Vulnerabilities > CVE-2008-0418 - Path Traversal vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
mozilla
CWE-22
nessus
exploit available

Summary

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.

Vulnerable Configurations

Part Description Count
Application
Mozilla
142

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Relative Path Traversal
    An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
  • Directory Traversal
    An attacker with access to file system resources, either directly or via application logic, will use various file path specification or navigation mechanisms such as ".." in path strings and absolute paths to extend their range of access to inappropriate areas of the file system. The attacker attempts to either explore the file system for recon purposes or access directories and files that are intended to be restricted from their access. Exploring the file system can be achieved through constructing paths presented to directory listing programs, such as "ls" and 'dir', or through specially crafted programs that attempt to explore the file system. The attacker engaging in this type of activity is searching for information that can be used later in a more exploitive attack. Access to restricted directories or files can be achieved through modification of path references utilized by system applications.
  • File System Function Injection, Content Based
    An attack of this type exploits the host's trust in executing remote content including binary files. The files are poisoned with a malicious payload (targeting the file systems accessible by the target software) by the attacker and may be passed through standard channels such as via email, and standard web content like PDF and multimedia files. The attacker exploits known vulnerabilities or handling routines in the target processes. Vulnerabilities of this type have been found in a wide variety of commercial applications from Microsoft Office to Adobe Acrobat and Apple Safari web browser. When the attacker knows the standard handling routines and can identify vulnerabilities and entry points they can be exploited by otherwise seemingly normal content. Once the attack is executed, the attackers' program can access relative directories such as C:\Program Files or other standard system directories to launch further attacks. In a worst case scenario, these programs are combined with other propagation logic and work as a virus.
  • Using Slashes and URL Encoding Combined to Bypass Validation Logic
    This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.
  • Manipulating Input to File System Calls
    An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.

Exploit-Db

descriptionMozilla Firefox 2.0 chrome:// URI JavaScript File Request Information Disclosure Vulnerability. CVE-2008-0418. Remote exploit for linux platform
idEDB-ID:31051
last seen2016-02-03
modified2008-01-19
published2008-01-19
reporterGerry Eisenhaur
sourcehttps://www.exploit-db.com/download/31051/
titleMozilla Firefox 2.0 chrome:// URI JavaScript File Request Information Disclosure Vulnerability

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-582-1.NASL
    descriptionIt was discovered that Thunderbird did not properly set the size of a buffer when parsing an external-body MIME-type. If a user were to open a specially crafted email, an attacker could cause a denial of service via application crash or possibly execute arbitrary code as the user. (CVE-2008-0304) Various flaws were discovered in Thunderbird and its JavaScript engine. By tricking a user into opening a malicious message, an attacker could execute arbitrary code with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id31341
    published2008-03-04
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31341
    titleUbuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : mozilla-thunderbird, thunderbird vulnerabilities (USN-582-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-582-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(31341);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:33:01");
    
      script_cve_id("CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0418", "CVE-2008-0420", "CVE-2008-0591");
      script_xref(name:"USN", value:"582-1");
    
      script_name(english:"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : mozilla-thunderbird, thunderbird vulnerabilities (USN-582-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that Thunderbird did not properly set the size of a
    buffer when parsing an external-body MIME-type. If a user were to open
    a specially crafted email, an attacker could cause a denial of service
    via application crash or possibly execute arbitrary code as the user.
    (CVE-2008-0304)
    
    Various flaws were discovered in Thunderbird and its JavaScript
    engine. By tricking a user into opening a malicious message, an
    attacker could execute arbitrary code with the user's privileges.
    (CVE-2008-0412, CVE-2008-0413)
    
    Various flaws were discovered in the JavaScript engine. By tricking a
    user into opening a malicious message, an attacker could escalate
    privileges within Thunderbird, perform cross-site scripting attacks
    and/or execute arbitrary code with the user's privileges.
    (CVE-2008-0415)
    
    Gerry Eisenhaur discovered that the chrome URI scheme did not properly
    guard against directory traversal. Under certain circumstances, an
    attacker may be able to load files or steal session data. Ubuntu is
    not vulnerable in the default installation. (CVE-2008-0418)
    
    Flaws were discovered in the BMP decoder. By tricking a user into
    opening a specially crafted BMP file, an attacker could obtain
    sensitive information. (CVE-2008-0420).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/582-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(22, 79, 119, 200, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-thunderbird-typeaheadfind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:thunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:thunderbird-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:thunderbird-gnome-support");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/02/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/03/04");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(6\.06|6\.10|7\.04|7\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 6.10 / 7.04 / 7.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"6.06", pkgname:"mozilla-thunderbird", pkgver:"1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.0")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"mozilla-thunderbird-dev", pkgver:"1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.0")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"mozilla-thunderbird-inspector", pkgver:"1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.0")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"mozilla-thunderbird-typeaheadfind", pkgver:"1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.0")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"mozilla-thunderbird", pkgver:"1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.0")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"mozilla-thunderbird-dev", pkgver:"1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.0")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"mozilla-thunderbird-inspector", pkgver:"1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.0")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"mozilla-thunderbird-typeaheadfind", pkgver:"1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.0")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"mozilla-thunderbird", pkgver:"1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.0")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"mozilla-thunderbird-dev", pkgver:"1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.0")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"mozilla-thunderbird-inspector", pkgver:"1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.0")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"mozilla-thunderbird-typeaheadfind", pkgver:"1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.0")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"mozilla-thunderbird", pkgver:"2.0.0.12+nobinonly-0ubuntu0.7.10.0")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"mozilla-thunderbird-dev", pkgver:"2.0.0.12+nobinonly-0ubuntu0.7.10.0")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"thunderbird", pkgver:"2.0.0.12+nobinonly-0ubuntu0.7.10.0")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"thunderbird-dev", pkgver:"2.0.0.12+nobinonly-0ubuntu0.7.10.0")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"thunderbird-gnome-support", pkgver:"2.0.0.12+nobinonly-0ubuntu0.7.10.0")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mozilla-thunderbird / mozilla-thunderbird-dev / etc");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080207_FIREFOX_ON_SL4_X.NASL
    descriptionSeveral flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Firefox displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Firefox stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way Firefox handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of Firefox. (CVE-2008-0418) A flaw was found in the way Firefox saves certain text files. If a website offers a file of type
    last seen2020-06-01
    modified2020-06-02
    plugin id60355
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60355
    titleScientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60355);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/25 13:36:17");
    
      script_cve_id("CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593");
    
      script_name(english:"Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several flaws were found in the way Firefox processed certain
    malformed web content. A webpage containing malicious content could
    cause Firefox to crash, or potentially execute arbitrary code as the
    user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,
    CVE-2008-0419)
    
    Several flaws were found in the way Firefox displayed malformed web
    content. A webpage containing specially crafted content could trick a
    user into surrendering sensitive information. (CVE-2008-0591,
    CVE-2008-0593)
    
    A flaw was found in the way Firefox stored password data. If a user
    saves login information for a malicious website, it could be possible
    to corrupt the password database, preventing the user from properly
    accessing saved password data. (CVE-2008-0417)
    
    A flaw was found in the way Firefox handles certain chrome URLs. If a
    user has certain extensions installed, it could allow a malicious
    website to steal sensitive session data. Note: this flaw does not
    affect a default installation of Firefox. (CVE-2008-0418)
    
    A flaw was found in the way Firefox saves certain text files. If a
    website offers a file of type 'plain/text', rather than 'text/plain',
    Firefox will not show future 'text/plain' content to the user in the
    browser, forcing them to save those files locally to view the content.
    (CVE-2008-0592)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0802&L=scientific-linux-errata&T=0&P=440
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f55ac814"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox and / or firefox-devel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(22, 79, 94, 200, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/02/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL4", reference:"firefox-1.5.0.12-0.10.el4")) flag++;
    
    if (rpm_check(release:"SL5", reference:"firefox-1.5.0.12-9.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"firefox-devel-1.5.0.12-9.el5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1485.NASL
    descriptionSeveral remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0412 Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2008-0413 Carsten Book, Wesley Garland, Igor Bukanov,
    last seen2020-06-01
    modified2020-06-02
    plugin id30225
    published2008-02-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30225
    titleDebian DSA-1485-2 : icedove - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1485. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(30225);
      script_version("1.21");
      script_cvs_date("Date: 2019/08/02 13:32:21");
    
      script_cve_id("CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594");
      script_bugtraq_id(27406, 27683);
      script_xref(name:"DSA", value:"1485");
    
      script_name(english:"Debian DSA-1485-2 : icedove - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several remote vulnerabilities have been discovered in the Icedove
    mail client, an unbranded version of the Thunderbird client. The
    Common Vulnerabilities and Exposures project identifies the following
    problems :
    
      - CVE-2008-0412
        Jesse Ruderman, Kai Engert, Martijn Wargers, Mats
        Palmgren and Paul Nickerson discovered crashes in the
        layout engine, which might allow the execution of
        arbitrary code.
    
      - CVE-2008-0413
        Carsten Book, Wesley Garland, Igor Bukanov,
        'moz_bug_r_a4', 'shutdown', Philip Taylor and 'tgirmann'
        discovered crashes in the JavaScript engine, which might
        allow the execution of arbitrary code.
    
      - CVE-2008-0415
        'moz_bug_r_a4' and Boris Zbarsky discovered several
        vulnerabilities in JavaScript handling, which could
        allow privilege escalation.
    
      - CVE-2008-0418
        Gerry Eisenhaur and 'moz_bug_r_a4' discovered that a
        directory traversal vulnerability in chrome: URI
        handling could lead to information disclosure.
    
      - CVE-2008-0419
        David Bloom discovered a race condition in the image
        handling of designMode elements, which can lead to
        information disclosure and potentially the execution of
        arbitrary code.
    
      - CVE-2008-0591
        Michal Zalewski discovered that timers protecting
        security-sensitive dialogs (by disabling dialog elements
        until a timeout is reached) could be bypassed by window
        focus changes through JavaScript.
    
    The Mozilla products from the old stable distribution (sarge) are no
    longer supported with security updates."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-0412"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-0413"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-0415"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-0418"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-0419"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-0591"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2008/dsa-1485"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the icedove packages.
    
    For the stable distribution (etch), these problems have been fixed in
    version 1.5.0.13+1.5.0.15b.dfsg1-0etch2."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(20, 22, 79, 94, 200, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icedove");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/02/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"4.0", prefix:"icedove", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"icedove-dbg", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"icedove-dev", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"icedove-gnome-support", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"icedove-inspector", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"icedove-typeaheadfind", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"mozilla-thunderbird", reference:"1.5.0.13+1.5.0.15a.dfsg1-0etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"mozilla-thunderbird-dev", reference:"1.5.0.13+1.5.0.15a.dfsg1-0etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"mozilla-thunderbird-inspector", reference:"1.5.0.13+1.5.0.15a.dfsg1-0etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"mozilla-thunderbird-typeaheadfind", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"thunderbird", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"thunderbird-dbg", reference:"1.5.0.13+1.5.0.15a.dfsg1-0etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"thunderbird-dev", reference:"1.5.0.13+1.5.0.15a.dfsg1-0etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"thunderbird-gnome-support", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"thunderbird-inspector", reference:"1.5.0.13+1.5.0.15a.dfsg1-0etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"thunderbird-typeaheadfind", reference:"1.5.0.13+1.5.0.15b.dfsg1-0etch2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200805-18.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200805-18 (Mozilla products: Multiple vulnerabilities) The following vulnerabilities were reported in all mentioned Mozilla products: Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul Nickerson reported browser crashes related to JavaScript methods, possibly triggering memory corruption (CVE-2008-0412). Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown, Philip Taylor, and tgirmann reported crashes in the JavaScript engine, possibly triggering memory corruption (CVE-2008-0413). David Bloom discovered a vulnerability in the way images are treated by the browser when a user leaves a page, possibly triggering memory corruption (CVE-2008-0419). moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of privilege escalation vulnerabilities related to JavaScript (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235). Mozilla developers identified browser crashes caused by the layout and JavaScript engines, possibly triggering memory corruption (CVE-2008-1236, CVE-2008-1237). moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from its sandboxed context and run with chrome privileges, and inject script content into another site, violating the browser
    last seen2020-06-01
    modified2020-06-02
    plugin id32416
    published2008-05-22
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/32416
    titleGLSA-200805-18 : Mozilla products: Multiple vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200805-18.
    #
    # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(32416);
      script_version("1.20");
      script_cvs_date("Date: 2019/08/02 13:32:45");
    
      script_cve_id("CVE-2007-4879", "CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594", "CVE-2008-1233", "CVE-2008-1234", "CVE-2008-1235", "CVE-2008-1236", "CVE-2008-1237", "CVE-2008-1238", "CVE-2008-1240", "CVE-2008-1241", "CVE-2008-1380");
      script_xref(name:"GLSA", value:"200805-18");
    
      script_name(english:"GLSA-200805-18 : Mozilla products: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200805-18
    (Mozilla products: Multiple vulnerabilities)
    
        The following vulnerabilities were reported in all mentioned Mozilla
        products:
        Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul
        Nickerson reported browser crashes related to JavaScript methods,
        possibly triggering memory corruption (CVE-2008-0412).
        Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown,
        Philip Taylor, and tgirmann reported crashes in the JavaScript engine,
        possibly triggering memory corruption (CVE-2008-0413).
        David Bloom discovered a vulnerability in the way images are treated by
        the browser when a user leaves a page, possibly triggering memory
        corruption (CVE-2008-0419).
        moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of
        privilege escalation vulnerabilities related to JavaScript
        (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235).
        Mozilla developers identified browser crashes caused by the layout and
        JavaScript engines, possibly triggering memory corruption
        (CVE-2008-1236, CVE-2008-1237).
        moz_bug_r_a4 and Boris Zbarsky discovered that pages could escape from
        its sandboxed context and run with chrome privileges, and inject script
        content into another site, violating the browser's same origin policy
        (CVE-2008-0415).
        Gerry Eisenhaur discovered a directory traversal vulnerability when
        using 'flat' addons (CVE-2008-0418).
        Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu reported
        multiple character handling flaws related to the backspace character,
        the '0x80' character, involving zero-length non-ASCII sequences in
        multiple character sets, that could facilitate Cross-Site Scripting
        attacks (CVE-2008-0416).
        The following vulnerability was reported in Thunderbird and SeaMonkey:
        regenrecht (via iDefense) reported a heap-based buffer overflow when
        rendering an email message with an external MIME body (CVE-2008-0304).
        The following vulnerabilities were reported in Firefox, SeaMonkey and
        XULRunner:
        The fix for CVE-2008-1237 in Firefox 2.0.0.13
        and SeaMonkey 1.1.9 introduced a new crash vulnerability
        (CVE-2008-1380).
        hong and Gregory Fleischer each reported a
        variant on earlier reported bugs regarding focus shifting in file input
        controls (CVE-2008-0414).
        Gynvael Coldwind (Vexillium) discovered that BMP images could be used
        to reveal uninitialized memory, and that this data could be extracted
        using a 'canvas' feature (CVE-2008-0420).
        Chris Thomas reported that background tabs could create a borderless
        XUL pop-up in front of pages in other tabs (CVE-2008-1241).
        oo.rio.oo discovered that a plain text file with a
        'Content-Disposition: attachment' prevents Firefox from rendering
        future plain text files within the browser (CVE-2008-0592).
        Martin Straka reported that the '.href' property of stylesheet DOM
        nodes is modified to the final URI of a 302 redirect, bypassing the
        same origin policy (CVE-2008-0593).
        Gregory Fleischer discovered that under certain circumstances, leading
        characters from the hostname part of the 'Referer:' HTTP header are
        removed (CVE-2008-1238).
        Peter Brodersen and Alexander Klink reported that the browser
        automatically selected and sent a client certificate when SSL Client
        Authentication is requested by a server (CVE-2007-4879).
        Gregory Fleischer reported that web content fetched via the 'jar:'
        protocol was not subject to network access restrictions
        (CVE-2008-1240).
        The following vulnerabilities were reported in Firefox:
        Justin Dolske discovered a CRLF injection vulnerability when storing
        passwords (CVE-2008-0417).
        Michal Zalewski discovered that Firefox does not properly manage a
        delay timer used in confirmation dialogs (CVE-2008-0591).
        Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery
        warning dialog is not displayed if the entire contents of a web page
        are in a DIV tag that uses absolute positioning (CVE-2008-0594).
      
    Impact :
    
        A remote attacker could entice a user to view a specially crafted web
        page or email that will trigger one of the vulnerabilities, possibly
        leading to the execution of arbitrary code or a Denial of Service. It
        is also possible for an attacker to trick a user to upload arbitrary
        files when submitting a form, to corrupt saved passwords for other
        sites, to steal login credentials, or to conduct Cross-Site Scripting
        and Cross-Site Request Forgery attacks.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200805-18"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Mozilla Firefox users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-2.0.0.14'
        All Mozilla Firefox binary users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-bin-2.0.0.14'
        All Mozilla Thunderbird users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-2.0.0.14'
        All Mozilla Thunderbird binary users should upgrade to the latest
        version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=mail-client/mozilla-thunderbird-bin-2.0.0.14'
        All SeaMonkey users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=www-client/seamonkey-1.1.9-r1'
        All SeaMonkey binary users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=www-client/seamonkey-bin-1.1.9'
        All XULRunner users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=net-libs/xulrunner-1.8.1.14'
        NOTE: The crash vulnerability (CVE-2008-1380) is currently unfixed in
        the SeaMonkey binary ebuild, as no precompiled packages have been
        released. Until an update is available, we recommend all SeaMonkey
        users to disable JavaScript, use Firefox for JavaScript-enabled
        browsing, or switch to the SeaMonkey source ebuild."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(20, 22, 59, 79, 94, 119, 200, 287, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-firefox-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-thunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:mozilla-thunderbird-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:seamonkey-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xulrunner");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/05/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/22");
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/09/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"www-client/mozilla-firefox-bin", unaffected:make_list("ge 2.0.0.14"), vulnerable:make_list("lt 2.0.0.14"))) flag++;
    if (qpkg_check(package:"www-client/seamonkey-bin", unaffected:make_list("ge 1.1.9"), vulnerable:make_list("lt 1.1.9"))) flag++;
    if (qpkg_check(package:"mail-client/mozilla-thunderbird-bin", unaffected:make_list("ge 2.0.0.14"), vulnerable:make_list("lt 2.0.0.14"))) flag++;
    if (qpkg_check(package:"www-client/seamonkey", unaffected:make_list("ge 1.1.9-r1"), vulnerable:make_list("lt 1.1.9-r1"))) flag++;
    if (qpkg_check(package:"mail-client/mozilla-thunderbird", unaffected:make_list("ge 2.0.0.14"), vulnerable:make_list("lt 2.0.0.14"))) flag++;
    if (qpkg_check(package:"net-libs/xulrunner", unaffected:make_list("ge 1.8.1.14"), vulnerable:make_list("lt 1.8.1.14"))) flag++;
    if (qpkg_check(package:"www-client/mozilla-firefox", unaffected:make_list("ge 2.0.0.14"), vulnerable:make_list("lt 2.0.0.14"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla products");
    }
    
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_20012.NASL
    descriptionThe installed version of Thunderbird is affected by various security issues : - Several stability bugs exist leading to crashes which, in some cases, show traces of memory corruption. - Several issues exist that allow scripts from page content to escape from their sandboxed context and/or run with chrome privileges, resulting in privilege escalation, cross-site scripting, and/or remote code execution. - A directory traversal vulnerability exist via the
    last seen2020-06-01
    modified2020-06-02
    plugin id31193
    published2008-02-27
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31193
    titleMozilla Thunderbird < 2.0.0.12 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(31193);
      script_version("1.23");
    
      script_cve_id(
        "CVE-2008-0304", 
        "CVE-2008-0412", 
        "CVE-2008-0413",
        "CVE-2008-0415", 
        "CVE-2008-0416", 
        "CVE-2008-0418"
      );
      script_bugtraq_id(27406, 27683, 28012, 29303);
    
      script_name(english:"Mozilla Thunderbird < 2.0.0.12 Multiple Vulnerabilities");
      script_summary(english:"Checks version of Thunderbird");
    
      script_set_attribute( attribute:"synopsis",  value:
    "The remote Windows host contains a mail client that is affected by
    multiple vulnerabilities."  );
      script_set_attribute(  attribute:"description",   value:
    "The installed version of Thunderbird is affected by various security
    issues :
    
      - Several stability bugs exist leading to crashes which, in
        some cases, show traces of memory corruption.
    
      - Several issues exist that allow scripts from page
        content to escape from their sandboxed context and/or
        run with chrome privileges, resulting in privilege
        escalation, cross-site scripting, and/or remote code
        execution.
    
      - A directory traversal vulnerability exist via the
        'chrome:' URI.
    
      - A heap-based buffer overflow exists that can be
        triggered when viewing an email with an external MIME
        body.
    
      - Multiple cross-site scripting vulnerabilities
        exist related to character encoding."  );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-01/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-03/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-05/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-12/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-13/"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Upgrade to Mozilla Thunderbird 2.0.0.12 or later."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(22, 79, 119, 399);
     script_set_attribute(attribute:"plugin_publication_date", value: "2008/02/27");
     script_set_attribute(attribute:"patch_publication_date", value: "2008/02/07");
     script_cvs_date("Date: 2018/07/16 14:09:15");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
      script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("Mozilla/Thunderbird/Version");
      exit(0);
    }
    
    include("mozilla_version.inc");
    port = get_kb_item_or_exit("SMB/transport");
    
    installs = get_kb_list("SMB/Mozilla/Thunderbird/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "Thunderbird");
    
    mozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'2.0.0.12', severity:SECURITY_HOLE);
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0104.NASL
    descriptionUpdated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed web content. A webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way SeaMonkey displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way SeaMonkey stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way SeaMonkey handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of SeaMonkey. (CVE-2008-0418) A flaw was found in the way SeaMonkey saves certain text files. If a website offers a file of type
    last seen2020-06-01
    modified2020-06-02
    plugin id30221
    published2008-02-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30221
    titleCentOS 3 / 4 : seamonkey (CESA-2008:0104)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0104 and 
    # CentOS Errata and Security Advisory 2008:0104 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(30221);
      script_version("1.19");
      script_cvs_date("Date: 2019/10/25 13:36:04");
    
      script_cve_id("CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593");
      script_bugtraq_id(24293, 27406, 27683);
      script_xref(name:"RHSA", value:"2008:0104");
    
      script_name(english:"CentOS 3 / 4 : seamonkey (CESA-2008:0104)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated SeaMonkey packages that fix several security issues are now
    available for Red Hat Enterprise Linux 2.1, 3, and 4.
    
    This update has been rated as having critical security impact by the
    Red Hat Security Response Team.
    
    SeaMonkey is an open source Web browser, advanced email and newsgroup
    client, IRC chat client, and HTML editor.
    
    Several flaws were found in the way SeaMonkey processed certain
    malformed web content. A webpage containing malicious content could
    cause SeaMonkey to crash, or potentially execute arbitrary code as the
    user running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,
    CVE-2008-0419)
    
    Several flaws were found in the way SeaMonkey displayed malformed web
    content. A webpage containing specially crafted content could trick a
    user into surrendering sensitive information. (CVE-2008-0591,
    CVE-2008-0593)
    
    A flaw was found in the way SeaMonkey stored password data. If a user
    saves login information for a malicious website, it could be possible
    to corrupt the password database, preventing the user from properly
    accessing saved password data. (CVE-2008-0417)
    
    A flaw was found in the way SeaMonkey handles certain chrome URLs. If
    a user has certain extensions installed, it could allow a malicious
    website to steal sensitive session data. Note: this flaw does not
    affect a default installation of SeaMonkey. (CVE-2008-0418)
    
    A flaw was found in the way SeaMonkey saves certain text files. If a
    website offers a file of type 'plain/text', rather than 'text/plain',
    SeaMonkey will not show future 'text/plain' content to the user in the
    browser, forcing them to save those files locally to view the content.
    (CVE-2008-0592)
    
    Users of SeaMonkey are advised to upgrade to these updated packages,
    which contain backported patches to resolve these issues."
      );
      # https://lists.centos.org/pipermail/centos-announce/2008-February/014661.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1b615239"
      );
      # https://lists.centos.org/pipermail/centos-announce/2008-February/014662.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?43cc2832"
      );
      # https://lists.centos.org/pipermail/centos-announce/2008-February/014667.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2634875c"
      );
      # https://lists.centos.org/pipermail/centos-announce/2008-February/014668.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?212996e0"
      );
      # https://lists.centos.org/pipermail/centos-announce/2008-February/014673.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?15f721aa"
      );
      # https://lists.centos.org/pipermail/centos-announce/2008-February/014674.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ecf7b57f"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected seamonkey packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(22, 79, 94, 119, 200, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-chat");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-dom-inspector");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-js-debugger");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-mail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nspr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nspr-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:seamonkey-nss-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/02/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-3", reference:"seamonkey-1.0.9-0.9.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"seamonkey-chat-1.0.9-0.9.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"seamonkey-devel-1.0.9-0.9.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"seamonkey-dom-inspector-1.0.9-0.9.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"seamonkey-js-debugger-1.0.9-0.9.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"seamonkey-mail-1.0.9-0.9.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"seamonkey-nspr-1.0.9-0.9.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"seamonkey-nspr-devel-1.0.9-0.9.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"seamonkey-nss-1.0.9-0.9.el3.centos3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"seamonkey-nss-devel-1.0.9-0.9.el3.centos3")) flag++;
    
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-1.0.9-9.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-chat-1.0.9-9.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-devel-1.0.9-9.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-dom-inspector-1.0.9-9.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-js-debugger-1.0.9-9.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-mail-1.0.9-9.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-nspr-1.0.9-9.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-nspr-devel-1.0.9-9.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-nss-1.0.9-9.el4.centos")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"seamonkey-nss-devel-1.0.9-9.el4.centos")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey / seamonkey-chat / seamonkey-devel / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0103.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Firefox displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Firefox stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way Firefox handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of Firefox. (CVE-2008-0418) A flaw was found in the way Firefox saves certain text files. If a website offers a file of type
    last seen2020-06-01
    modified2020-06-02
    plugin id30245
    published2008-02-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30245
    titleRHEL 4 / 5 : firefox (RHSA-2008:0103)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0103. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(30245);
      script_version ("1.26");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593");
      script_bugtraq_id(24293, 27406, 27683);
      script_xref(name:"RHSA", value:"2008:0103");
    
      script_name(english:"RHEL 4 / 5 : firefox (RHSA-2008:0103)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated firefox packages that fix several security issues are now
    available for Red Hat Enterprise Linux 4 and 5.
    
    This update has been rated as having critical security impact by the
    Red Hat Security Response Team.
    
    Mozilla Firefox is an open source Web browser.
    
    Several flaws were found in the way Firefox processed certain
    malformed web content. A webpage containing malicious content could
    cause Firefox to crash, or potentially execute arbitrary code as the
    user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,
    CVE-2008-0419)
    
    Several flaws were found in the way Firefox displayed malformed web
    content. A webpage containing specially crafted content could trick a
    user into surrendering sensitive information. (CVE-2008-0591,
    CVE-2008-0593)
    
    A flaw was found in the way Firefox stored password data. If a user
    saves login information for a malicious website, it could be possible
    to corrupt the password database, preventing the user from properly
    accessing saved password data. (CVE-2008-0417)
    
    A flaw was found in the way Firefox handles certain chrome URLs. If a
    user has certain extensions installed, it could allow a malicious
    website to steal sensitive session data. Note: this flaw does not
    affect a default installation of Firefox. (CVE-2008-0418)
    
    A flaw was found in the way Firefox saves certain text files. If a
    website offers a file of type 'plain/text', rather than 'text/plain',
    Firefox will not show future 'text/plain' content to the user in the
    browser, forcing them to save those files locally to view the content.
    (CVE-2008-0592)
    
    Users of firefox are advised to upgrade to these updated packages,
    which contain backported patches to resolve these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-0412"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-0413"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-0415"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-0416"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-0417"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-0418"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-0419"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-0420"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-0591"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-0592"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-0593"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2008:0103"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox and / or firefox-devel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(22, 79, 94, 200, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/02/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2008:0103";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", reference:"firefox-1.5.0.12-0.10.el4")) flag++;
    
    
      if (rpm_check(release:"RHEL5", reference:"firefox-1.5.0.12-9.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"firefox-devel-1.5.0.12-9.el5")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / firefox-devel");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLATHUNDERBIRD-5095.NASL
    descriptionThis update brings Mozilla Thunderbird to security fix level of version 2.0.0.12 Following security problems were fixed : - MFSA 2008-11/CVE-2008-0594 Web forgery overwrite with div overlay - MFSA 2008-10/CVE-2008-0593 URL token stealing via stylesheet redirect - MFSA 2008-09/CVE-2008-0592 Mishandling of locally-saved plain text files - MFSA 2008-08/CVE-2008-0591 File action dialog tampering - MFSA 2008-06/CVE-2008-0419 Web browsing history and forward navigation stealing - MFSA 2008-05/CVE-2008-0418 Directory traversal via chrome: URI - MFSA 2008-04/CVE-2008-0417 Stored password corruption - MFSA 2008-03/CVE-2008-0415 Privilege escalation, XSS, Remote Code Execution - MFSA 2008-02/CVE-2008-0414 Multiple file input focus stealing vulnerabilities - MFSA 2008-01/CVE-2008-0412 Crashes with evidence of memory corruption (rv:1.8.1.12)
    last seen2020-06-01
    modified2020-06-02
    plugin id31620
    published2008-03-19
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31620
    titleopenSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-5095)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update MozillaThunderbird-5095.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(31620);
      script_version ("1.11");
      script_cvs_date("Date: 2019/10/25 13:36:31");
    
      script_cve_id("CVE-2008-0412", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594");
    
      script_name(english:"openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-5095)");
      script_summary(english:"Check for the MozillaThunderbird-5095 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update brings Mozilla Thunderbird to security fix level of
    version 2.0.0.12
    
    Following security problems were fixed :
    
      - MFSA 2008-11/CVE-2008-0594 Web forgery overwrite with
        div overlay
    
      - MFSA 2008-10/CVE-2008-0593 URL token stealing via
        stylesheet redirect
    
      - MFSA 2008-09/CVE-2008-0592 Mishandling of locally-saved
        plain text files
    
      - MFSA 2008-08/CVE-2008-0591 File action dialog tampering
    
      - MFSA 2008-06/CVE-2008-0419 Web browsing history and
        forward navigation stealing
    
      - MFSA 2008-05/CVE-2008-0418 Directory traversal via
        chrome: URI
    
      - MFSA 2008-04/CVE-2008-0417 Stored password corruption
    
      - MFSA 2008-03/CVE-2008-0415 Privilege escalation, XSS,
        Remote Code Execution
    
      - MFSA 2008-02/CVE-2008-0414 Multiple file input focus
        stealing vulnerabilities
    
      - MFSA 2008-01/CVE-2008-0412 Crashes with evidence of
        memory corruption (rv:1.8.1.12)"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected MozillaThunderbird packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(20, 22, 79, 94, 200, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/03/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/03/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.1|SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.1", reference:"MozillaThunderbird-1.5.0.14-0.3") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"MozillaThunderbird-translations-1.5.0.14-0.3") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"MozillaThunderbird-1.5.0.14-0.3") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"MozillaThunderbird-translations-1.5.0.14-0.3") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaThunderbird");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-2060.NASL
    descriptionMozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed HTML mail content. A HTML mail message containing malicious content could cause Thunderbird to crash, or potentially execute arbitrary code as the user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Thunderbird displayed malformed HTML mail content. A HTML mail message containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Thunderbird handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious HTML mail message to steal sensitive session data. Note: this flaw does not affect a default installation of Thunderbird. (CVE-2008-0418) Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled. A flaw was found in the way Thunderbird saves certain text files. If a remote site offers a file of type
    last seen2020-06-01
    modified2020-06-02
    plugin id31314
    published2008-02-29
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31314
    titleFedora 8 : thunderbird-2.0.0.12-1.fc8 (2008-2060)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2008-2060.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(31314);
      script_version ("1.19");
      script_cvs_date("Date: 2019/08/02 13:32:27");
    
      script_cve_id("CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593");
      script_bugtraq_id(27406, 27683, 28012);
      script_xref(name:"FEDORA", value:"2008-2060");
    
      script_name(english:"Fedora 8 : thunderbird-2.0.0.12-1.fc8 (2008-2060)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Mozilla Thunderbird is a standalone mail and newsgroup client. Several
    flaws were found in the way Thunderbird processed certain malformed
    HTML mail content. A HTML mail message containing malicious content
    could cause Thunderbird to crash, or potentially execute arbitrary
    code as the user running Thunderbird. (CVE-2008-0412, CVE-2008-0413,
    CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way
    Thunderbird displayed malformed HTML mail content. A HTML mail message
    containing specially crafted content could trick a user into
    surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A
    flaw was found in the way Thunderbird handles certain chrome URLs. If
    a user has certain extensions installed, it could allow a malicious
    HTML mail message to steal sensitive session data. Note: this flaw
    does not affect a default installation of Thunderbird. (CVE-2008-0418)
    Note: JavaScript support is disabled by default in Thunderbird; the
    above issues are not exploitable unless JavaScript is enabled. A flaw
    was found in the way Thunderbird saves certain text files. If a remote
    site offers a file of type 'plain/text', rather than 'text/plain',
    Thunderbird will not show future 'text/plain' content to the user,
    forcing them to save those files locally to view the content.
    (CVE-2008-0592) Users of thunderbird are advised to upgrade to these
    updated packages, which contain backported patches to resolve these
    issues.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431732"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431733"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431739"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431748"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431749"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431750"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431751"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431752"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431756"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=435123"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/008286.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9a0a8007"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected thunderbird package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(22, 79, 119, 200, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:thunderbird");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/02/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC8", reference:"thunderbird-2.0.0.12-1.fc8")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird");
    }
    
  • NASL familyWindows
    NASL idSEAMONKEY_118.NASL
    descriptionThe installed version of SeaMonkey is affected by various security issues : - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption - Several file input focus stealing vulnerabilities that could result in uploading of arbitrary files provided their full path and file names are known. - Several issues that allow scripts from page content to escape from their sandboxed context and/or run with chrome privileges, resulting in privilege escalation, XSS, and/or remote code execution. - A directory traversal vulnerability via the
    last seen2020-06-01
    modified2020-06-02
    plugin id30210
    published2008-02-08
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/30210
    titleSeaMonkey < 1.1.8 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(30210);
      script_version("1.21");
    
      script_cve_id("CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414",
                    "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0418", "CVE-2008-0419",
                    "CVE-2008-0420", "CVE-2008-0592", "CVE-2008-0593");
      script_bugtraq_id(27406, 27683, 27826, 28012, 29303);
    
      script_name(english:"SeaMonkey < 1.1.8 Multiple Vulnerabilities");
      script_summary(english:"Checks version of SeaMonkey");
    
     script_set_attribute(attribute:"synopsis", value:
    "A web browser on the remote host is affected by multiple
    vulnerabilities." );
     script_set_attribute(attribute:"description", value:
    "The installed version of SeaMonkey is affected by various security
    issues :
    
      - Several stability bugs leading to crashes which, in
        some cases, show traces of memory corruption
    
      - Several file input focus stealing vulnerabilities
        that could result in uploading of arbitrary files
        provided their full path and file names are known.
    
      - Several issues that allow scripts from page content
        to escape from their sandboxed context and/or run
        with chrome privileges, resulting in privilege
        escalation, XSS, and/or remote code execution.
    
      - A directory traversal vulnerability via the
        'chrome:' URI.
    
      - A vulnerability involving 'designMode' frames that
        may result in web browsing history and forward
        navigation stealing.
    
      - An information disclosure issue in the BMP
        decoder.
    
      - Mis-handling of locally-saved plaintext files.
    
      - Possible disclosure of sensitive URL parameters,
        such as session tokens, via the .href property of
        stylesheet DOM nodes reflecting the final URI of
        the stylesheet after following any 302 redirects.
    
      - A heap-based buffer overflow that can be triggered
        when viewing an email with an external MIME
        body.
    
      - Multiple cross-site scripting vulnerabilities
        related to character encoding." );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-01/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-02/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-03/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-05/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-06/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-07/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-09/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-10/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-12/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2008-13/" );
     script_set_attribute(attribute:"solution", value:
    "Upgrade to SeaMonkey 1.1.8 or later." );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"true");
     script_cwe_id(20, 22, 79, 119, 200, 399);
     script_set_attribute(attribute:"plugin_publication_date", value: "2008/02/08");
     script_cvs_date("Date: 2018/07/27 18:38:15");
    script_set_attribute(attribute:"plugin_type", value:"local");
    script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:seamonkey");
    script_end_attributes();
    
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");
    
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("SeaMonkey/Version");
    
      exit(0);
    }
    
    include("mozilla_version.inc");
    port = get_kb_item("SMB/transport");
    if (!port) port = 445;
    
    installs = get_kb_list("SMB/SeaMonkey/*");
    if (isnull(installs)) audit(AUDIT_NOT_INST, "SeaMonkey");
    
    mozilla_check_version(installs:installs, product:'seamonkey', fix:'1.1.8', severity:SECURITY_HOLE);
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0105.NASL
    descriptionFrom Red Hat Security Advisory 2008:0105 : Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 27th February 2008] The erratum text has been updated to include the details of additional issues that were fixed by these erratum packages, but which were not public at the time of release. No changes have been made to the packages. Mozilla Thunderbird is a standalone mail and newsgroup client. A heap-based buffer overflow flaw was found in the way Thunderbird processed messages with external-body Multipurpose Internet Message Extensions (MIME) types. A HTML mail message containing malicious content could cause Thunderbird to execute arbitrary code as the user running Thunderbird. (CVE-2008-0304) Several flaws were found in the way Thunderbird processed certain malformed HTML mail content. A HTML mail message containing malicious content could cause Thunderbird to crash, or potentially execute arbitrary code as the user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Thunderbird displayed malformed HTML mail content. A HTML mail message containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0420, CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Thunderbird handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious HTML mail message to steal sensitive session data. Note: this flaw does not affect a default installation of Thunderbird. (CVE-2008-0418) Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled. A flaw was found in the way Thunderbird saves certain text files. If a remote site offers a file of type
    last seen2020-06-01
    modified2020-06-02
    plugin id67649
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67649
    titleOracle Linux 4 : thunderbird (ELSA-2008-0105)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2008:0105 and 
    # Oracle Linux Security Advisory ELSA-2008-0105 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67649);
      script_version("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:07");
    
      script_cve_id("CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593");
      script_bugtraq_id(24293, 27406, 27683, 28012);
      script_xref(name:"RHSA", value:"2008:0105");
    
      script_name(english:"Oracle Linux 4 : thunderbird (ELSA-2008-0105)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2008:0105 :
    
    Updated thunderbird packages that fix several security issues are now
    available for Red Hat Enterprise Linux 4 and 5.
    
    This update has been rated as having critical security impact by the
    Red Hat Security Response Team.
    
    [Updated 27th February 2008] The erratum text has been updated to
    include the details of additional issues that were fixed by these
    erratum packages, but which were not public at the time of release. No
    changes have been made to the packages.
    
    Mozilla Thunderbird is a standalone mail and newsgroup client.
    
    A heap-based buffer overflow flaw was found in the way Thunderbird
    processed messages with external-body Multipurpose Internet Message
    Extensions (MIME) types. A HTML mail message containing malicious
    content could cause Thunderbird to execute arbitrary code as the user
    running Thunderbird. (CVE-2008-0304)
    
    Several flaws were found in the way Thunderbird processed certain
    malformed HTML mail content. A HTML mail message containing malicious
    content could cause Thunderbird to crash, or potentially execute
    arbitrary code as the user running Thunderbird. (CVE-2008-0412,
    CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)
    
    Several flaws were found in the way Thunderbird displayed malformed
    HTML mail content. A HTML mail message containing specially crafted
    content could trick a user into surrendering sensitive information.
    (CVE-2008-0420, CVE-2008-0591, CVE-2008-0593)
    
    A flaw was found in the way Thunderbird handles certain chrome URLs.
    If a user has certain extensions installed, it could allow a malicious
    HTML mail message to steal sensitive session data. Note: this flaw
    does not affect a default installation of Thunderbird. (CVE-2008-0418)
    
    Note: JavaScript support is disabled by default in Thunderbird; the
    above issues are not exploitable unless JavaScript is enabled.
    
    A flaw was found in the way Thunderbird saves certain text files. If a
    remote site offers a file of type 'plain/text', rather than
    'text/plain', Thunderbird will not show future 'text/plain' content to
    the user, forcing them to save those files locally to view the
    content. (CVE-2008-0592)
    
    Users of thunderbird are advised to upgrade to these updated packages,
    which contain backported patches to resolve these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2008-February/000511.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected thunderbird package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(22, 79, 119, 200, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:thunderbird");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/02/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"thunderbird-1.5.0.12-8.el4.0.1")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"thunderbird-1.5.0.12-8.el4.0.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-1669.NASL
    description - Fri Feb 8 2008 Kai Engert <kengert at redhat.com> - 1.1.8-1 - SeaMonkey 1.1.8 - Sun Dec 2 2007 Kai Engert <kengert at redhat.com> - 1.1.7-1 - SeaMonkey 1.1.7 - Mon Nov 5 2007 Kai Engert <kengert at redhat.com> - 1.1.6-1 - SeaMonkey 1.1.6 - Fri Oct 19 2007 Kai Engert <kengert at redhat.com> - 1.1.5-1 - SeaMonkey 1.1.5 - Fri Jul 27 2007 Martin Stransky <stransky at redhat.com> - 1.1.3-2 - added pango patches - Fri Jul 20 2007 Kai Engert <kengert at redhat.com> - 1.1.3-1 - SeaMonkey 1.1.3 - Thu May 31 2007 Kai Engert <kengert at redhat.com> 1.1.2-1 - SeaMonkey 1.1.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31080
    published2008-02-14
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31080
    titleFedora 7 : seamonkey-1.1.8-1.fc7 (2008-1669)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2008-1669.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(31080);
      script_version ("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:27");
    
      script_cve_id("CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593");
      script_xref(name:"FEDORA", value:"2008-1669");
    
      script_name(english:"Fedora 7 : seamonkey-1.1.8-1.fc7 (2008-1669)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Fri Feb 8 2008 Kai Engert <kengert at redhat.com> -
        1.1.8-1
    
        - SeaMonkey 1.1.8
    
        - Sun Dec 2 2007 Kai Engert <kengert at redhat.com> -
          1.1.7-1
    
        - SeaMonkey 1.1.7
    
        - Mon Nov 5 2007 Kai Engert <kengert at redhat.com> -
          1.1.6-1
    
        - SeaMonkey 1.1.6
    
        - Fri Oct 19 2007 Kai Engert <kengert at redhat.com> -
          1.1.5-1
    
        - SeaMonkey 1.1.5
    
        - Fri Jul 27 2007 Martin Stransky <stransky at
          redhat.com> - 1.1.3-2
    
        - added pango patches
    
        - Fri Jul 20 2007 Kai Engert <kengert at redhat.com> -
          1.1.3-1
    
        - SeaMonkey 1.1.3
    
        - Thu May 31 2007 Kai Engert <kengert at redhat.com>
          1.1.2-1
    
        - SeaMonkey 1.1.2
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431732"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431733"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431739"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431742"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431748"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431749"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431751"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431752"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431756"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=432040"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007899.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?83497686"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected seamonkey package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(20, 22, 79, 94, 200, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:seamonkey");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/02/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/14");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC7", reference:"seamonkey-1.1.8-1.fc7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "seamonkey");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_EPIPHANY-5102.NASL
    descriptionThe Mozilla XULRunner 1.8.1 engine was updated to security update version 1.8.1.12. This includes fixes for the following security issues : - MFSA 2008-10/CVE-2008-0593 URL token stealing via stylesheet redirect - MFSA 2008-09/CVE-2008-0592 Mishandling of locally-saved plain text files - MFSA 2008-06/CVE-2008-0419 Web browsing history and forward navigation stealing - MFSA 2008-05/CVE-2008-0418 Directory traversal via chrome: URI - MFSA 2008-03/CVE-2008-0415 Privilege escalation, XSS, Remote Code Execution - MFSA 2008-02/CVE-2008-0414 Multiple file input focus stealing vulnerabilities - MFSA 2008-01/CVE-2008-0412 Crashes with evidence of memory corruption (rv:1.8.1.12)
    last seen2020-06-01
    modified2020-06-02
    plugin id31622
    published2008-03-19
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31622
    titleopenSUSE 10 Security Update : epiphany (epiphany-5102)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update epiphany-5102.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(31622);
      script_version ("1.9");
      script_cvs_date("Date: 2019/10/25 13:36:32");
    
      script_cve_id("CVE-2008-0412", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0592", "CVE-2008-0593");
    
      script_name(english:"openSUSE 10 Security Update : epiphany (epiphany-5102)");
      script_summary(english:"Check for the epiphany-5102 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Mozilla XULRunner 1.8.1 engine was updated to security update
    version 1.8.1.12.
    
    This includes fixes for the following security issues :
    
      - MFSA 2008-10/CVE-2008-0593 URL token stealing via
        stylesheet redirect
    
      - MFSA 2008-09/CVE-2008-0592 Mishandling of locally-saved
        plain text files
    
      - MFSA 2008-06/CVE-2008-0419 Web browsing history and
        forward navigation stealing
    
      - MFSA 2008-05/CVE-2008-0418 Directory traversal via
        chrome: URI
    
      - MFSA 2008-03/CVE-2008-0415 Privilege escalation, XSS,
        Remote Code Execution
    
      - MFSA 2008-02/CVE-2008-0414 Multiple file input focus
        stealing vulnerabilities
    
      - MFSA 2008-01/CVE-2008-0412 Crashes with evidence of
        memory corruption (rv:1.8.1.12)"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected epiphany packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(20, 22, 79, 200, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:epiphany");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:epiphany-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:epiphany-extensions");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner181");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner181-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner181-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-xulrunner181-l10n");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/03/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/03/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.2|SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2 / 10.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.2", reference:"epiphany-2.16.1-31") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"epiphany-devel-2.16.1-31") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"epiphany-extensions-2.16.1-31") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"mozilla-xulrunner181-1.8.1.12-1.2") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"mozilla-xulrunner181-devel-1.8.1.12-1.2") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"mozilla-xulrunner181-l10n-1.8.1.12-1.2") ) flag++;
    if ( rpm_check(release:"SUSE10.2", cpu:"x86_64", reference:"mozilla-xulrunner181-32bit-1.8.1.12-1.2") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"epiphany-2.20.0-8.2") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"epiphany-devel-2.20.0-8.2") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"epiphany-extensions-2.20.0-8.2") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"mozilla-xulrunner181-1.8.1.12-1.2") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"mozilla-xulrunner181-devel-1.8.1.12-1.2") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"mozilla-xulrunner181-l10n-1.8.1.12-1.2") ) flag++;
    if ( rpm_check(release:"SUSE10.3", cpu:"x86_64", reference:"mozilla-xulrunner181-32bit-1.8.1.12-1.2") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "epiphany / epiphany-devel / epiphany-extensions / etc");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0103.NASL
    descriptionFrom Red Hat Security Advisory 2008:0103 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Firefox displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Firefox stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way Firefox handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of Firefox. (CVE-2008-0418) A flaw was found in the way Firefox saves certain text files. If a website offers a file of type
    last seen2020-06-01
    modified2020-06-02
    plugin id67647
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67647
    titleOracle Linux 4 / 5 : firefox (ELSA-2008-0103)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2008:0103 and 
    # Oracle Linux Security Advisory ELSA-2008-0103 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67647);
      script_version("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:07");
    
      script_cve_id("CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0416", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593");
      script_bugtraq_id(24293, 27406, 27683);
      script_xref(name:"RHSA", value:"2008:0103");
    
      script_name(english:"Oracle Linux 4 / 5 : firefox (ELSA-2008-0103)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2008:0103 :
    
    Updated firefox packages that fix several security issues are now
    available for Red Hat Enterprise Linux 4 and 5.
    
    This update has been rated as having critical security impact by the
    Red Hat Security Response Team.
    
    Mozilla Firefox is an open source Web browser.
    
    Several flaws were found in the way Firefox processed certain
    malformed web content. A webpage containing malicious content could
    cause Firefox to crash, or potentially execute arbitrary code as the
    user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,
    CVE-2008-0419)
    
    Several flaws were found in the way Firefox displayed malformed web
    content. A webpage containing specially crafted content could trick a
    user into surrendering sensitive information. (CVE-2008-0591,
    CVE-2008-0593)
    
    A flaw was found in the way Firefox stored password data. If a user
    saves login information for a malicious website, it could be possible
    to corrupt the password database, preventing the user from properly
    accessing saved password data. (CVE-2008-0417)
    
    A flaw was found in the way Firefox handles certain chrome URLs. If a
    user has certain extensions installed, it could allow a malicious
    website to steal sensitive session data. Note: this flaw does not
    affect a default installation of Firefox. (CVE-2008-0418)
    
    A flaw was found in the way Firefox saves certain text files. If a
    website offers a file of type 'plain/text', rather than 'text/plain',
    Firefox will not show future 'text/plain' content to the user in the
    browser, forcing them to save those files locally to view the content.
    (CVE-2008-0592)
    
    Users of firefox are advised to upgrade to these updated packages,
    which contain backported patches to resolve these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2008-February/000508.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2008-February/000509.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(22, 79, 94, 200, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:firefox-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/02/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4 / 5", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"firefox-1.5.0.12-0.10.el4.0.1")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"firefox-1.5.0.12-0.10.el4.0.1")) flag++;
    
    if (rpm_check(release:"EL5", reference:"firefox-1.5.0.12-9.el5.0.1")) flag++;
    if (rpm_check(release:"EL5", reference:"firefox-devel-1.5.0.12-9.el5.0.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / firefox-devel");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-1535.NASL
    descriptionMozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed web content. A web page containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Firefox displayed malformed web content. A web page containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Firefox stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way Firefox handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of Firefox. (CVE-2008-0418) A flaw was found in the way Firefox saves certain text files. If a website offers a file of type
    last seen2020-06-01
    modified2020-06-02
    plugin id31067
    published2008-02-14
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31067
    titleFedora 8 : Miro-1.1-3.fc8 / blam-1.8.3-13.fc8 / chmsee-1.0.0-1.28.fc8 / devhelp-0.16.1-5.fc8 / etc (2008-1535)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2008-1535.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(31067);
      script_version ("1.18");
      script_cvs_date("Date: 2019/08/02 13:32:27");
    
      script_cve_id("CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0414", "CVE-2008-0415", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593", "CVE-2008-0594");
      script_xref(name:"FEDORA", value:"2008-1535");
    
      script_name(english:"Fedora 8 : Miro-1.1-3.fc8 / blam-1.8.3-13.fc8 / chmsee-1.0.0-1.28.fc8 / devhelp-0.16.1-5.fc8 / etc (2008-1535)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Mozilla Firefox is an open source Web browser. Several flaws were
    found in the way Firefox processed certain malformed web content. A
    web page containing malicious content could cause Firefox to crash, or
    potentially execute arbitrary code as the user running Firefox.
    (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several
    flaws were found in the way Firefox displayed malformed web content. A
    web page containing specially crafted content could trick a user into
    surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A
    flaw was found in the way Firefox stored password data. If a user
    saves login information for a malicious website, it could be possible
    to corrupt the password database, preventing the user from properly
    accessing saved password data. (CVE-2008-0417) A flaw was found in the
    way Firefox handles certain chrome URLs. If a user has certain
    extensions installed, it could allow a malicious website to steal
    sensitive session data. Note: this flaw does not affect a default
    installation of Firefox. (CVE-2008-0418) A flaw was found in the way
    Firefox saves certain text files. If a website offers a file of type
    'plain/text', rather than 'text/plain', Firefox will not show future
    'text/plain' content to the user in the browser, forcing them to save
    those files locally to view the content. (CVE-2008-0592) Users of
    firefox are advised to upgrade to these updated packages, which
    contain updated packages to resolve these issues.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431732"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431733"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431739"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431742"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431748"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431749"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431751"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431752"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431756"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=432036"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=432040"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007754.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?150b6c21"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007755.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b751fe08"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007756.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c8bd9950"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007757.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d571352f"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007758.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?df5f34ea"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007759.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?080b7023"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007760.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1bc21d1f"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007761.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?cb3ac43d"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007762.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?406b01bc"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007763.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?fe5d5ec2"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007764.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d0528e90"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007765.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4dd87a98"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007766.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2dbdbc11"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007767.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?67a56ae1"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007768.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?11b25edd"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007769.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?34ff5880"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(20, 22, 79, 94, 200, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:Miro");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:blam");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:chmsee");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:devhelp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:epiphany");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:epiphany-extensions");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:galeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gnome-python2-extras");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gnome-web-photo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gtkmozembedmm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kazehakase");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:liferea");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openvrml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-gnome2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:yelp");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/02/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/02/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC8", reference:"Miro-1.1-3.fc8")) flag++;
    if (rpm_check(release:"FC8", reference:"blam-1.8.3-13.fc8")) flag++;
    if (rpm_check(release:"FC8", reference:"chmsee-1.0.0-1.28.fc8")) flag++;
    if (rpm_check(release:"FC8", reference:"devhelp-0.16.1-5.fc8")) flag++;
    if (rpm_check(release:"FC8", reference:"epiphany-2.20.2-3.fc8")) flag++;
    if (rpm_check(release:"FC8", reference:"epiphany-extensions-2.20.1-5.fc8")) flag++;
    if (rpm_check(release:"FC8", reference:"firefox-2.0.0.12-1.fc8")) flag++;
    if (rpm_check(release:"FC8", reference:"galeon-2.0.4-1.fc8.2")) flag++;
    if (rpm_check(release:"FC8", reference:"gnome-python2-extras-2.19.1-12.fc8")) flag++;
    if (rpm_check(release:"FC8", reference:"gnome-web-photo-0.3-8.fc8")) flag++;
    if (rpm_check(release:"FC8", reference:"gtkmozembedmm-1.4.2.cvs20060817-18.fc8")) flag++;
    if (rpm_check(release:"FC8", reference:"kazehakase-0.5.2-1.fc8.2")) flag++;
    if (rpm_check(release:"FC8", reference:"liferea-1.4.11-2.fc8")) flag++;
    if (rpm_check(release:"FC8", reference:"openvrml-0.17.5-2.fc8")) flag++;
    if (rpm_check(release:"FC8", reference:"ruby-gnome2-0.16.0-20.fc8")) flag++;
    if (rpm_check(release:"FC8", reference:"yelp-2.20.0-7.fc8")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Miro / blam / chmsee / devhelp / epiphany / epiphany-extensions / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SEAMONKEY-5011.NASL
    descriptionThis update backports changes to Mozilla SeaMonkey to the level of the security update version 1.8.1.12 Following security problems were fixed : - MFSA 2008-11/CVE-2008-0594 Web forgery overwrite with div overlay - MFSA 2008-10/CVE-2008-0593 URL token stealing via stylesheet redirect - MFSA 2008-09/CVE-2008-0592 Mishandling of locally-saved plain text files - MFSA 2008-08/CVE-2008-0591 File action dialog tampering - MFSA 2008-06/CVE-2008-0419 Web browsing history and forward navigation stealing - MFSA 2008-05/CVE-2008-0418 Directory traversal via chrome: URI - MFSA 2008-04/CVE-2008-0417 Stored password corruption - MFSA 2008-03/CVE-2008-0415 Privilege escalation, XSS, Remote Code Execution - MFSA 2008-02/CVE-2008-0414 Multiple file input focus stealing vulnerabilities - MFSA 2008-01/CVE-2008-0412/CVE-2008-0413 Crashes with evidence of memory corruption (rv:1.8.1.12)
    last seen2020-06-01
    modified2020-06-02
    plugin id31113
    published2008-02-18
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31113
    titleopenSUSE 10 Security Update : seamonkey (seamonkey-5011)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-5002.NASL
    descriptionThis update brings Mozilla Firefox to security update version 2.0.0.12 Following security problems were fixed : - MFSA 2008-11/CVE-2008-0594 Web forgery overwrite with div overlay - MFSA 2008-10/CVE-2008-0593 URL token stealing via stylesheet redirect - MFSA 2008-09/CVE-2008-0592 Mishandling of locally-saved plain text files - MFSA 2008-08/CVE-2008-0591 File action dialog tampering - MFSA 2008-06/CVE-2008-0419 Web browsing history and forward navigation stealing - MFSA 2008-05/CVE-2008-0418 Directory traversal via chrome: URI - MFSA 2008-04/CVE-2008-0417 Stored password corruption - MFSA 2008-03/CVE-2008-0415 Privilege escalation, XSS, Remote Code Execution - MFSA 2008-02/CVE-2008-0414 Multiple file input focus stealing vulnerabilities - MFSA 2008-01/CVE-2008-0412 Crashes with evidence of memory corruption (rv:1.8.1.12)
    last seen2020-06-01
    modified2020-06-02
    plugin id31088
    published2008-02-14
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31088
    titleopenSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-5002)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-576-1.NASL
    descriptionVarious flaws were discovered in the browser and JavaScript engine. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id30252
    published2008-02-11
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30252
    titleUbuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : firefox vulnerabilities (USN-576-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0105.NASL
    descriptionUpdated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 27th February 2008] The erratum text has been updated to include the details of additional issues that were fixed by these erratum packages, but which were not public at the time of release. No changes have been made to the packages. Mozilla Thunderbird is a standalone mail and newsgroup client. A heap-based buffer overflow flaw was found in the way Thunderbird processed messages with external-body Multipurpose Internet Message Extensions (MIME) types. A HTML mail message containing malicious content could cause Thunderbird to execute arbitrary code as the user running Thunderbird. (CVE-2008-0304) Several flaws were found in the way Thunderbird processed certain malformed HTML mail content. A HTML mail message containing malicious content could cause Thunderbird to crash, or potentially execute arbitrary code as the user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Thunderbird displayed malformed HTML mail content. A HTML mail message containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0420, CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Thunderbird handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious HTML mail message to steal sensitive session data. Note: this flaw does not affect a default installation of Thunderbird. (CVE-2008-0418) Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled. A flaw was found in the way Thunderbird saves certain text files. If a remote site offers a file of type
    last seen2020-06-01
    modified2020-06-02
    plugin id30247
    published2008-02-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30247
    titleRHEL 4 / 5 : thunderbird (RHSA-2008:0105)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-2118.NASL
    descriptionMozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed HTML mail content. A HTML mail message containing malicious content could cause Thunderbird to crash, or potentially execute arbitrary code as the user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Thunderbird displayed malformed HTML mail content. A HTML mail message containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Thunderbird handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious HTML mail message to steal sensitive session data. Note: this flaw does not affect a default installation of Thunderbird. (CVE-2008-0418) Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled. A flaw was found in the way Thunderbird saves certain text files. If a remote site offers a file of type
    last seen2020-06-01
    modified2020-06-02
    plugin id31318
    published2008-02-29
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31318
    titleFedora 7 : thunderbird-2.0.0.12-1.fc7 (2008-2118)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080207_SEAMONKEY_ON_SL3_X.NASL
    descriptionSeveral flaws were found in the way SeaMonkey processed certain malformed web content. A webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way SeaMonkey displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way SeaMonkey stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way SeaMonkey handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of SeaMonkey. (CVE-2008-0418) A flaw was found in the way SeaMonkey saves certain text files. If a website offers a file of type
    last seen2020-06-01
    modified2020-06-02
    plugin id60356
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60356
    titleScientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_20012.NASL
    descriptionThe installed version of Firefox is affected by various security issues : - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption - Several file input focus stealing vulnerabilities that could result in uploading of arbitrary files provided their full path and file names are known. - Several issues that allow scripts from page content to escape from their sandboxed context and/or run with chrome privileges, resulting in privilege escalation, XSS, and/or remote code execution. - An issue that could allow a malicious site to inject newlines into the application
    last seen2020-06-01
    modified2020-06-02
    plugin id30209
    published2008-02-08
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/30209
    titleFirefox < 2.0.0.12 Multiple Vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0104.NASL
    descriptionFrom Red Hat Security Advisory 2008:0104 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed web content. A webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way SeaMonkey displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way SeaMonkey stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way SeaMonkey handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of SeaMonkey. (CVE-2008-0418) A flaw was found in the way SeaMonkey saves certain text files. If a website offers a file of type
    last seen2020-06-01
    modified2020-06-02
    plugin id67648
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67648
    titleOracle Linux 3 / 4 : seamonkey (ELSA-2008-0104)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0105.NASL
    descriptionUpdated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. [Updated 27th February 2008] The erratum text has been updated to include the details of additional issues that were fixed by these erratum packages, but which were not public at the time of release. No changes have been made to the packages. Mozilla Thunderbird is a standalone mail and newsgroup client. A heap-based buffer overflow flaw was found in the way Thunderbird processed messages with external-body Multipurpose Internet Message Extensions (MIME) types. A HTML mail message containing malicious content could cause Thunderbird to execute arbitrary code as the user running Thunderbird. (CVE-2008-0304) Several flaws were found in the way Thunderbird processed certain malformed HTML mail content. A HTML mail message containing malicious content could cause Thunderbird to crash, or potentially execute arbitrary code as the user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Thunderbird displayed malformed HTML mail content. A HTML mail message containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0420, CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Thunderbird handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious HTML mail message to steal sensitive session data. Note: this flaw does not affect a default installation of Thunderbird. (CVE-2008-0418) Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled. A flaw was found in the way Thunderbird saves certain text files. If a remote site offers a file of type
    last seen2020-06-01
    modified2020-06-02
    plugin id30222
    published2008-02-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30222
    titleCentOS 4 / 5 : thunderbird (CESA-2008:0105)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0103.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Firefox displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Firefox stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way Firefox handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of Firefox. (CVE-2008-0418) A flaw was found in the way Firefox saves certain text files. If a website offers a file of type
    last seen2020-06-01
    modified2020-06-02
    plugin id30220
    published2008-02-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30220
    titleCentOS 4 / 5 : firefox (CESA-2008:0103)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-048.NASL
    descriptionA number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.12. This update provides the latest Firefox to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37189
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37189
    titleMandriva Linux Security Advisory : mozilla-firefox (MDVSA-2008:048)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLA-XULRUNNER-5123.NASL
    descriptionThis update of the Mozilla XULRunner engine catches up on all previous security problems found in the XULRunner engine. Following security problems were fixed : - MFSA 2008-11/CVE-2008-0594 Web forgery overwrite with div overlay - MFSA 2008-10/CVE-2008-0593 URL token stealing via stylesheet redirect - MFSA 2008-09/CVE-2008-0592 Mishandling of locally-saved plain text files - MFSA 2008-08/CVE-2008-0591 File action dialog tampering - MFSA 2008-06/CVE-2008-0419 Web browsing history and forward navigation stealing - MFSA 2008-05/CVE-2008-0418 Directory traversal via chrome: URI - MFSA 2008-04/CVE-2008-0417 Stored password corruption - MFSA 2008-03/CVE-2008-0415 Privilege escalation, XSS, Remote Code Execution - MFSA 2008-02/CVE-2008-0414 Multiple file input focus stealing vulnerabilities - MFSA 2008-01/CVE-2008-0412 Crashes with evidence of memory corruption (rv:1.8.1.12)
    last seen2020-06-01
    modified2020-06-02
    plugin id31697
    published2008-03-28
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31697
    titleopenSUSE 10 Security Update : mozilla-xulrunner (mozilla-xulrunner-5123)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLA-XULRUNNER-5118.NASL
    descriptionThis update of the Mozilla XULRunner engine catches up on all previous security problems found in the XULRunner engine. Following security problems were fixed : - Web forgery overwrite with div overlay. (MFSA 2008-11 / CVE-2008-0594) - URL token stealing via stylesheet redirect. (MFSA 2008-10 / CVE-2008-0593) - Mishandling of locally-saved plain text files. (MFSA 2008-09 / CVE-2008-0592) - File action dialog tampering. (MFSA 2008-08 / CVE-2008-0591) - Web browsing history and forward navigation stealing. (MFSA 2008-06 / CVE-2008-0419) - Directory traversal via chrome: URI. (MFSA 2008-05 / CVE-2008-0418) - Stored password corruption. (MFSA 2008-04 / CVE-2008-0417) - Privilege escalation, XSS, Remote Code Execution. (MFSA 2008-03 / CVE-2008-0415) - Multiple file input focus stealing vulnerabilities. (MFSA 2008-02 / CVE-2008-0414) - Crashes with evidence of memory corruption (rv:1.8.1.12). (MFSA 2008-01 / CVE-2008-0412)
    last seen2020-06-01
    modified2020-06-02
    plugin id31696
    published2008-03-28
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31696
    titleSuSE 10 Security Update : epiphany (ZYPP Patch Number 5118)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080207_THUNDERBIRD_ON_SL4_X.NASL
    descriptionSeveral flaws were found in the way Thunderbird processed certain malformed HTML mail content. A HTML mail message containing malicious content could cause Thunderbird to crash, or potentially execute arbitrary code as the user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Thunderbird displayed malformed HTML mail content. A HTML mail message containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Thunderbird handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious HTML mail message to steal sensitive session data. Note: this flaw does not affect a default installation of Thunderbird. (CVE-2008-0418) Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled. A flaw was found in the way Thunderbird saves certain text files. If a remote site offers a file of type
    last seen2020-06-01
    modified2020-06-02
    plugin id60357
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60357
    titleScientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-1435.NASL
    descriptionMozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed web content. A web page containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Firefox displayed malformed web content. A web page containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Firefox stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way Firefox handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of Firefox. (CVE-2008-0418) A flaw was found in the way Firefox saves certain text files. If a website offers a file of type
    last seen2020-06-01
    modified2020-06-02
    plugin id31060
    published2008-02-14
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31060
    titleFedora 7 : Miro-1.1-3.fc7 / chmsee-1.0.0-1.28.fc7 / devhelp-0.13-13.fc7 / epiphany-2.18.3-6.fc7 / etc (2008-1435)
  • NASL familyWindows
    NASL idNETSCAPE_BROWSER_9006.NASL
    descriptionThe installed version of Netscape is affected by various security issues : - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption. - Several file input focus stealing vulnerabilities that could result in uploading of arbitrary files provided their full path and file names are known. - Several issues that allow scripts from page content to escape from their sandboxed context and/or run with chrome privileges, resulting in privilege escalation, XSS, and/or remote code execution. - An issue that could allow a malicious site to inject newlines into the application
    last seen2020-06-01
    modified2020-06-02
    plugin id31135
    published2008-02-22
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31135
    titleNetscape Browser < 9.0.0.6 Multiple Vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1489.NASL
    descriptionSeveral remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0412 Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2008-0413 Carsten Book, Wesley Garland, Igor Bukanov,
    last seen2020-06-01
    modified2020-06-02
    plugin id30228
    published2008-02-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30228
    titleDebian DSA-1489-1 : iceweasel - several vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_810A5197E0D911DC891A02061B08FC24.NASL
    descriptionThe Mozilla Foundation reports of multiple security issues in Firefox, SeaMonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. - Web forgery overwrite with div overlay - URL token stealing via stylesheet redirect - Mishandling of locally-saved plain text files - File action dialog tampering - Possible information disclosure in BMP decoder - Web browsing history and forward navigation stealing - Directory traversal via chrome: URI - Stored password corruption - Privilege escalation, XSS, Remote Code Execution - Multiple file input focus stealing vulnerabilities - Crashes with evidence of memory corruption (rv:1.8.1.12)
    last seen2020-06-01
    modified2020-06-02
    plugin id31155
    published2008-02-25
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31155
    titleFreeBSD : mozilla -- multiple vulnerabilities (810a5197-e0d9-11dc-891a-02061b08fc24)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-062.NASL
    descriptionA number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.12. This update provides the latest Thunderbird to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37545
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37545
    titleMandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2008:062)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0104.NASL
    descriptionUpdated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed web content. A webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way SeaMonkey displayed malformed web content. A webpage containing specially crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way SeaMonkey stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way SeaMonkey handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of SeaMonkey. (CVE-2008-0418) A flaw was found in the way SeaMonkey saves certain text files. If a website offers a file of type
    last seen2020-06-01
    modified2020-06-02
    plugin id30246
    published2008-02-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30246
    titleRHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0104)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-1459.NASL
    description - Fri Feb 8 2008 Kai Engert <kengert at redhat.com> - 1.1.8-1 - SeaMonkey 1.1.8 - Sun Dec 2 2007 Kai Engert <kengert at redhat.com> - 1.1.7-1 - SeaMonkey 1.1.7 - Mon Nov 5 2007 Kai Engert <kengert at redhat.com> - 1.1.6-1 - SeaMonkey 1.1.6 - Fri Oct 19 2007 Kai Engert <kengert at redhat.com> - 1.1.5-2 - SeaMonkey 1.1.5 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31061
    published2008-02-14
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31061
    titleFedora 8 : seamonkey-1.1.8-1.fc8 (2008-1459)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2008-061-01.NASL
    descriptionNew mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31323
    published2008-03-04
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31323
    titleSlackware 10.2 / 11.0 / 12.0 / current : mozilla-thunderbird (SSA:2008-061-01)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1484.NASL
    descriptionSeveral remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0412 Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2008-0413 Carsten Book, Wesley Garland, Igor Bukanov,
    last seen2020-06-01
    modified2020-06-02
    plugin id30224
    published2008-02-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30224
    titleDebian DSA-1484-1 : xulrunner - several vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-582-2.NASL
    descriptionUSN-582-1 fixed several vulnerabilities in Thunderbird. The upstream fixes were incomplete, and after performing certain actions Thunderbird would crash due to memory errors. This update fixes the problem. We apologize for the inconvenience. It was discovered that Thunderbird did not properly set the size of a buffer when parsing an external-body MIME-type. If a user were to open a specially crafted email, an attacker could cause a denial of service via application crash or possibly execute arbitrary code as the user. (CVE-2008-0304) Various flaws were discovered in Thunderbird and its JavaScript engine. By tricking a user into opening a malicious message, an attacker could execute arbitrary code with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id65107
    published2013-03-09
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/65107
    titleUbuntu 6.06 LTS / 6.10 / 7.04 : mozilla-thunderbird (USN-582-2)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1506.NASL
    descriptionSeveral remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the SeaMonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0412 Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson discovered crashes in the layout engine, which might allow the execution of arbitrary code. - CVE-2008-0413 Carsten Book, Wesley Garland, Igor Bukanov,
    last seen2020-06-01
    modified2020-06-02
    plugin id31150
    published2008-02-25
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31150
    titleDebian DSA-1506-1 : iceape - several vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-5001.NASL
    descriptionThis update brings Mozilla Firefox to security update version 2.0.0.12 Following security problems were fixed : - Web forgery overwrite with div overlay. (MFSA 2008-11 / CVE-2008-0594) - URL token stealing via stylesheet redirect. (MFSA 2008-10 / CVE-2008-0593) - Mishandling of locally-saved plain text files. (MFSA 2008-09 / CVE-2008-0592) - File action dialog tampering. (MFSA 2008-08 / CVE-2008-0591) - Web browsing history and forward navigation stealing. (MFSA 2008-06 / CVE-2008-0419) - Directory traversal via chrome: URI. (MFSA 2008-05 / CVE-2008-0418) - Stored password corruption. (MFSA 2008-04 / CVE-2008-0417) - Privilege escalation, XSS, Remote Code Execution. (MFSA 2008-03 / CVE-2008-0415) - Multiple file input focus stealing vulnerabilities. (MFSA 2008-02 / CVE-2008-0414) - Crashes with evidence of memory corruption (rv:1.8.1.12). (MFSA 2008-01 / CVE-2008-0412)
    last seen2020-06-01
    modified2020-06-02
    plugin id31087
    published2008-02-14
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31087
    titleSuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5001)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SEAMONKEY-5012.NASL
    descriptionThis update brings Mozilla SeaMonkey to security update version 1.8.1.12 Following security problems were fixed : - MFSA 2008-11/CVE-2008-0594 Web forgery overwrite with div overlay - MFSA 2008-10/CVE-2008-0593 URL token stealing via stylesheet redirect - MFSA 2008-09/CVE-2008-0592 Mishandling of locally-saved plain text files - MFSA 2008-08/CVE-2008-0591 File action dialog tampering - MFSA 2008-06/CVE-2008-0419 Web browsing history and forward navigation stealing - MFSA 2008-05/CVE-2008-0418 Directory traversal via chrome: URI - MFSA 2008-04/CVE-2008-0417 Stored password corruption - MFSA 2008-03/CVE-2008-0415 Privilege escalation, XSS, Remote Code Execution - MFSA 2008-02/CVE-2008-0414 Multiple file input focus stealing vulnerabilities - MFSA 2008-01/CVE-2008-0412/CVE-2008-0413 Crashes with evidence of memory corruption (rv:1.8.1.12)
    last seen2020-06-01
    modified2020-06-02
    plugin id31114
    published2008-02-18
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31114
    titleopenSUSE 10 Security Update : seamonkey (seamonkey-5012)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLATHUNDERBIRD-5098.NASL
    descriptionThis update brings Mozilla Thunderbird to security update version 2.0.0.12 Following security problems were fixed : - MFSA 2008-11/CVE-2008-0594 Web forgery overwrite with div overlay - MFSA 2008-10/CVE-2008-0593 URL token stealing via stylesheet redirect - MFSA 2008-09/CVE-2008-0592 Mishandling of locally-saved plain text files - MFSA 2008-08/CVE-2008-0591 File action dialog tampering - MFSA 2008-06/CVE-2008-0419 Web browsing history and forward navigation stealing - MFSA 2008-05/CVE-2008-0418 Directory traversal via chrome: URI - MFSA 2008-04/CVE-2008-0417 Stored password corruption - MFSA 2008-03/CVE-2008-0415 Privilege escalation, XSS, Remote Code Execution - MFSA 2008-02/CVE-2008-0414 Multiple file input focus stealing vulnerabilities - MFSA 2008-01/CVE-2008-0412 Crashes with evidence of memory corruption (rv:1.8.1.12)
    last seen2020-06-01
    modified2020-06-02
    plugin id31602
    published2008-03-17
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31602
    titleopenSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-5098)

Oval

accepted2013-04-29T04:07:55.247-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionDirectory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.
familyunix
idoval:org.mitre.oval:def:10705
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleDirectory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.
version27

Redhat

advisories
  • rhsa
    idRHSA-2008:0103
  • rhsa
    idRHSA-2008:0104
  • rhsa
    idRHSA-2008:0105
rpms
  • firefox-0:1.5.0.12-0.10.el4
  • firefox-0:1.5.0.12-9.el5
  • firefox-debuginfo-0:1.5.0.12-0.10.el4
  • firefox-debuginfo-0:1.5.0.12-9.el5
  • seamonkey-0:1.0.9-0.9.el2
  • seamonkey-0:1.0.9-0.9.el3
  • seamonkey-0:1.0.9-9.el4
  • seamonkey-chat-0:1.0.9-0.9.el2
  • seamonkey-chat-0:1.0.9-0.9.el3
  • seamonkey-chat-0:1.0.9-9.el4
  • seamonkey-debuginfo-0:1.0.9-0.9.el3
  • seamonkey-debuginfo-0:1.0.9-9.el4
  • seamonkey-devel-0:1.0.9-0.9.el2
  • seamonkey-devel-0:1.0.9-0.9.el3
  • seamonkey-devel-0:1.0.9-9.el4
  • seamonkey-dom-inspector-0:1.0.9-0.9.el2
  • seamonkey-dom-inspector-0:1.0.9-0.9.el3
  • seamonkey-dom-inspector-0:1.0.9-9.el4
  • seamonkey-js-debugger-0:1.0.9-0.9.el2
  • seamonkey-js-debugger-0:1.0.9-0.9.el3
  • seamonkey-js-debugger-0:1.0.9-9.el4
  • seamonkey-mail-0:1.0.9-0.9.el2
  • seamonkey-mail-0:1.0.9-0.9.el3
  • seamonkey-mail-0:1.0.9-9.el4
  • seamonkey-nspr-0:1.0.9-0.9.el2
  • seamonkey-nspr-0:1.0.9-0.9.el3
  • seamonkey-nspr-devel-0:1.0.9-0.9.el2
  • seamonkey-nspr-devel-0:1.0.9-0.9.el3
  • seamonkey-nss-0:1.0.9-0.9.el2
  • seamonkey-nss-0:1.0.9-0.9.el3
  • seamonkey-nss-devel-0:1.0.9-0.9.el2
  • seamonkey-nss-devel-0:1.0.9-0.9.el3
  • thunderbird-0:1.5.0.12-8.el4
  • thunderbird-0:1.5.0.12-8.el5
  • thunderbird-debuginfo-0:1.5.0.12-8.el4
  • thunderbird-debuginfo-0:1.5.0.12-8.el5

References