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2008-0413 Carsten Book, Wesley Garland, Igor Bukanov, last seen 2020-06-01 modified 2020-06-02 plugin id 30228 published 2008-02-11 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30228 title Debian DSA-1489-1 : iceweasel - several vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0104.NASL description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed web content. A webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way SeaMonkey displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way SeaMonkey stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way SeaMonkey handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of SeaMonkey. (CVE-2008-0418) A flaw was found in the way SeaMonkey saves certain text files. If a website offers a file of type last seen 2020-06-01 modified 2020-06-02 plugin id 30246 published 2008-02-11 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30246 title RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0104) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1484.NASL description Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0412 Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2008-0413 Carsten Book, Wesley Garland, Igor Bukanov, last seen 2020-06-01 modified 2020-06-02 plugin id 30224 published 2008-02-11 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30224 title Debian DSA-1484-1 : xulrunner - several vulnerabilities
Redhat
rpms |
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 29303 CVE(CAN) ID: CVE-2008-0416 Firefox是一款流行的开源WEB浏览器。 Firefox及其衍生产品中的HTML解析器没有遵循HTML规范,将退格字符处理为空格,这可能在遵循了上述规范过滤输入的网站上导致跨站脚本攻击。此外Firefox没有正确的解析Shift_JIS编码的0x80控制字符,这可能允许攻击者绕过站点输入过滤执行跨站脚本攻击。 Mozilla Firefox < 2.0.0.12 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1489-1)以及相应补丁: DSA-1489-1:New iceweasel packages fix several vulnerabilities 链接:<a href=http://www.debian.org/security/2008/dsa-1489 target=_blank>http://www.debian.org/security/2008/dsa-1489</a> 补丁下载: Source archives: <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12.orig.tar.gz</a> Size/MD5 checksum: 43522779 34cb9e2038afa635dac9319a0f113be8 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1.dsc target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1.dsc</a> Size/MD5 checksum: 1289 568c8d5661721888aa75724f4ec76cf9 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1.diff.gz target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1.diff.gz</a> Size/MD5 checksum: 186174 96e7907d265cdf00b81785db4e2ab6c4 Architecture independent packages: <a href=http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.12-0etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.12-0etch1_all.deb</a> Size/MD5 checksum: 54290 97f40d39e73fba4b90c79a514ab89f18 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.12-0etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.12-0etch1_all.deb</a> Size/MD5 checksum: 54146 ef3dbcc83837bc5c86ecdb3295716e23 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.12-0etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.12-0etch1_all.deb</a> Size/MD5 checksum: 54026 91815e0777f6249b4ba95bbeb38cee0c <a href=http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.12-0etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.12-0etch1_all.deb</a> Size/MD5 checksum: 54176 1b7640fa33604225b347b8fd368163a0 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.12-0etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.12-0etch1_all.deb</a> Size/MD5 checksum: 54816 97db059f2fc4f52bd4d2389f724e8378 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.12-0etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.12-0etch1_all.deb</a> Size/MD5 checksum: 54026 969ad8b6ed5b8b0dea8cd5d3414c1485 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.12-0etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.12-0etch1_all.deb</a> Size/MD5 checksum: 239356 4309e0a07163450b9d7ce65103b39b80 alpha architecture (DEC Alpha) <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_alpha.deb</a> Size/MD5 checksum: 90934 5e1bdb44f0484fd2111a1541276b99dd <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_alpha.deb</a> Size/MD5 checksum: 51062530 72e80dbe1969eae96b4d9ed57aa89122 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_alpha.deb</a> Size/MD5 checksum: 11553820 0cea194c903903bb98b53cc349b89dbf amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_amd64.deb</a> Size/MD5 checksum: 50060784 8639ed04300fac0705c47c27338fdfbb <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_amd64.deb</a> Size/MD5 checksum: 87564 79c23f813fc543121275f4a974833c82 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_amd64.deb</a> Size/MD5 checksum: 10182710 bb8bbff82040dc0c04e98ac477a5a691 hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_hppa.deb</a> Size/MD5 checksum: 89302 2867a60e5385e94188bf66f38f992a29 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_hppa.deb</a> Size/MD5 checksum: 11031094 f5926d349e00706a548fdb4f6c02dbac <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_hppa.deb</a> Size/MD5 checksum: 50426978 4228e87f68b21f2627069a320603263d i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_i386.deb</a> Size/MD5 checksum: 9096292 1c535164988178a3d6b889f9d44f31e8 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_i386.deb</a> Size/MD5 checksum: 81706 a7ca2818a1d14730077724e3acaf615f <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_i386.deb</a> Size/MD5 checksum: 49451404 3525c3b01dd1142815513cc0d390493f ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_ia64.deb</a> Size/MD5 checksum: 14120046 8d6c6253c001988251523976eee216a1 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_ia64.deb</a> Size/MD5 checksum: 99914 3a4bd7bd5ab87d20bbf5a962411ae4fa <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_ia64.deb</a> Size/MD5 checksum: 50400330 dfa48b54a479b7f305c899bc3f395f92 mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_mips.deb</a> Size/MD5 checksum: 53844792 613a7bc03c43510bcb09e09d33bce694 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_mips.deb</a> Size/MD5 checksum: 82810 e673433c89d7a74e95b86ed1a264fa5b <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_mips.deb</a> Size/MD5 checksum: 11038906 5f60ab9a24ad69a5b8c17ef69f31ef83 mipsel architecture (MIPS (Little Endian)) <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_mipsel.deb</a> Size/MD5 checksum: 82872 e9fcd10390f6241f8ddc9c996807afe0 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_mipsel.deb</a> Size/MD5 checksum: 10735706 dcc381a4d6a0d26a0d69afb0696955db <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_mipsel.deb</a> Size/MD5 checksum: 52399756 ffa41f602d079d778355e5a4a7cbde18 powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_powerpc.deb</a> Size/MD5 checksum: 9913630 75da2ef9f6915fc6961cc56755f6b8fb <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_powerpc.deb</a> Size/MD5 checksum: 83434 0b65d7b061d42bfb5ae48c9fb2f65e05 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_powerpc.deb</a> Size/MD5 checksum: 51852988 59f76c278e30b86d7e3caaab603d774e s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_s390.deb</a> Size/MD5 checksum: 87788 6cc1b69d90583e765b1f54bdd8ec88a4 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_s390.deb</a> Size/MD5 checksum: 10339140 dd605f3c893a9fd281ee68c940faaea7 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_s390.deb</a> Size/MD5 checksum: 50726238 fdc527fd80bb0383ea8ef02dca684f16 sparc architecture (Sun SPARC/UltraSPARC) <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_sparc.deb</a> Size/MD5 checksum: 81548 f4e489f39594fda6a3a3498aea9bd986 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_sparc.deb</a> Size/MD5 checksum: 9122208 28632988671ede31388d9caa46a5cfe9 <a href=http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_sparc.deb</a> Size/MD5 checksum: 49060394 1008a6ee3a9f8a3b6e46b766e62af10a 补丁安装方法: 1. 手工安装补丁包: 首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址) 然后,使用下面的命令来安装补丁: # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包: 首先,使用下面的命令更新内部数据库: # apt-get update 然后,使用下面的命令安装更新软件包: # apt-get upgrade Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.mozilla.com/en-US/firefox/all.html target=_blank>http://www.mozilla.com/en-US/firefox/all.html</a> |
id | SSV:3319 |
last seen | 2017-11-19 |
modified | 2008-05-23 |
published | 2008-05-23 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-3319 |
title | Mozilla Firefox字符编码跨站脚本漏洞 |
References
- http://www.debian.org/security/2008/dsa-1484
- http://www.debian.org/security/2008/dsa-1485
- http://www.debian.org/security/2008/dsa-1489
- http://secunia.com/advisories/28839
- http://secunia.com/advisories/28864
- http://secunia.com/advisories/28865
- http://secunia.com/advisories/28879
- http://www.ubuntu.com/usn/usn-592-1
- http://www.us-cert.gov/cas/techalerts/TA08-087A.html
- http://secunia.com/advisories/29541
- http://www.securityfocus.com/bid/29303
- http://secunia.com/advisories/30327
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1
- http://secunia.com/advisories/31043
- http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
- http://secunia.com/advisories/30620
- http://www.turbolinux.com/security/2008/TLSA-2008-9.txt
- http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000021.html
- http://jvn.jp/en/jp/JVN21563357/index.html
- http://www.vupen.com/english/advisories/2008/2091/references
- http://www.vupen.com/english/advisories/2008/1793/references
- http://www.mozilla.org/security/announce/2008/mfsa2008-13.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40488
- https://usn.ubuntu.com/576-1/
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=404252%2C381412%2C407161